Fix support for custom named COPILOT_GITHUB_TOKEN secret

[racedale]

Context: Our org has an org level secret (for example ORG_GITHUB_COPILOT_TOKEN) that we want to use instead of tying repos to personal PAT tokens, which is undesirable for many reasons - not least of which that the agentic workflows stop working if that person leaves the org.

Benefit is also that we can track the copilot usage separate from individual users.

Want to be able to use a custom secret name for the copilot token since these org secrets are not visible to most users in the org.

[pelikhan]

use

engine:
  id: copilot
  env:
    COPILOT_GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_COPILOT_TOKEN }}

[racedale]

use

engine:
  id: copilot
  env:
    COPILOT_GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_COPILOT_TOKEN }}

@pelikhan Thanks that seems like it should work, but get errors that None of the following secrets are set: COPILOT_GITHUB_TOKEN.

Seems like the gh aw compile step did remove it from some parts of the lock file but not all of them. There are still places directly referencing secrets.COPILOT_GITHUB_TOKEN, like validate-secret step

My compiled file for reference showing where secrets.COPILOT_GITHUB_TOKEN is still expected: daily-doc-updater.lock.yml

---

Edit: more detailed logs of the error

2026-02-23T21:55:19.2874508Z ##[group]Run /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.com/gh-aw/reference/engines/#github-copilot-default
2026-02-23T21:55:19.2876931Z �[36;1m/opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.com/gh-aw/reference/engines/#github-copilot-default�[0m
2026-02-23T21:55:19.2910090Z shell: /usr/bin/bash -e {0}
2026-02-23T21:55:19.2910330Z env:
2026-02-23T21:55:19.2910494Z   DEFAULT_BRANCH: main
2026-02-23T21:55:19.2910707Z   GH_AW_ASSETS_ALLOWED_EXTS: 
2026-02-23T21:55:19.2910936Z   GH_AW_ASSETS_BRANCH: 
2026-02-23T21:55:19.2911130Z   GH_AW_ASSETS_MAX_SIZE_KB: 0
2026-02-23T21:55:19.2911395Z   GH_AW_MCP_LOG_DIR: /tmp/gh-aw/mcp-logs/safeoutputs
2026-02-23T21:55:19.2911738Z   GH_AW_SAFE_OUTPUTS: /opt/gh-aw/safeoutputs/outputs.jsonl
2026-02-23T21:55:19.2912119Z   GH_AW_SAFE_OUTPUTS_CONFIG_PATH: /opt/gh-aw/safeoutputs/config.json
2026-02-23T21:55:19.2912564Z   GH_AW_SAFE_OUTPUTS_TOOLS_PATH: /opt/gh-aw/safeoutputs/tools.json
2026-02-23T21:55:19.2912912Z   GH_AW_WORKFLOW_ID_SANITIZED: glossarymaintainer
2026-02-23T21:55:19.2913182Z   COPILOT_GITHUB_TOKEN: 
2026-02-23T21:55:19.2913374Z ##[endgroup]
2026-02-23T21:55:19.2987821Z Error: None of the following secrets are set: COPILOT_GITHUB_TOKEN
2026-02-23T21:55:19.2990164Z The GitHub Copilot CLI engine requires either COPILOT_GITHUB_TOKEN secret to be configured.

[pelikhan]

See #18005 to disable validate when custom env keys are present.

[pelikhan]

#18017