diff --git a/.github/workflows/ai-triage-campaign.lock.yml b/.github/workflows/ai-triage-campaign.lock.yml index e8ceb689d4..dd57ab3228 100644 --- a/.github/workflows/ai-triage-campaign.lock.yml +++ b/.github/workflows/ai-triage-campaign.lock.yml @@ -162,8 +162,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -385,7 +385,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6489,7 +6489,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index 267010a9e6..37b3abf0c6 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -268,8 +268,8 @@ # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd # - actions/setup-go@v5 (d35c59abb061a4a6fb18e82ac0862c26744d6ab5) # https://github.com/actions/setup-go/commit/d35c59abb061a4a6fb18e82ac0862c26744d6ab5 -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/setup-python@v5 (a26af69be951a213d495a4c3e4e4022e16d87065) # https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) @@ -1874,7 +1874,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7534,7 +7534,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 0a7e8ed5a9..473b28178d 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -218,14 +218,14 @@ # Pinned GitHub Actions: # - actions/checkout@v5 (93cb6efe18208431cddfb8368fd83d5badbf9bfd) # https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd -# - actions/create-github-app-token@v2 (29824e69f54612133e76f7eaac726eef6c875baf) -# https://github.com/actions/create-github-app-token/commit/29824e69f54612133e76f7eaac726eef6c875baf +# - actions/create-github-app-token@v2 (7e473efe3cb98aa54f8d4bac15400b15fad77d94) +# https://github.com/actions/create-github-app-token/commit/7e473efe3cb98aa54f8d4bac15400b15fad77d94 # - actions/download-artifact@v6 (018cc2cf5baa6db3ef3c5f8a56943fffe632ef53) # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -442,7 +442,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -5404,7 +5404,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} @@ -5905,7 +5905,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} @@ -6778,7 +6778,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index ee2987646d..9a21068fd9 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -435,8 +435,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -655,7 +655,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6629,7 +6629,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 1ab56bc26b..1306f295b5 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -182,8 +182,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -1758,7 +1758,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7324,7 +7324,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 3ae909fb9e..031f7baae0 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -247,8 +247,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -468,7 +468,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7219,7 +7219,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 305057492e..b14c7f6d73 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -316,14 +316,14 @@ # Pinned GitHub Actions: # - actions/checkout@v5 (93cb6efe18208431cddfb8368fd83d5badbf9bfd) # https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd -# - actions/create-github-app-token@v2 (29824e69f54612133e76f7eaac726eef6c875baf) -# https://github.com/actions/create-github-app-token/commit/29824e69f54612133e76f7eaac726eef6c875baf +# - actions/create-github-app-token@v2 (7e473efe3cb98aa54f8d4bac15400b15fad77d94) +# https://github.com/actions/create-github-app-token/commit/7e473efe3cb98aa54f8d4bac15400b15fad77d94 # - actions/download-artifact@v6 (018cc2cf5baa6db3ef3c5f8a56943fffe632ef53) # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -1313,7 +1313,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -5891,7 +5891,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} @@ -6684,7 +6684,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} @@ -7198,7 +7198,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index c6e4791478..98eb413a1b 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -246,8 +246,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -468,7 +468,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6719,7 +6719,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 6eec6444fe..488f8279fd 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -392,8 +392,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -615,7 +615,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6504,7 +6504,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 81f0bb3924..0b4d820c44 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -413,8 +413,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -635,7 +635,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -8253,7 +8253,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index 9de80eb9a7..9f49dc3be7 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -340,8 +340,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -1921,7 +1921,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7676,7 +7676,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 1d7f4351e1..670e09d1b3 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -90,8 +90,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -901,7 +901,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6871,7 +6871,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index b219d04765..2d68dbce0e 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -148,8 +148,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -967,7 +967,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -5915,7 +5915,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 1e16f10417..a591b207ab 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -380,16 +380,16 @@ # Pinned GitHub Actions: # - actions/checkout@v5 (93cb6efe18208431cddfb8368fd83d5badbf9bfd) # https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd -# - actions/create-github-app-token@v2 (29824e69f54612133e76f7eaac726eef6c875baf) -# https://github.com/actions/create-github-app-token/commit/29824e69f54612133e76f7eaac726eef6c875baf +# - actions/create-github-app-token@v2 (7e473efe3cb98aa54f8d4bac15400b15fad77d94) +# https://github.com/actions/create-github-app-token/commit/7e473efe3cb98aa54f8d4bac15400b15fad77d94 # - actions/download-artifact@v6 (018cc2cf5baa6db3ef3c5f8a56943fffe632ef53) # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd # - actions/setup-go@v5 (d35c59abb061a4a6fb18e82ac0862c26744d6ab5) # https://github.com/actions/setup-go/commit/d35c59abb061a4a6fb18e82ac0862c26744d6ab5 -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/setup-python@v5 (a26af69be951a213d495a4c3e4e4022e16d87065) # https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) @@ -627,7 +627,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -5237,7 +5237,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} @@ -5742,7 +5742,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} @@ -6524,7 +6524,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 306c0ceae0..dc7722503a 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -357,8 +357,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 # - github/codeql-action/upload-sarif@v3 (4248455a6f2335bc3b7a8a62932f000050ec8f13) @@ -579,7 +579,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index ee5de4ceba..0bbed8706e 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -195,8 +195,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -423,7 +423,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6125,7 +6125,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 7d68c0c5b6..cc039ae284 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -195,8 +195,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -417,7 +417,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6585,7 +6585,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 8e766ed65f..1f18b80e82 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -251,8 +251,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -471,7 +471,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6687,7 +6687,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 6c867d9b48..c17ded378f 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -509,8 +509,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -733,7 +733,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7332,7 +7332,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index fda79a7536..c67fe607f6 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -193,8 +193,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -1016,7 +1016,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6580,7 +6580,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index e094fa835e..248e0c23e0 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -48,12 +48,13 @@ # conclusion["conclusion"] # detection["detection"] # activation --> agent +# activation --> conclusion # agent --> assign_to_agent -# detection --> assign_to_agent # agent --> conclusion -# activation --> conclusion -# assign_to_agent --> conclusion # agent --> detection +# assign_to_agent --> conclusion +# detection --> assign_to_agent +# detection --> conclusion # ``` # # Original Prompt: @@ -223,6 +224,7 @@ jobs: GH_AW_SAFE_OUTPUTS: /tmp/gh-aw/safeoutputs/outputs.jsonl outputs: has_patch: ${{ steps.collect_output.outputs.has_patch }} + model: ${{ steps.generate_aw_info.outputs.model }} output: ${{ steps.collect_output.outputs.output }} output_types: ${{ steps.collect_output.outputs.output_types }} steps: @@ -233,26 +235,27 @@ jobs: - name: Create gh-aw temp directory run: | mkdir -p /tmp/gh-aw/agent + mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} run: | git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" # Re-authenticate git with GitHub token - SERVER_URL="${{ github.server_url }}" - SERVER_URL="${SERVER_URL#https://}" - git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL}/${REPO_NAME}.git" + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Checkout PR branch if: | github.event.pull_request uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: - GH_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: - github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | async function main() { const eventName = context.eventName; @@ -286,12 +289,20 @@ jobs: - name: Validate CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret run: | if [ -z "$CLAUDE_CODE_OAUTH_TOKEN" ] && [ -z "$ANTHROPIC_API_KEY" ]; then + { + echo "❌ Error: Neither CLAUDE_CODE_OAUTH_TOKEN nor ANTHROPIC_API_KEY secret is set" + echo "The Claude Code engine requires either CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret to be configured." + echo "Please configure one of these secrets in your repository settings." + echo "Documentation: https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code" + } >> "$GITHUB_STEP_SUMMARY" echo "Error: Neither CLAUDE_CODE_OAUTH_TOKEN nor ANTHROPIC_API_KEY secret is set" echo "The Claude Code engine requires either CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret to be configured." echo "Please configure one of these secrets in your repository settings." echo "Documentation: https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code" exit 1 fi + + # Log success to stdout (not step summary) if [ -n "$CLAUDE_CODE_OAUTH_TOKEN" ]; then echo "CLAUDE_CODE_OAUTH_TOKEN secret is configured" else @@ -306,7 +317,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Claude Code CLI - run: npm install -g @anthropic-ai/claude-code@2.0.56 + run: npm install -g @anthropic-ai/claude-code@2.0.61 - name: Generate Claude Settings run: | mkdir -p /tmp/gh-aw/.claude @@ -419,8 +430,8 @@ jobs: - name: Downloading container images run: | set -e - docker pull ghcr.io/github/github-mcp-server:v0.24.0 - - name: Setup Safe Outputs Collector MCP + docker pull ghcr.io/github/github-mcp-server:v0.24.1 + - name: Write Safe Outputs Config run: | mkdir -p /tmp/gh-aw/safeoutputs cat > /tmp/gh-aw/safeoutputs/config.json << 'EOF' @@ -548,182 +559,14 @@ jobs: } } EOF + - name: Write Safe Outputs JavaScript Files + run: | cat > /tmp/gh-aw/safeoutputs/mcp-server.cjs << 'EOF' const fs = require("fs"); const path = require("path"); - const crypto = require("crypto"); - function normalizeBranchName(branchName) { - if (!branchName || typeof branchName !== "string" || branchName.trim() === "") { - return branchName; - } - let normalized = branchName.replace(/[^a-zA-Z0-9\-_/.]+/g, "-"); - normalized = normalized.replace(/-+/g, "-"); - normalized = normalized.replace(/^-+|-+$/g, ""); - if (normalized.length > 128) { - normalized = normalized.substring(0, 128); - } - normalized = normalized.replace(/-+$/, ""); - normalized = normalized.toLowerCase(); - return normalized; - } - function estimateTokens(text) { - if (!text) return 0; - return Math.ceil(text.length / 4); - } - function generateCompactSchema(content) { - try { - const parsed = JSON.parse(content); - if (Array.isArray(parsed)) { - if (parsed.length === 0) { - return "[]"; - } - const firstItem = parsed[0]; - if (typeof firstItem === "object" && firstItem !== null) { - const keys = Object.keys(firstItem); - return `[{${keys.join(", ")}}] (${parsed.length} items)`; - } - return `[${typeof firstItem}] (${parsed.length} items)`; - } else if (typeof parsed === "object" && parsed !