fix: correct comment formatting in TestGenerateKnownNeedsExpressions #13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | ||
|
Check failure on line 1 in .github/workflows/daily-mcp-concurrency-analysis.lock.yml
|
||
| # ___ _ _ | ||
| # / _ \ | | (_) | ||
| # | |_| | __ _ ___ _ __ | |_ _ ___ | ||
| # | _ |/ _` |/ _ \ '_ \| __| |/ __| | ||
| # | | | | (_| | __/ | | | |_| | (__ | ||
| # \_| |_/\__, |\___|_| |_|\__|_|\___| | ||
| # __/ | | ||
| # _ _ |___/ | ||
| # | | | | / _| | | ||
| # | | | | ___ _ __ _ __| |_| | _____ ____ | ||
| # | |/\| |/ _ \ '__| |/ /| _| |/ _ \ \ /\ / / ___| | ||
| # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ | ||
| # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ | ||
| # | ||
| # This file was automatically generated by gh-aw. DO NOT EDIT. | ||
| # | ||
| # To update this file, edit the corresponding .md file and run: | ||
| # gh aw compile | ||
| # Not all edits will cause changes to this file. | ||
| # | ||
| # For more information: https://github.github.com/gh-aw/introduction/overview/ | ||
| # | ||
| # Performs deep-dive concurrency analysis on each safe-outputs MCP server tool to ensure thread-safety and detect race conditions | ||
| # | ||
| # Resolved workflow manifest: | ||
| # Imports: | ||
| # - shared/reporting.md | ||
| # - shared/safe-output-app.md | ||
| # | ||
| # gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"5765ae9ba5004b023e4faac7e9dd99034645dc3267d9ed0962cb3ba9b41e519a"} | ||
| name: "Daily MCP Tool Concurrency Analysis" | ||
| "on": | ||
| schedule: | ||
| - cron: "0 9 * * 1-5" | ||
| workflow_dispatch: | ||
| permissions: {} | ||
| concurrency: | ||
| group: "gh-aw-${{ github.workflow }}" | ||
| run-name: "Daily MCP Tool Concurrency Analysis" | ||
| jobs: | ||
| activation: | ||
| runs-on: ubuntu-slim | ||
| permissions: | ||
| contents: read | ||
| outputs: | ||
| comment_id: "" | ||
| comment_repo: "" | ||
| steps: | ||
| - name: Checkout actions folder | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| sparse-checkout: | | ||
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup | ||
| with: | ||
| destination: /opt/gh-aw/actions | ||
| - name: Validate context variables | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/validate_context_variables.cjs'); | ||
| await main(); | ||
| - name: Checkout .github and .agents folders | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| sparse-checkout: | | ||
| .github | ||
| .agents | ||
| fetch-depth: 1 | ||
| persist-credentials: false | ||
| - name: Check workflow file timestamps | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_WORKFLOW_FILE: "daily-mcp-concurrency-analysis.lock.yml" | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); | ||
| await main(); | ||
| - name: Create prompt with built-in context | ||
| env: | ||
| GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} | ||
| GH_AW_GITHUB_ACTOR: ${{ github.actor }} | ||
| GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} | ||
| GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} | ||
| GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} | ||
| GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | ||
| GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} | ||
| GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} | ||
| GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} | ||
| run: | | ||
| bash /opt/gh-aw/actions/create_prompt_first.sh | ||
| { | ||
| cat << 'GH_AW_PROMPT_EOF' | ||
| <system> | ||
| GH_AW_PROMPT_EOF | ||
| cat "/opt/gh-aw/prompts/xpia.md" | ||
| cat "/opt/gh-aw/prompts/temp_folder_prompt.md" | ||
| cat "/opt/gh-aw/prompts/markdown.md" | ||
| cat "/opt/gh-aw/prompts/cache_memory_prompt.md" | ||
| cat "/opt/gh-aw/prompts/safe_outputs_prompt.md" | ||
| cat << 'GH_AW_PROMPT_EOF' | ||
| <safe-output-tools> | ||
| Tools: create_issue, create_agent_session, missing_tool, missing_data | ||
| </safe-output-tools> | ||
| <github-context> | ||
| The following GitHub context information is available for this workflow: | ||
| {{#if __GH_AW_GITHUB_ACTOR__ }} | ||
| - **actor**: __GH_AW_GITHUB_ACTOR__ | ||
| {{/if}} | ||
| {{#if __GH_AW_GITHUB_REPOSITORY__ }} | ||
| - **repository**: __GH_AW_GITHUB_REPOSITORY__ | ||
| {{/if}} | ||
| {{#if __GH_AW_GITHUB_WORKSPACE__ }} | ||
| - **workspace**: __GH_AW_GITHUB_WORKSPACE__ | ||
| {{/if}} | ||
| {{#if __GH_AW_GITHUB_EVENT_ISSUE_NUMBER__ }} | ||
| - **issue-number**: #__GH_AW_GITHUB_EVENT_ISSUE_NUMBER__ | ||
| {{/if}} | ||
| {{#if __GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER__ }} | ||
| - **discussion-number**: #__GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER__ | ||
| {{/if}} | ||
| {{#if __GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER__ }} | ||
| - **pull-request-number**: #__GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER__ | ||
| {{/if}} | ||
| {{#if __GH_AW_GITHUB_EVENT_COMMENT_ID__ }} | ||
| - **comment-id**: __GH_AW_GITHUB_EVENT_COMMENT_ID__ | ||
| {{/if}} | ||
| {{#if __GH_AW_GITHUB_RUN_ID__ }} | ||
| - **workflow-run-id**: __GH_AW_GITHUB_RUN_ID__ | ||
| {{/if}} | ||
| </github-context> | ||
| GH_AW_PROMPT_EOF | ||
| cat << 'GH_AW_PROMPT_EOF' | ||
| </system> | ||
| GH_AW_PROMPT_EOF | ||
| cat << 'GH_AW_PROMPT_EOF' | ||
| {{#runtime-import .github/workflows/shared/reporting.md}} | ||
| GH_AW_PROMPT_EOF | ||
| cat << 'GH_AW_PROMPT_EOF' | ||
| {{#runtime-import .github/workflows/shared/safe-output-app.md}} | ||
| GH_AW_PROMPT_EOF | ||
| cat << 'GH_AW_PROMPT_EOF' | ||
| {{#runtime-import .github/workflows/daily-mcp-concurrency-analysis.md}} | ||
| GH_AW_PROMPT_EOF | ||
| } > "$GH_AW_PROMPT" | ||
| - name: Interpolate variables and render templates | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} | ||
| GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/interpolate_prompt.cjs'); | ||
| await main(); | ||
| - name: Substitute placeholders | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| GH_AW_ALLOWED_EXTENSIONS: '' | ||
| GH_AW_CACHE_DESCRIPTION: '' | ||
| GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/' | ||