== null) { - const keys = Object.keys(parsed); - if (keys.length > 10) { - return `{${keys.slice(0, 10).join(", ")}, ...} (${keys.length} keys)`; - } - return `{${keys.join(", ")}}`; - } - return `${typeof parsed}`; - } catch { - return "text content"; - } - } - function writeLargeContentToFile(content) { - const logsDir = "/tmp/gh-aw/safeoutputs"; - if (!fs.existsSync(logsDir)) { - fs.mkdirSync(logsDir, { recursive: true }); - } - const hash = crypto.createHash("sha256").update(content).digest("hex"); - const filename = `${hash}.json`; - const filepath = path.join(logsDir, filename); - fs.writeFileSync(filepath, content, "utf8"); - const description = generateCompactSchema(content); - return { - filename: filename, - description: description, - }; - } - const { execSync } = require("child_process"); - function getCurrentBranch() { - const cwd = process.env.GITHUB_WORKSPACE || process.cwd(); - try { - const branch = execSync("git rev-parse --abbrev-ref HEAD", { - encoding: "utf8", - cwd: cwd, - }).trim(); - return branch; - } catch (error) { - } - const ghHeadRef = process.env.GITHUB_HEAD_REF; - const ghRefName = process.env.GITHUB_REF_NAME; - if (ghHeadRef) { - return ghHeadRef; - } - if (ghRefName) { - return ghRefName; - } - throw new Error("Failed to determine current branch: git command failed and no GitHub environment variables available"); - } - function getBaseBranch() { - return process.env.GH_AW_BASE_BRANCH || "main"; - } - function generateGitPatch(branchName) { - const patchPath = "/tmp/gh-aw/aw.patch"; - const cwd = process.env.GITHUB_WORKSPACE || process.cwd(); - const defaultBranch = process.env.DEFAULT_BRANCH || getBaseBranch(); - const githubSha = process.env.GITHUB_SHA; - const patchDir = path.dirname(patchPath); - if (!fs.existsSync(patchDir)) { - fs.mkdirSync(patchDir, { recursive: true }); - } - let patchGenerated = false; - let errorMessage = null; - try { - if (branchName) { - try { - execSync(`git show-ref --verify --quiet refs/heads/${branchName}`, { cwd, encoding: "utf8" }); - let baseRef; - try { - execSync(`git show-ref --verify --quiet refs/remotes/origin/${branchName}`, { cwd, encoding: "utf8" }); - baseRef = `origin/${branchName}`; - } catch { - execSync(`git fetch origin ${defaultBranch}`, { cwd, encoding: "utf8" }); - baseRef = execSync(`git merge-base origin/${defaultBranch} ${branchName}`, { cwd, encoding: "utf8" }).trim(); - } - const commitCount = parseInt(execSync(`git rev-list --count ${baseRef}..${branchName}`, { cwd, encoding: "utf8" }).trim(), 10); - if (commitCount > 0) { - const patchContent = execSync(`git format-patch ${baseRef}..${branchName} --stdout`, { - cwd, - encoding: "utf8", - }); - if (patchContent && patchContent.trim()) { - fs.writeFileSync(patchPath, patchContent, "utf8"); - patchGenerated = true; - } - } - } catch (branchError) { - } - } - if (!patchGenerated) { - const currentHead = execSync("git rev-parse HEAD", { cwd, encoding: "utf8" }).trim(); - if (!githubSha) { - errorMessage = "GITHUB_SHA environment variable is not set"; - } else if (currentHead === githubSha) { - } else { - try { - execSync(`git merge-base --is-ancestor ${githubSha} HEAD`, { cwd, encoding: "utf8" }); - const commitCount = parseInt(execSync(`git rev-list --count ${githubSha}..HEAD`, { cwd, encoding: "utf8" }).trim(), 10); - if (commitCount > 0) { - const patchContent = execSync(`git format-patch ${githubSha}..HEAD --stdout`, { - cwd, - encoding: "utf8", - }); - if (patchContent && patchContent.trim()) { - fs.writeFileSync(patchPath, patchContent, "utf8"); - patchGenerated = true; - } - } - } catch { - } - } - } - } catch (error) { - errorMessage = `Failed to generate patch: ${error instanceof Error ? error.message : String(error)}`; - } - if (patchGenerated && fs.existsSync(patchPath)) { - const patchContent = fs.readFileSync(patchPath, "utf8"); - const patchSize = Buffer.byteLength(patchContent, "utf8"); - const patchLines = patchContent.split("\n").length; - if (!patchContent.trim()) { - return { - success: false, - error: "No changes to commit - patch is empty", - patchPath: patchPath, - patchSize: 0, - patchLines: 0, - }; - } - return { - success: true, - patchPath: patchPath, - patchSize: patchSize, - patchLines: patchLines, - }; - } - return { - success: false, - error: errorMessage || "No changes to commit - no commits found", - patchPath: patchPath, - }; - } + const { execFile, execSync } = require("child_process"); const os = require("os"); + const crypto = require("crypto"); class ReadBuffer { constructor() { this._buffer = null; @@ -751,6 +594,17 @@ jobs: } } } + function validateRequiredFields(args, inputSchema) { + const requiredFields = inputSchema && Array.isArray(inputSchema.required) ? inputSchema.required : []; + if (!requiredFields.length) { + return []; + } + const missing = requiredFields.filter(f => { + const value = args[f]; + return value === undefined || value === null || (typeof value === "string" && value.trim() === ""); + }); + return missing; + } const encoder = new TextEncoder(); function initLogFile(server) { if (server.logFileInitialized || !server.logDir || !server.logFilePath) return; @@ -880,10 +734,64 @@ jobs: } }; } - function createShellHandler(server, toolName, scriptPath) { + function loadToolHandlers(server, tools, basePath) { + server.debug(`Loading tool handlers...`); + server.debug(` Total tools to process: ${tools.length}`); + server.debug(` Base path: ${basePath || "(not specified)"}`); + let loadedCount = 0; + let skippedCount = 0; + let errorCount = 0; + for (const tool of tools) { + const toolName = tool.name || "(unnamed)"; + if (!tool.handler) { + server.debug(` [${toolName}] No handler path specified, skipping handler load`); + skippedCount++; + continue; + } + const handlerPath = tool.handler; + server.debug(` [${toolName}] Handler path specified: ${handlerPath}`); + let resolvedPath = handlerPath; + if (basePath && !path.isAbsolute(handlerPath)) { + resolvedPath = path.resolve(basePath, handlerPath); + server.debug(` [${toolName}] Resolved relative path to: ${resolvedPath}`); + const normalizedBase = path.resolve(basePath); + const normalizedResolved = path.resolve(resolvedPath); + if (!normalizedResolved.startsWith(normalizedBase + path.sep) && normalizedResolved !== normalizedBase) { + server.debug(` [${toolName}] ERROR: Handler path escapes base directory: ${resolvedPath} is not within ${basePath}`); + errorCount++; + continue; + } + } else if (path.isAbsolute(handlerPath)) { + server.debug(` [${toolName}] Using absolute path (bypasses basePath validation): ${handlerPath}`); + } + tool.handlerPath = handlerPath; + try { + server.debug(` [${toolName}] Loading handler from: ${resolvedPath}`); + if (!fs.existsSync(resolvedPath)) { + server.debug(` [${toolName}] ERROR: Handler file does not exist: ${resolvedPath}`); + errorCount++; + continue; + } + const ext = path.extname(resolvedPath).toLowerCase(); + server.debug(` [${toolName}] Handler file extension: ${ext}`); + if (ext === ".sh") { + server.debug(` [${toolName}] Detected shell script handler`); + try { + fs.accessSync(resolvedPath, fs.constants.X_OK); + server.debug(` [${toolName}] Shell script is executable`); + } catch { + try { + fs.chmodSync(resolvedPath, 0o755); + server.debug(` [${toolName}] Made shell script executable`); + } catch (chmodError) { + server.debugError(` [${toolName}] Warning: Could not make shell script executable: `, chmodError); + } + } + function createShellHandler(server, toolName, scriptPath, timeoutSeconds = 60) { return async args => { server.debug(` [${toolName}] Invoking shell handler: ${scriptPath}`); server.debug(` [${toolName}] Shell handler args: ${JSON.stringify(args)}`); + server.debug(` [${toolName}] Timeout: ${timeoutSeconds}s`); const env = { ...process.env }; for (const [key, value] of Object.entries(args || {})) { const envKey = `INPUT_${key.toUpperCase().replace(/-/g, "_")}`; @@ -901,7 +809,7 @@ jobs: [], { env, - timeout: 300000, + timeout: timeoutSeconds * 1000, maxBuffer: 10 * 1024 * 1024, }, (error, stdout, stderr) => { @@ -969,62 +877,87 @@ jobs: }); }; } - function loadToolHandlers(server, tools, basePath) { - server.debug(`Loading tool handlers...`); - server.debug(` Total tools to process: ${tools.length}`); - server.debug(` Base path: ${basePath || "(not specified)"}`); - let loadedCount = 0; - let skippedCount = 0; - let errorCount = 0; - for (const tool of tools) { - const toolName = tool.name || "(unnamed)"; - if (!tool.handler) { - server.debug(` [${toolName}] No handler path specified, skipping handler load`); - skippedCount++; - continue; - } - const handlerPath = tool.handler; - server.debug(` [${toolName}] Handler path specified: ${handlerPath}`); - let resolvedPath = handlerPath; - if (basePath && !path.isAbsolute(handlerPath)) { - resolvedPath = path.resolve(basePath, handlerPath); - server.debug(` [${toolName}] Resolved relative path to: ${resolvedPath}`); - const normalizedBase = path.resolve(basePath); - const normalizedResolved = path.resolve(resolvedPath); - if (!normalizedResolved.startsWith(normalizedBase + path.sep) && normalizedResolved !