| GH_AW_GITHUB_ACTOR: ${{ github.actor }} | ||
| GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} | ||
| GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} | ||
| GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} | ||
| GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | ||
| GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} | ||
| GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} | ||
| GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const substitutePlaceholders = require('/opt/gh-aw/actions/substitute_placeholders.cjs'); | ||
| // Call the substitution function | ||
| return await substitutePlaceholders({ | ||
| file: process.env.GH_AW_PROMPT, | ||
| substitutions: { | ||
| GH_AW_ALLOWED_EXTENSIONS: process.env.GH_AW_ALLOWED_EXTENSIONS, | ||
| GH_AW_CACHE_DESCRIPTION: process.env.GH_AW_CACHE_DESCRIPTION, | ||
| GH_AW_CACHE_DIR: process.env.GH_AW_CACHE_DIR, | ||
| GH_AW_GITHUB_ACTOR: process.env.GH_AW_GITHUB_ACTOR, | ||
| GH_AW_GITHUB_EVENT_COMMENT_ID: process.env.GH_AW_GITHUB_EVENT_COMMENT_ID, | ||
| GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: process.env.GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER, | ||
| GH_AW_GITHUB_EVENT_ISSUE_NUMBER: process.env.GH_AW_GITHUB_EVENT_ISSUE_NUMBER, | ||
| GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: process.env.GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER, | ||
| GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, | ||
| GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID, | ||
| GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE | ||
| } | ||
| }); | ||
| - name: Validate prompt placeholders | ||
| env: | ||
| GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| run: bash /opt/gh-aw/actions/validate_prompt_placeholders.sh | ||
| - name: Print prompt | ||
| env: | ||
| GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| run: bash /opt/gh-aw/actions/print_prompt_summary.sh | ||
| - name: Upload prompt artifact | ||
| if: success() | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| with: | ||
| name: prompt | ||
| path: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| retention-days: 1 | ||
| agent: | ||
| needs: activation | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| issues: read | ||
| pull-requests: read | ||
| concurrency: | ||
| group: "gh-aw-copilot-${{ github.workflow }}" | ||
| env: | ||
| DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | ||
| GH_AW_ASSETS_ALLOWED_EXTS: "" | ||
| GH_AW_ASSETS_BRANCH: "" | ||
| GH_AW_ASSETS_MAX_SIZE_KB: 0 | ||
| GH_AW_MCP_LOG_DIR: /tmp/gh-aw/mcp-logs/safeoutputs | ||
| GH_AW_SAFE_OUTPUTS: /opt/gh-aw/safeoutputs/outputs.jsonl | ||
| GH_AW_SAFE_OUTPUTS_CONFIG_PATH: /opt/gh-aw/safeoutputs/config.json | ||
| GH_AW_SAFE_OUTPUTS_TOOLS_PATH: /opt/gh-aw/safeoutputs/tools.json | ||
| GH_AW_WORKFLOW_ID_SANITIZED: dailymcpconcurrencyanalysis | ||
| outputs: | ||
| checkout_pr_success: ${{ steps.checkout-pr.outputs.checkout_pr_success || 'true' }} | ||
| detection_conclusion: ${{ steps.detection_conclusion.outputs.conclusion }} | ||
| detection_success: ${{ steps.detection_conclusion.outputs.success }} | ||
| has_patch: ${{ steps.collect_output.outputs.has_patch }} | ||
| model: ${{ steps.generate_aw_info.outputs.model }} | ||
| output: ${{ steps.collect_output.outputs.output }} | ||
| output_types: ${{ steps.collect_output.outputs.output_types }} | ||
| secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} | ||
| steps: | ||
| - name: Checkout actions folder | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| sparse-checkout: | | ||
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup | ||
| with: | ||
| destination: /opt/gh-aw/actions | ||
| - name: Checkout repository | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Create gh-aw temp directory | ||
| run: bash /opt/gh-aw/actions/create_gh_aw_tmp_dir.sh | ||
| # Cache memory file share configuration from frontmatter processed below | ||
| - name: Create cache-memory directory | ||
| run: bash /opt/gh-aw/actions/create_cache_memory_dir.sh | ||
| - name: Restore cache-memory file share data | ||
| uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | ||
| with: | ||
| key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} | ||
| path: /tmp/gh-aw/cache-memory | ||
| restore-keys: | | ||
| memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- | ||
| - name: Configure Git credentials | ||
| env: | ||
| REPO_NAME: ${{ github.repository }} | ||
| SERVER_URL: ${{ github.server_url }} | ||
| run: | | ||
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config --global user.name "github-actions[bot]" | ||
| git config --global am.keepcr true | ||
| # Re-authenticate git with GitHub token | ||
| SERVER_URL_STRIPPED="${SERVER_URL#https://}" | ||
| git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" | ||
| echo "Git configured with standard GitHub Actions identity" | ||
| - name: Checkout PR branch | ||
| id: checkout-pr | ||
| if: | | ||
| github.event.pull_request | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| with: | ||
| github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/checkout_pr_branch.cjs'); | ||
| await main(); | ||
| - name: Generate agentic run info | ||
| id: generate_aw_info | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| with: | ||
| script: | | ||
| const fs = require('fs'); | ||
| const awInfo = { | ||
| engine_id: "copilot", | ||
| engine_name: "GitHub Copilot CLI", | ||
| model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", | ||
| version: "", | ||
| agent_version: "0.0.415", | ||
| workflow_name: "Daily MCP Tool Concurrency Analysis", | ||
| experimental: false, | ||
| supports_tools_allowlist: true, | ||
| run_id: context.runId, | ||
| run_number: context.runNumber, | ||
| run_attempt: process.env.GITHUB_RUN_ATTEMPT, | ||
| repository: context.repo.owner + '/' + context.repo.repo, | ||
| ref: context.ref, | ||
| sha: context.sha, | ||
| actor: context.actor, | ||
| event_name: context.eventName, | ||