== normalizedBase) { - server.debug(` [${toolName}] ERROR: Handler path escapes base directory: ${resolvedPath} is not within ${basePath}`); - errorCount++; - continue; - } - } else if (path.isAbsolute(handlerPath)) { - server.debug(` [${toolName}] Using absolute path (bypasses basePath validation): ${handlerPath}`); - } - tool.handlerPath = handlerPath; - try { - server.debug(` [${toolName}] Loading handler from: ${resolvedPath}`); - if (!fs.existsSync(resolvedPath)) { - server.debug(` [${toolName}] ERROR: Handler file does not exist: ${resolvedPath}`); - errorCount++; - continue; - } - const ext = path.extname(resolvedPath).toLowerCase(); - server.debug(` [${toolName}] Handler file extension: ${ext}`); - if (ext === ".sh") { - server.debug(` [${toolName}] Detected shell script handler`); + const timeout = tool.timeout || 60; + tool.handler = createShellHandler(server, toolName, resolvedPath, timeout); + loadedCount++; + server.debug(` [${toolName}] Shell handler created successfully with timeout: ${timeout}s`); + } else if (ext === ".py") { + server.debug(` [${toolName}] Detected Python script handler`); try { fs.accessSync(resolvedPath, fs.constants.X_OK); - server.debug(` [${toolName}] Shell script is executable`); + server.debug(` [${toolName}] Python script is executable`); } catch { try { fs.chmodSync(resolvedPath, 0o755); - server.debug(` [${toolName}] Made shell script executable`); + server.debug(` [${toolName}] Made Python script executable`); } catch (chmodError) { - server.debugError(` [${toolName}] Warning: Could not make shell script executable: `, chmodError); + server.debugError(` [${toolName}] Warning: Could not make Python script executable: `, chmodError); } } - tool.handler = createShellHandler(server, toolName, resolvedPath); + function createPythonHandler(server, toolName, scriptPath, timeoutSeconds = 60) { + return async args => { + server.debug(` [${toolName}] Invoking Python handler: ${scriptPath}`); + server.debug(` [${toolName}] Python handler args: ${JSON.stringify(args)}`); + server.debug(` [${toolName}] Timeout: ${timeoutSeconds}s`); + const inputJson = JSON.stringify(args || {}); + server.debug( + ` [${toolName}] Input JSON (${inputJson.length} bytes): ${inputJson.substring(0, 200)}${inputJson.length > 200 ? "..." : ""}` + ); + return new Promise((resolve, reject) => { + server.debug(` [${toolName}] Executing Python script...`); + const child = execFile( + "python3", + [scriptPath], + { + env: process.env, + timeout: timeoutSeconds * 1000, + maxBuffer: 10 * 1024 * 1024, + }, + (error, stdout, stderr) => { + if (stdout) { + server.debug(` [${toolName}] stdout: ${stdout.substring(0, 500)}${stdout.length > 500 ? "..." : ""}`); + } + if (stderr) { + server.debug(` [${toolName}] stderr: ${stderr.substring(0, 500)}${stderr.length > 500 ? "..." : ""}`); + } + if (error) { + server.debugError(` [${toolName}] Python script error: `, error); + reject(error); + return; + } + let result; + try { + if (stdout && stdout.trim()) { + result = JSON.parse(stdout.trim()); + } else { + result = { stdout: stdout || "", stderr: stderr || "" }; + } + } catch (parseError) { + server.debug(` [${toolName}] Output is not JSON, returning as text`); + result = { stdout: stdout || "", stderr: stderr || "" }; + } + server.debug(` [${toolName}] Python handler completed successfully`); + resolve({ + content: [ + { + type: "text", + text: JSON.stringify(result), + }, + ], + }); + } + ); + if (child.stdin) { + child.stdin.write(inputJson); + child.stdin.end(); + } + }); + }; + } + const timeout = tool.timeout || 60; + tool.handler = createPythonHandler(server, toolName, resolvedPath, timeout); loadedCount++; - server.debug(` [${toolName}] Shell handler created successfully`); + server.debug(` [${toolName}] Python handler created successfully with timeout: ${timeout}s`); } else { server.debug(` [${toolName}] Loading JavaScript handler module`); const handlerModule = require(resolvedPath); @@ -1069,6 +1002,96 @@ jobs: function normalizeTool(name) { return name.replace(/-/g, "_").toLowerCase(); } + async function handleRequest(server, request, defaultHandler) { + const { id, method, params } = request; + try { + if (!