| staged: false, | ||
| allowed_domains: ["defaults"], | ||
| firewall_enabled: true, | ||
| awf_version: "v0.20.2", | ||
| awmg_version: "v0.1.5", | ||
| steps: { | ||
| firewall: "squid" | ||
| }, | ||
| created_at: new Date().toISOString() | ||
| }; | ||
| // Write to /tmp/gh-aw directory to avoid inclusion in PR | ||
| const tmpPath = '/tmp/gh-aw/aw_info.json'; | ||
| fs.writeFileSync(tmpPath, JSON.stringify(awInfo, null, 2)); | ||
| console.log('Generated aw_info.json at:', tmpPath); | ||
| console.log(JSON.stringify(awInfo, null, 2)); | ||
| // Set model as output for reuse in other steps/jobs | ||
| core.setOutput('model', awInfo.model); | ||
| - name: Validate COPILOT_GITHUB_TOKEN secret | ||
| id: validate-secret | ||
| run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.com/gh-aw/reference/engines/#github-copilot-default | ||
| env: | ||
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | ||
| - name: Install GitHub Copilot CLI | ||
| run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.415 | ||
| - name: Install awf binary | ||
| run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.20.2 | ||
| - name: Determine automatic lockdown mode for GitHub MCP Server | ||
| id: determine-automatic-lockdown | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} | ||
| GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} | ||
| with: | ||
| script: | | ||
| const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); | ||
| await determineAutomaticLockdown(github, context, core); | ||
| - name: Download container images | ||
| run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.20.2 ghcr.io/github/gh-aw-firewall/api-proxy:0.20.2 ghcr.io/github/gh-aw-firewall/squid:0.20.2 ghcr.io/github/gh-aw-mcpg:v0.1.5 ghcr.io/github/github-mcp-server:v0.31.0 ghcr.io/github/serena-mcp-server:latest node:lts-alpine | ||
| - name: Write Safe Outputs Config | ||
| run: | | ||
| mkdir -p /opt/gh-aw/safeoutputs | ||
| mkdir -p /tmp/gh-aw/safeoutputs | ||
| mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs | ||
| cat > /opt/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_EOF' | ||
| {"create_agent_session":{"max":3},"create_issue":{"expires":168,"max":5},"missing_data":{},"missing_tool":{},"noop":{"max":1}} | ||
| GH_AW_SAFE_OUTPUTS_CONFIG_EOF | ||
| cat > /opt/gh-aw/safeoutputs/tools.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_EOF' | ||
| [ | ||
| { | ||
| "description": "Create a new GitHub issue for tracking bugs, feature requests, or tasks. Use this for actionable work items that need assignment, labeling, and status tracking. For reports, announcements, or status updates that don't require task tracking, use create_discussion instead. CONSTRAINTS: Maximum 5 issue(s) can be created. Title will be prefixed with \"[concurrency] \". Labels [bug concurrency thread-safety automated-analysis cookie] will be automatically added.", | ||
| "inputSchema": { | ||
| "additionalProperties": false, | ||
| "properties": { | ||
| "body": { | ||
| "description": "Detailed issue description in Markdown. Do NOT repeat the title as a heading since it already appears as the issue's h1. Include context, reproduction steps, or acceptance criteria as appropriate.", | ||
| "type": "string" | ||
| }, | ||
| "labels": { | ||
| "description": "Labels to categorize the issue (e.g., 'bug', 'enhancement'). Labels must exist in the repository.", | ||
| "items": { | ||
| "type": "string" | ||
| }, | ||
| "type": "array" | ||
| }, | ||
| "parent": { | ||
| "description": "Parent issue number for creating sub-issues. This is the numeric ID from the GitHub URL (e.g., 42 in github.com/owner/repo/issues/42). Can also be a temporary_id (e.g., 'aw_abc123', 'aw_Test123') from a previously created issue in the same workflow run.", | ||
| "type": [ | ||
| "number", | ||
| "string" | ||
| ] | ||
| }, | ||
| "temporary_id": { | ||
| "description": "Unique temporary identifier for referencing this issue before it's created. Format: 'aw_' followed by 3 to 8 alphanumeric characters (e.g., 'aw_abc1', 'aw_Test123'). Use '#aw_ID' in body text to reference other issues by their temporary_id; these are replaced with actual issue numbers after creation.", | ||
| "pattern": "^aw_[A-Za-z0-9]{3,8}$", | ||
| "type": "string" | ||
| }, | ||
| "title": { | ||
| "description": "Concise issue title summarizing the bug, feature, or task. The title appears as the main heading, so keep it brief and descriptive.", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "title", | ||
| "body" | ||
| ], | ||
| "type": "object" | ||
| }, | ||
| "name": "create_issue" | ||
| }, | ||
| { | ||
| "description": "Create a GitHub Copilot coding agent session to delegate coding work. Use this when you need another Copilot coding agent to implement code changes, fix bugs, or complete development tasks. The task becomes a new issue that triggers the Copilot coding agent. For non-coding tasks or manual work items, use create_issue instead. CONSTRAINTS: Maximum 3 agent task(s) can be created.", | ||
| "inputSchema": { | ||
| "additionalProperties": false, | ||
| "properties": { | ||
| "body": { | ||
| "description": "Clear, detailed task description for the Copilot coding agent. Include specific files to modify, expected behavior, acceptance criteria, and any constraints. The description should be actionable and self-contained.", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "body" | ||
| ], | ||
| "type": "object" | ||
| }, | ||
| "name": "create_agent_session" | ||
| }, | ||
| { | ||
| "description": "Report that a tool or capability needed to complete the task is not available, or share any information you deem important about missing functionality or limitations. Use this when you cannot accomplish what was requested because the required functionality is missing or access is restricted.", | ||
| "inputSchema": { | ||
| "additionalProperties": false, | ||
| "properties": { | ||
| "alternatives": { | ||
| "description": "Any workarounds, manual steps, or alternative approaches the user could take (max 256 characters).", | ||
| "type": "string" | ||
| }, | ||
| "reason": { | ||
| "description": "Explanation of why this tool is needed or what information you want to share about the limitation (max 256 characters).", | ||
| "type": "string" | ||
| }, | ||
| "tool": { | ||
| "description": "Optional: Name or description of the missing tool or capability (max 128 characters). Be specific about what functionality is needed.", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "reason" | ||
| ], | ||
| "type": "object" | ||
| }, | ||
| "name": "missing_tool" | ||
| }, | ||
| { | ||
| "description": "Log a transparency message when no significant actions are needed. Use this to confirm workflow completion and provide visibility when analysis is complete but no changes or outputs are required (e.g., 'No issues found', 'All checks passed'). This ensures the workflow produces human-visible output even when no other actions are taken.", | ||
| "inputSchema": { | ||
| "additionalProperties": false, | ||
| "properties": { | ||
| "message": { | ||
| "description": "Status or completion message to log. Should explain what was analyzed and the outcome (e.g., 'Code review complete - no issues found', 'Analysis complete - all tests passing').", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "message" | ||
| ], | ||
| "type": "object" | ||
| }, | ||
| "name": "noop" | ||
| }, | ||
| { | ||
| "description": "Report that data or information needed to complete the task is not available. Use this when you cannot accomplish what was requested because required data, context, or information is missing.", | ||
| "inputSchema": { | ||
| "additionalProperties": false, | ||
| "properties": { | ||
| "alternatives": { | ||
| "description": "Any workarounds, manual steps, or alternative approaches the user could take (max 256 characters).", | ||
| "type": "string" | ||
| }, | ||
| "context": { | ||
| "description": "Additional context about the missing data or where it should come from (max 256 characters).", | ||
| "type": "string" | ||
| }, | ||
| "data_type": { | ||
| "description": "Type or description of the missing data or information (max 128 characters). Be specific about what data is needed.", | ||
| "type": "string" | ||
| }, | ||
| "reason": { | ||
| "description": "Explanation of why this data is needed to complete the task (max 256 characters).", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [], | ||
| "type": "object" | ||
| }, | ||
| "name": "missing_data" | ||
| } | ||
| ] | ||
| GH_AW_SAFE_OUTPUTS_TOOLS_EOF | ||
| cat > /opt/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_EOF' | ||
| { | ||
| "create_agent_session": { | ||
| "defaultMax": 1, | ||
| "fields": { | ||
| "body": { | ||
| "required": true, | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 65000 | ||
| }, | ||
| "repo": { | ||
| "type": "string", | ||
| "maxLength": 256 | ||
| } | ||
| } | ||
| }, | ||
| "create_issue": { | ||
| "defaultMax": 1, | ||
| "fields": { | ||
| "body": { | ||
| "required": true, | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 65000 | ||
| }, | ||
| "labels": { | ||
| "type": "array", | ||
| "itemType": "string", | ||
| "itemSanitize": true, | ||
| "itemMaxLength": 128 | ||
| }, | ||
| "parent": { | ||
| "issueOrPRNumber": true | ||
| }, | ||
| "repo": { | ||
| "type": "string", | ||
| "maxLength": 256 | ||
| }, | ||
| "temporary_id": { | ||
| "type": "string" | ||
| }, | ||
| "title": { | ||
| "required": true, | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 128 | ||
| } | ||
| } | ||
| }, | ||
| "missing_data": { | ||
| "defaultMax": 20, | ||
| "fields": { | ||
| "alternatives": { | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 256 | ||
| }, | ||
| "context": { | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 256 | ||
| }, | ||
| "data_type": { | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 128 | ||
| }, | ||
| "reason": { | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 256 | ||
| } | ||
| } | ||
| }, | ||
| "missing_tool": { | ||
| "defaultMax": 20, | ||
| "fields": { | ||
| "alternatives": { | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 512 | ||
| }, | ||
| "reason": { | ||
| "required": true, | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 256 | ||
| }, | ||
| "tool": { | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 128 | ||
| } | ||
| } | ||
| }, | ||
| "noop": { | ||
| "defaultMax": 1, | ||
| "fields": { | ||
| "message": { | ||
| "required": true, | ||
| "type": "string", | ||
| "sanitize": true, | ||
| "maxLength": 65000 | ||
| } | ||
| } | ||
| } | ||
| } | ||
| GH_AW_SAFE_OUTPUTS_VALIDATION_EOF | ||
| - name: Generate Safe Outputs MCP Server Config | ||
| id: safe-outputs-config | ||
| run: | | ||
| # Generate a secure random API key (360 bits of entropy, 40+ chars) | ||
| # Mask immediately to prevent timing vulnerabilities | ||
| API_KEY=$(openssl rand -base64 45 | tr -d '/+=') | ||
| echo "::add-mask::${API_KEY}" | ||
| PORT=3001 | ||
| # Set outputs for next steps | ||
| { | ||
| echo "safe_outputs_api_key=${API_KEY}" | ||
| echo "safe_outputs_port=${PORT}" | ||
| } >> "$GITHUB_OUTPUT" | ||
| echo "Safe Outputs MCP server will run on port ${PORT}" | ||
| - name: Start Safe Outputs MCP HTTP Server | ||
| id: safe-outputs-start | ||
| env: | ||
| DEBUG: '*' | ||
| GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-config.outputs.safe_outputs_port }} | ||
| GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-config.outputs.safe_outputs_api_key }} | ||
| GH_AW_SAFE_OUTPUTS_TOOLS_PATH: /opt/gh-aw/safeoutputs/tools.json | ||
| GH_AW_SAFE_OUTPUTS_CONFIG_PATH: /opt/gh-aw/safeoutputs/config.json | ||
| GH_AW_MCP_LOG_DIR: /tmp/gh-aw/mcp-logs/safeoutputs | ||
| run: | | ||
| # Environment variables are set above to prevent template injection | ||
| export DEBUG | ||
| export GH_AW_SAFE_OUTPUTS_PORT | ||
| export GH_AW_SAFE_OUTPUTS_API_KEY | ||
| export GH_AW_SAFE_OUTPUTS_TOOLS_PATH | ||
| export GH_AW_SAFE_OUTPUTS_CONFIG_PATH | ||
| export GH_AW_MCP_LOG_DIR | ||