("id" in request)) { + return null; + } + let result; + if (method === "initialize") { + const protocolVersion = params?.protocolVersion || "2024-11-05"; + result = { + protocolVersion, + serverInfo: server.serverInfo, + capabilities: { + tools: {}, + }, + }; + } else if (method === "ping") { + result = {}; + } else if (method === "tools/list") { + const list = []; + Object.values(server.tools).forEach(tool => { + const toolDef = { + name: tool.name, + description: tool.description, + inputSchema: tool.inputSchema, + }; + list.push(toolDef); + }); + result = { tools: list }; + } else if (method === "tools/call") { + const name = params?.name; + const args = params?.arguments ?? {}; + if (!name || typeof name !== "string") { + throw { + code: -32602, + message: "Invalid params: 'name' must be a string", + }; + } + const tool = server.tools[normalizeTool(name)]; + if (!tool) { + throw { + code: -32602, + message: `Tool '${name}' not found`, + }; + } + let handler = tool.handler; + if (!handler && defaultHandler) { + handler = defaultHandler(tool.name); + } + if (!handler) { + throw { + code: -32603, + message: `No handler for tool: ${name}`, + }; + } + const missing = validateRequiredFields(args, tool.inputSchema); + if (missing.length) { + throw { + code: -32602, + message: `Invalid arguments: missing or empty ${missing.map(m => `'${m}'`).join(", ")}`, + }; + } + const handlerResult = await Promise.resolve(handler(args)); + const content = handlerResult && handlerResult.content ? handlerResult.content : []; + result = { content, isError: false }; + } else if (/^notifications\//.test(method)) { + return null; + } else { + throw { + code: -32601, + message: `Method not found: ${method}`, + }; + } + return { + jsonrpc: "2.0", + id, + result, + }; + } catch (error) { + const err = error; + return { + jsonrpc: "2.0", + id, + error: { + code: err.code || -32603, + message: err.message || "Internal error", + }, + }; + } + } async function handleMessage(server, req, defaultHandler) { if (!req || typeof req !== "object") { server.debug(`Invalid message: not an object`); @@ -1127,16 +1150,10 @@ jobs: server.replyError(id, -32603, `No handler for tool: ${name}`); return; } - const requiredFields = tool.inputSchema && Array.isArray(tool.inputSchema.required) ? tool.inputSchema.required : []; - if (requiredFields.length) { - const missing = requiredFields.filter(f => { - const value = args[f]; - return value === undefined || value === null || (typeof value === "string" && value.trim() === ""); - }); - if (missing.length) { - server.replyError(id, -32602, `Invalid arguments: missing or empty ${missing.map(m => `'${m}'`).join(", ")}`); - return; - } + const missing = validateRequiredFields(args, tool.inputSchema); + if (missing.length) { + server.replyError(id, -32602, `Invalid arguments: missing or empty ${missing.map(m => `'${m}'`).join(", ")}`); + return; } server.debug(`Calling handler for tool: ${name}`); const result = await Promise.resolve(handler(args)); @@ -1182,328 +1199,532 @@ jobs: process.stdin.resume(); server.debug(`listening...`); } - const SERVER_INFO = { name: "safeoutputs", version: "1.0.0" }; - const MCP_LOG_DIR = process.env.GH_AW_MCP_LOG_DIR; - const server = createServer(SERVER_INFO, { logDir: MCP_LOG_DIR }); - const configPath = process.env.GH_AW_SAFE_OUTPUTS_CONFIG_PATH || "/tmp/gh-aw/safeoutputs/config.json"; - let safeOutputsConfigRaw; - server.debug(`Reading config from file: ${configPath}`); - try { - if (fs.existsSync(configPath)) { - server.debug(`Config file exists at: ${configPath}`); - const configFileContent = fs.readFileSync(configPath, "utf8"); - server.debug(`Config file content length: ${configFileContent.length} characters`); - server.debug(`Config file read successfully, attempting to parse JSON`); - safeOutputsConfigRaw = JSON.parse(configFileContent); - server.debug(`Successfully parsed config from file with ${Object.keys(safeOutputsConfigRaw).length} configuration keys`); - } else { - server.debug(`Config file does not exist at: ${configPath}`); - server.debug(`Using minimal default configuration`); + function loadConfig(server) { + const configPath = process.env.GH_AW_SAFE_OUTPUTS_CONFIG_PATH || "/tmp/gh-aw/safeoutputs/config.json"; + let safeOutputsConfigRaw; + server.debug(`Reading config from file: ${configPath}`); + try { + if (fs.existsSync(configPath)) { + server.debug(`Config