| bash /opt/gh-aw/actions/start_safe_outputs_server.sh | ||
| - name: Start MCP Gateway | ||
| id: start-mcp-gateway | ||
| env: | ||
| GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} | ||
| GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} | ||
| GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }} | ||
| GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} | ||
| GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| set -eo pipefail | ||
| mkdir -p /tmp/gh-aw/mcp-config | ||
| # Export gateway environment variables for MCP config and gateway script | ||
| export MCP_GATEWAY_PORT="80" | ||
| export MCP_GATEWAY_DOMAIN="host.docker.internal" | ||
| MCP_GATEWAY_API_KEY=$(openssl rand -base64 45 | tr -d '/+=') | ||
| echo "::add-mask::${MCP_GATEWAY_API_KEY}" | ||
| export MCP_GATEWAY_API_KEY | ||
| export MCP_GATEWAY_PAYLOAD_DIR="/tmp/gh-aw/mcp-payloads" | ||
| mkdir -p "${MCP_GATEWAY_PAYLOAD_DIR}" | ||
| export DEBUG="*" | ||
| export GH_AW_ENGINE="copilot" | ||
| export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.1.5' | ||
| mkdir -p /home/runner/.copilot | ||
| cat << GH_AW_MCP_CONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh | ||
| { | ||
| "mcpServers": { | ||
| "github": { | ||
| "type": "stdio", | ||
| "container": "ghcr.io/github/github-mcp-server:v0.31.0", | ||
| "env": { | ||
| "GITHUB_LOCKDOWN_MODE": "$GITHUB_MCP_LOCKDOWN", | ||
| "GITHUB_PERSONAL_ACCESS_TOKEN": "\${GITHUB_MCP_SERVER_TOKEN}", | ||
| "GITHUB_READ_ONLY": "1", | ||
| "GITHUB_TOOLSETS": "context,repos,issues,pull_requests" | ||
| } | ||
| }, | ||
| "safeoutputs": { | ||
| "type": "http", | ||
| "url": "http://host.docker.internal:$GH_AW_SAFE_OUTPUTS_PORT", | ||
| "headers": { | ||
| "Authorization": "\${GH_AW_SAFE_OUTPUTS_API_KEY}" | ||
| } | ||
| }, | ||
| "serena": { | ||
| "type": "stdio", | ||
| "container": "ghcr.io/github/serena-mcp-server:latest", | ||
| "args": ["--network", "host"], | ||
| "entrypoint": "serena", | ||
| "entrypointArgs": ["start-mcp-server", "--context", "codex", "--project", "\${GITHUB_WORKSPACE}"], | ||
| "mounts": ["\${GITHUB_WORKSPACE}:\${GITHUB_WORKSPACE}:rw"] | ||
| } | ||
| }, | ||
| "gateway": { | ||
| "port": $MCP_GATEWAY_PORT, | ||
| "domain": "${MCP_GATEWAY_DOMAIN}", | ||
| "apiKey": "${MCP_GATEWAY_API_KEY}", | ||
| "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" | ||
| } | ||
| } | ||
| GH_AW_MCP_CONFIG_EOF | ||
| - name: Generate workflow overview | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| with: | ||
| script: | | ||
| const { generateWorkflowOverview } = require('/opt/gh-aw/actions/generate_workflow_overview.cjs'); | ||
| await generateWorkflowOverview(core); | ||
| - name: Download prompt artifact | ||
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | ||
| with: | ||
| name: prompt | ||
| path: /tmp/gh-aw/aw-prompts | ||
| - name: Clean git credentials | ||
| run: bash /opt/gh-aw/actions/clean_git_credentials.sh | ||
| - name: Execute GitHub Copilot CLI | ||
| id: agentic_execution | ||
| # Copilot CLI tool arguments (sorted): | ||
| # --allow-tool github | ||
| # --allow-tool safeoutputs | ||
| # --allow-tool shell(cat actions/setup/js/*.cjs) | ||
| # --allow-tool shell(cat pkg/workflow/js/safe_outputs_tools.json) | ||
| # --allow-tool shell(cat) | ||
| # --allow-tool shell(date) | ||
| # --allow-tool shell(echo) | ||
| # --allow-tool shell(find actions/setup/js -name '*.cjs' ! -name '*.test.cjs' -type f) | ||
| # --allow-tool shell(grep -r 'let \|var \|const ' actions/setup/js --include='*.cjs') | ||
| # --allow-tool shell(grep -r 'module.exports' actions/setup/js --include='*.cjs') | ||
| # --allow-tool shell(grep) | ||
| # --allow-tool shell(head -n * actions/setup/js/*.cjs) | ||
| # --allow-tool shell(head) | ||
| # --allow-tool shell(ls) | ||
| # --allow-tool shell(pwd) | ||
| # --allow-tool shell(sort) | ||
| # --allow-tool shell(tail) | ||
| # --allow-tool shell(uniq) | ||
| # --allow-tool shell(wc) | ||
| # --allow-tool shell(yq) | ||
| # --allow-tool write | ||
| timeout-minutes: 45 | ||
| run: | | ||
| set -o pipefail | ||
| sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.20.2 --skip-pull --enable-api-proxy \ | ||
| -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-tool github --allow-tool safeoutputs --allow-tool '\''shell(cat actions/setup/js/*.cjs)'\'' --allow-tool '\''shell(cat pkg/workflow/js/safe_outputs_tools.json)'\'' --allow-tool '\''shell(cat)'\'' --allow-tool '\''shell(date)'\'' --allow-tool '\''shell(echo)'\'' --allow-tool '\''shell(find actions/setup/js -name '\''\'\'''\''*.cjs'\''\'\'''\'' ! -name '\''\'\'''\''*.test.cjs'\''\'\'''\'' -type f)'\'' --allow-tool '\''shell(grep -r '\''\'\'''\''let \|var \|const '\''\'\'''\'' actions/setup/js --include='\''\'\'''\''*.cjs'\''\'\'''\'')'\'' --allow-tool '\''shell(grep -r '\''\'\'''\''module.exports'\''\'\'''\'' actions/setup/js --include='\''\'\'''\''*.cjs'\''\'\'''\'')'\'' --allow-tool '\''shell(grep)'\'' --allow-tool '\''shell(head -n * actions/setup/js/*.cjs)'\'' --allow-tool '\''shell(head)'\'' --allow-tool '\''shell(ls)'\'' --allow-tool '\''shell(pwd)'\'' --allow-tool '\''shell(sort)'\'' --allow-tool '\''shell(tail)'\'' --allow-tool '\''shell(uniq)'\'' --allow-tool '\''shell(wc)'\'' --allow-tool '\''shell(yq)'\'' --allow-tool write --add-dir /tmp/gh-aw/cache-memory/ --allow-all-paths --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"}' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log | ||
| env: | ||
| COPILOT_AGENT_RUNNER_TYPE: STANDALONE | ||
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | ||
| GH_AW_MCP_CONFIG: /home/runner/.copilot/mcp-config.json | ||
| GH_AW_MODEL_AGENT_COPILOT: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} | ||
| GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} | ||
| GITHUB_HEAD_REF: ${{ github.head_ref }} | ||
| GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| GITHUB_REF_NAME: ${{ github.ref_name }} | ||
| GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} | ||
| GITHUB_WORKSPACE: ${{ github.workspace }} | ||
| XDG_CONFIG_HOME: /home/runner | ||
| - name: Configure Git credentials | ||
| env: | ||
| REPO_NAME: ${{ github.repository }} | ||
| SERVER_URL: ${{ github.server_url }} | ||
| run: | | ||
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config --global user.name "github-actions[bot]" | ||
| git config --global am.keepcr true | ||
| # Re-authenticate git with GitHub token | ||
| SERVER_URL_STRIPPED="${SERVER_URL#https://}" | ||
| git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" | ||
| echo "Git configured with standard GitHub Actions identity" | ||
| - name: Copy Copilot session state files to logs | ||
| if: always() | ||
| continue-on-error: true | ||
| run: | | ||
| # Copy Copilot session state files to logs folder for artifact collection | ||
| # This ensures they are in /tmp/gh-aw/ where secret redaction can scan them | ||
| SESSION_STATE_DIR="$HOME/.copilot/session-state" | ||
| LOGS_DIR="/tmp/gh-aw/sandbox/agent/logs" | ||
| if [ -d "$SESSION_STATE_DIR" ]; then | ||
| echo "Copying Copilot session state files from $SESSION_STATE_DIR to $LOGS_DIR" | ||
| mkdir -p "$LOGS_DIR" | ||
| cp -v "$SESSION_STATE_DIR"/*.jsonl "$LOGS_DIR/" 2>/dev/null || true | ||
| echo "Session state files copied successfully" | ||
| else | ||
| echo "No session-state directory found at $SESSION_STATE_DIR" | ||
| fi | ||
| - name: Stop MCP Gateway | ||
| if: always() | ||
| continue-on-error: true | ||
| env: | ||
| MCP_GATEWAY_PORT: ${{ steps.start-mcp-gateway.outputs.gateway-port }} | ||
| MCP_GATEWAY_API_KEY: ${{ steps.start-mcp-gateway.outputs.gateway-api-key }} | ||
| GATEWAY_PID: ${{ steps.start-mcp-gateway.outputs.gateway-pid }} | ||
| run: | | ||
| bash /opt/gh-aw/actions/stop_mcp_gateway.sh "$GATEWAY_PID" | ||
| - name: Redact secrets in logs | ||
| if: always() | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/redact_secrets.cjs'); | ||
| await main(); | ||
| env: | ||
| GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' | ||
| SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | ||
| SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} | ||
| SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} | ||
| SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Upload Safe Outputs | ||
| if: always() | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| with: | ||
| name: safe-output | ||
| path: ${{ env.GH_AW_SAFE_OUTPUTS }} | ||
| if-no-files-found: warn | ||
| - name: Ingest agent output | ||
| id: collect_output | ||
| if: always() | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} | ||
| GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" | ||
| GITHUB_SERVER_URL: ${{ github.server_url }} | ||
| GITHUB_API_URL: ${{ github.api_url }} | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/collect_ndjson_output.cjs'); | ||
| await main(); | ||
| - name: Upload sanitized agent output | ||
| if: always() && env.GH_AW_AGENT_OUTPUT | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| with: | ||
| name: agent-output | ||
| path: ${{ env.GH_AW_AGENT_OUTPUT }} | ||
| if-no-files-found: warn | ||
| # --- Threat Detection (inline) --- | ||
| - name: Check if detection needed | ||
| id: detection_guard | ||
| if: always() | ||
| env: | ||
| OUTPUT_TYPES: ${{ steps.collect_output.outputs.output_types }} | ||
| HAS_PATCH: ${{ steps.collect_output.outputs.has_patch }} | ||
| run: | | ||
| if [[ -n "$OUTPUT_TYPES" || "$HAS_PATCH" == "true" ]]; then | ||
| echo "run_detection=true" >> "$GITHUB_OUTPUT" | ||
| echo "Detection will run: output_types=$OUTPUT_TYPES, has_patch=$HAS_PATCH" | ||
| else | ||
| echo "run_detection=false" >> "$GITHUB_OUTPUT" | ||
| echo "Detection skipped: no agent outputs or patches to analyze" | ||
| fi | ||
| - name: Prepare threat detection files | ||
| if: always() && steps.detection_guard.outputs.run_detection == 'true' | ||
| run: | | ||
| mkdir -p /tmp/gh-aw/threat-detection/aw-prompts | ||
| cp /tmp/gh-aw/aw-prompts/prompt.txt /tmp/gh-aw/threat-detection/aw-prompts/prompt.txt 2>/dev/null || true | ||
| cp /tmp/gh-aw/agent_output.json /tmp/gh-aw/threat-detection/agent_output.json 2>/dev/null || true | ||
| for f in /tmp/gh-aw/aw-*.patch; do | ||
| [ -f "$f" ] && cp "$f" /tmp/gh-aw/threat-detection/ 2>/dev/null || true | ||
| done | ||
| echo "Prepared threat detection files:" | ||
| ls -la /tmp/gh-aw/threat-detection/ 2>/dev/null || true | ||
| - name: Setup threat detection | ||
| if: always() && steps.detection_guard.outputs.run_detection == 'true' | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| WORKFLOW_NAME: "Daily MCP Tool Concurrency Analysis" | ||
| WORKFLOW_DESCRIPTION: "Performs deep-dive concurrency analysis on each safe-outputs MCP server tool to ensure thread-safety and detect race conditions" | ||
| HAS_PATCH: ${{ steps.collect_output.outputs.has_patch }} | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/setup_threat_detection.cjs'); | ||
| await main(); | ||
| - name: Ensure threat-detection directory and log | ||
| if: always() && steps.detection_guard.outputs.run_detection == 'true' | ||
| run: | | ||
| mkdir -p /tmp/gh-aw/threat-detection | ||
| touch /tmp/gh-aw/threat-detection/detection.log | ||
| - name: Execute GitHub Copilot CLI | ||
| if: always() && steps.detection_guard.outputs.run_detection == 'true' | ||
| id: agentic_execution | ||
| # Copilot CLI tool arguments (sorted): | ||
| # --allow-tool shell(cat) | ||
| # --allow-tool shell(grep) | ||
| # --allow-tool shell(head) | ||
| # --allow-tool shell(jq) | ||
| # --allow-tool shell(ls) | ||
| # --allow-tool shell(tail) | ||
| # --allow-tool shell(wc) | ||
| timeout-minutes: 20 | ||
| run: | | ||
| set -o pipefail | ||
| sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org,telemetry.enterprise.githubcopilot.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.20.2 --skip-pull --enable-api-proxy \ | ||
| -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-tool '\''shell(cat)'\'' --allow-tool '\''shell(grep)'\'' --allow-tool '\''shell(head)'\'' --allow-tool '\''shell(jq)'\'' --allow-tool '\''shell(ls)'\'' --allow-tool '\''shell(tail)'\'' --allow-tool '\''shell(wc)'\'' --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_DETECTION_COPILOT:+ --model "$GH_AW_MODEL_DETECTION_COPILOT"}' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log | ||
| env: | ||
| COPILOT_AGENT_RUNNER_TYPE: STANDALONE | ||
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | ||
| GH_AW_MODEL_DETECTION_COPILOT: ${{ vars.GH_AW_MODEL_DETECTION_COPILOT || '' }} | ||
| GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt | ||
| GITHUB_HEAD_REF: ${{ github.head_ref }} | ||
| GITHUB_REF_NAME: ${{ github.ref_name }} | ||
| GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} | ||
| GITHUB_WORKSPACE: ${{ github.workspace }} | ||
| XDG_CONFIG_HOME: /home/runner | ||
| - name: Parse threat detection results | ||
| id: parse_detection_results | ||
| if: always() && steps.detection_guard.outputs.run_detection == 'true' | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/parse_threat_detection_results.cjs'); | ||
| await main(); | ||
| - name: Upload threat detection log | ||
| if: always() && steps.detection_guard.outputs.run_detection == 'true' | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| with: | ||
| name: threat-detection.log | ||
| path: /tmp/gh-aw/threat-detection/detection.log | ||
| if-no-files-found: ignore | ||
| - name: Set detection conclusion | ||
| id: detection_conclusion | ||
| if: always() | ||
| env: | ||
| RUN_DETECTION: ${{ steps.detection_guard.outputs.run_detection }} | ||
| DETECTION_SUCCESS: ${{ steps.parse_detection_results.outputs.success }} | ||
| run: | | ||
| if [[ "$RUN_DETECTION" != "true" ]]; then | ||
| echo "conclusion=skipped" >> "$GITHUB_OUTPUT" | ||
| echo "success=true" >> "$GITHUB_OUTPUT" | ||
| echo "Detection was not needed, marking as skipped" | ||
| elif [[ "$DETECTION_SUCCESS" == "true" ]]; then | ||
| echo "conclusion=success" >> "$GITHUB_OUTPUT" | ||
| echo "success=true" >> "$GITHUB_OUTPUT" | ||
| echo "Detection passed successfully" | ||
| else | ||
| echo "conclusion=failure" >> "$GITHUB_OUTPUT" | ||
| echo "success=false" >> "$GITHUB_OUTPUT" | ||
| echo "Detection found issues" | ||
| fi | ||
| - name: Upload engine output files | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| with: | ||
| name: agent_outputs | ||
| path: | | ||
| /tmp/gh-aw/sandbox/agent/logs/ | ||
| /tmp/gh-aw/redacted-urls.log | ||
| if-no-files-found: ignore | ||
| - name: Parse agent logs for step summary | ||
| if: always() | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/parse_copilot_log.cjs'); | ||
| await main(); | ||
| - name: Parse MCP Gateway logs for step summary | ||
| if: always() | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| with: | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/parse_mcp_gateway_log.cjs'); | ||
| await main(); | ||
| - name: Print firewall logs | ||
| if: always() | ||
| continue-on-error: true | ||
| env: | ||
| AWF_LOGS_DIR: /tmp/gh-aw/sandbox/firewall/logs | ||
| run: | | ||
| # Fix permissions on firewall logs so they can be uploaded as artifacts | ||
| # AWF runs with sudo, creating files owned by root | ||
| sudo chmod -R a+r /tmp/gh-aw/sandbox/firewall/logs 2>/dev/null || true | ||
| # Only run awf logs summary if awf command exists (it may not be installed if workflow failed before install step) | ||
| if command -v awf &> /dev/null; then | ||
| awf logs summary | tee -a "$GITHUB_STEP_SUMMARY" | ||
| else | ||
| echo 'AWF binary not installed, skipping firewall log summary' | ||
| fi | ||
| - name: Upload cache-memory data as artifact | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| if: always() | ||
| with: | ||
| name: cache-memory | ||
| path: /tmp/gh-aw/cache-memory | ||
| - name: Upload agent artifacts | ||
| if: always() | ||
| continue-on-error: true | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| with: | ||
| name: agent-artifacts | ||
| path: | | ||
| /tmp/gh-aw/aw-prompts/prompt.txt | ||
| /tmp/gh-aw/aw_info.json | ||
| /tmp/gh-aw/mcp-logs/ | ||
| /tmp/gh-aw/sandbox/firewall/logs/ | ||
| /tmp/gh-aw/agent-stdio.log | ||
| /tmp/gh-aw/agent/ | ||
| if-no-files-found: ignore | ||
| conclusion: | ||
| needs: | ||
| - activation | ||
| - agent | ||
| - safe_outputs | ||
| - update_cache_memory | ||
| if: (always()) && (needs.agent.result != 'skipped') | ||
| runs-on: ubuntu-slim | ||
| permissions: | ||
| contents: read | ||
| issues: write | ||
| outputs: | ||
| noop_message: ${{ steps.noop.outputs.noop_message }} | ||
| tools_reported: ${{ steps.missing_tool.outputs.tools_reported }} | ||
| total_count: ${{ steps.missing_tool.outputs.total_count }} | ||
| steps: | ||
| - name: Checkout actions folder | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| sparse-checkout: | | ||
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup | ||
| with: | ||
| destination: /opt/gh-aw/actions | ||
| - name: Download agent output artifact | ||
| continue-on-error: true | ||
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | ||
| with: | ||
| name: agent-output | ||
| path: /tmp/gh-aw/safeoutputs/ | ||
| - name: Setup agent output environment variable | ||
| run: | | ||
| mkdir -p /tmp/gh-aw/safeoutputs/ | ||
| find "/tmp/gh-aw/safeoutputs/" -type f -print | ||
| echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" | ||
| - name: Process No-Op Messages | ||
| id: noop | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} | ||
| GH_AW_NOOP_MAX: "1" | ||
| GH_AW_WORKFLOW_NAME: "Daily MCP Tool Concurrency Analysis" | ||
| GH_AW_TRACKER_ID: "mcp-concurrency-analysis" | ||
| with: | ||
| github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/noop.cjs'); | ||
| await main(); | ||
| - name: Record Missing Tool | ||
| id: missing_tool | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} | ||
| GH_AW_WORKFLOW_NAME: "Daily MCP Tool Concurrency Analysis" | ||
| GH_AW_TRACKER_ID: "mcp-concurrency-analysis" | ||
| with: | ||
| github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/missing_tool.cjs'); | ||
| await main(); | ||
| - name: Handle Agent Failure | ||
| id: handle_agent_failure | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} | ||
| GH_AW_WORKFLOW_NAME: "Daily MCP Tool Concurrency Analysis" | ||
| GH_AW_TRACKER_ID: "mcp-concurrency-analysis" | ||
| GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | ||
| GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} | ||
| GH_AW_WORKFLOW_ID: "daily-mcp-concurrency-analysis" | ||
| GH_AW_SECRET_VERIFICATION_RESULT: ${{ needs.agent.outputs.secret_verification_result }} | ||
| GH_AW_CHECKOUT_PR_SUCCESS: ${{ needs.agent.outputs.checkout_pr_success }} | ||
| GH_AW_GROUP_REPORTS: "false" | ||
| with: | ||
| github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); | ||
| await main(); | ||
| - name: Handle No-Op Message | ||
| id: handle_noop_message | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} | ||
| GH_AW_WORKFLOW_NAME: "Daily MCP Tool Concurrency Analysis" | ||
| GH_AW_TRACKER_ID: "mcp-concurrency-analysis" | ||
| GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | ||
| GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} | ||
| GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} | ||
| GH_AW_NOOP_REPORT_AS_ISSUE: "true" | ||
| with: | ||
| github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); | ||
| await main(); | ||
| safe_outputs: | ||
| needs: agent | ||
| if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (needs.agent.outputs.detection_success == 'true') | ||
| runs-on: ubuntu-slim | ||
| permissions: | ||
| contents: read | ||
| issues: write | ||
| timeout-minutes: 15 | ||
| env: | ||
| GH_AW_ENGINE_ID: "copilot" | ||
| GH_AW_TRACKER_ID: "mcp-concurrency-analysis" | ||
| GH_AW_WORKFLOW_ID: "daily-mcp-concurrency-analysis" | ||
| GH_AW_WORKFLOW_NAME: "Daily MCP Tool Concurrency Analysis" | ||
| outputs: | ||
| code_push_failure_count: ${{ steps.process_safe_outputs.outputs.code_push_failure_count }} | ||
| code_push_failure_errors: ${{ steps.process_safe_outputs.outputs.code_push_failure_errors }} | ||
| create_agent_session_session_number: ${{ steps.create_agent_session.outputs.session_number }} | ||
| create_agent_session_session_url: ${{ steps.create_agent_session.outputs.session_url }} | ||
| create_discussion_error_count: ${{ steps.process_safe_outputs.outputs.create_discussion_error_count }} | ||
| create_discussion_errors: ${{ steps.process_safe_outputs.outputs.create_discussion_errors }} | ||
| process_safe_outputs_processed_count: ${{ steps.process_safe_outputs.outputs.processed_count }} | ||
| process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} | ||
| steps: | ||
| - name: Checkout actions folder | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| sparse-checkout: | | ||
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup | ||
| with: | ||
| destination: /opt/gh-aw/actions | ||
| - name: Download agent output artifact | ||
| continue-on-error: true | ||
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | ||
| with: | ||
| name: agent-output | ||
| path: /tmp/gh-aw/safeoutputs/ | ||
| - name: Setup agent output environment variable | ||
| run: | | ||
| mkdir -p /tmp/gh-aw/safeoutputs/ | ||
| find "/tmp/gh-aw/safeoutputs/" -type f -print | ||
| echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" | ||
| - name: Process Safe Outputs | ||
| id: process_safe_outputs | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} | ||
| GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_agent_session\":{\"max\":3},\"create_issue\":{\"expires\":168,\"labels\":[\"bug\",\"concurrency\",\"thread-safety\",\"automated-analysis\",\"cookie\"],\"max\":5,\"title_prefix\":\"[concurrency] \"},\"missing_data\":{},\"missing_tool\":{}}" | ||
| with: | ||
| github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/safe_output_handler_manager.cjs'); | ||
| await main(); | ||
| - name: Create Agent Session | ||
| id: create_agent_session | ||
| if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_agent_session')) | ||
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | ||
| env: | ||
| GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} | ||
| with: | ||
| github-token: ${{ secrets.COPILOT_GITHUB_TOKEN }} | ||
| script: | | ||
| const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); | ||
| setupGlobals(core, github, context, exec, io); | ||
| const { main } = require('/opt/gh-aw/actions/create_agent_session.cjs'); await main(); | ||
| - name: Upload safe output items manifest | ||
| if: always() | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | ||
| with: | ||
| name: safe-output-items | ||
| path: /tmp/safe-output-items.jsonl | ||
| if-no-files-found: warn | ||
| update_cache_memory: | ||
| needs: agent | ||
| if: always() && needs.agent.outputs.detection_success == 'true' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| env: | ||
| GH_AW_WORKFLOW_ID_SANITIZED: dailymcpconcurrencyanalysis | ||
| steps: | ||
| - name: Checkout actions folder | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| with: | ||
| sparse-checkout: | | ||
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup | ||
| with: | ||
| destination: /opt/gh-aw/actions | ||
| - name: Download cache-memory artifact (default) | ||
| id: download_cache_default | ||
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | ||
| continue-on-error: true | ||
| with: | ||
| name: cache-memory | ||
| path: /tmp/gh-aw/cache-memory | ||
| - name: Check if cache-memory folder has content (default) | ||
| id: check_cache_default | ||
| shell: bash | ||
| run: | | ||
| if [ -d "/tmp/gh-aw/cache-memory" ] && [ "$(ls -A /tmp/gh-aw/cache-memory 2>/dev/null)" ]; then | ||
| echo "has_content=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "has_content=false" >> "$GITHUB_OUTPUT" | ||
| fi | ||
| - name: Save cache-memory to cache (default) | ||
| if: steps.check_cache_default.outputs.has_content == 'true' | ||
| uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | ||
| with: | ||
| key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} | ||
| path: /tmp/gh-aw/cache-memory | ||