file exists at: ${configPath}`); + const configFileContent = fs.readFileSync(configPath, "utf8"); + server.debug(`Config file content length: ${configFileContent.length} characters`); + server.debug(`Config file read successfully, attempting to parse JSON`); + safeOutputsConfigRaw = JSON.parse(configFileContent); + server.debug(`Successfully parsed config from file with ${Object.keys(safeOutputsConfigRaw).length} configuration keys`); + } else { + server.debug(`Config file does not exist at: ${configPath}`); + server.debug(`Using minimal default configuration`); + safeOutputsConfigRaw = {}; + } + } catch (error) { + server.debug(`Error reading config file: ${error instanceof Error ? error.message : String(error)}`); + server.debug(`Falling back to empty configuration`); safeOutputsConfigRaw = {}; } - } catch (error) { - server.debug(`Error reading config file: ${error instanceof Error ? error.message : String(error)}`); - server.debug(`Falling back to empty configuration`); - safeOutputsConfigRaw = {}; - } - const safeOutputsConfig = Object.fromEntries(Object.entries(safeOutputsConfigRaw).map(([k, v]) => [k.replace(/-/g, "_"), v])); - server.debug(`Final processed config: ${JSON.stringify(safeOutputsConfig)}`); - const outputFile = process.env.GH_AW_SAFE_OUTPUTS || "/tmp/gh-aw/safeoutputs/outputs.jsonl"; - if (!process.env.GH_AW_SAFE_OUTPUTS) { - server.debug(`GH_AW_SAFE_OUTPUTS not set, using default: ${outputFile}`); - } - const outputDir = path.dirname(outputFile); - if (!fs.existsSync(outputDir)) { - server.debug(`Creating output directory: ${outputDir}`); - fs.mkdirSync(outputDir, { recursive: true }); - } - function appendSafeOutput(entry) { - if (!outputFile) throw new Error("No output file configured"); - entry.type = entry.type.replace(/-/g, "_"); - const jsonLine = JSON.stringify(entry) + "\n"; + const safeOutputsConfig = Object.fromEntries(Object.entries(safeOutputsConfigRaw).map(([k, v]) => [k.replace(/-/g, "_"), v])); + server.debug(`Final processed config: ${JSON.stringify(safeOutputsConfig)}`); + const outputFile = process.env.GH_AW_SAFE_OUTPUTS || "/tmp/gh-aw/safeoutputs/outputs.jsonl"; + if (!process.env.GH_AW_SAFE_OUTPUTS) { + server.debug(`GH_AW_SAFE_OUTPUTS not set, using default: ${outputFile}`); + } + const outputDir = path.dirname(outputFile); + if (!fs.existsSync(outputDir)) { + server.debug(`Creating output directory: ${outputDir}`); + fs.mkdirSync(outputDir, { recursive: true }); + } + return { + config: safeOutputsConfig, + outputFile: outputFile, + }; + } + function createAppendFunction(outputFile) { + return function appendSafeOutput(entry) { + if (!outputFile) throw new Error("No output file configured"); + entry.type = entry.type.replace(/-/g, "_"); + const jsonLine = JSON.stringify(entry) + "\n"; + try { + fs.appendFileSync(outputFile, jsonLine); + } catch (error) { + throw new Error(`Failed to write to output file: ${error instanceof Error ? error.message : String(error)}`); + } + }; + } + function normalizeBranchName(branchName) { + if (!branchName || typeof branchName !== "string" || branchName.trim() === "") { + return branchName; + } + let normalized = branchName.replace(/[^a-zA-Z0-9\-_/.]+/g, "-"); + normalized = normalized.replace(/-+/g, "-"); + normalized = normalized.replace(/^-+|-+$/g, ""); + if (normalized.length > 128) { + normalized = normalized.substring(0, 128); + } + normalized = normalized.replace(/-+$/, ""); + normalized = normalized.toLowerCase(); + return normalized; + } + function estimateTokens(text) { + if (!text) return 0; + return Math.ceil(text.length / 4); + } + function generateCompactSchema(content) { + try { + const parsed = JSON.parse(content); + if (Array.isArray(parsed)) { + if (parsed.length === 0) { + return "[]"; + } + const firstItem = parsed[0]; + if (typeof firstItem === "object" && firstItem !== null) { + const keys = Object.keys(firstItem); + return `[{${keys.join(", ")}}] (${parsed.length} items)`; + } + return `[${typeof firstItem}] (${parsed.length} items)`; + } else if (typeof parsed === "object" && parsed !== null) { + const keys = Object.keys(parsed); + if (keys.length > 10) { + return `{${keys.slice(0, 10).join(", ")}, ...} (${keys.length} keys)`; + } + return `{${keys.join(", ")}}`; + } + return `${typeof parsed}`; + } catch { + return "text content"; + } + } + function writeLargeContentToFile(content) { + const logsDir = "/tmp/gh-aw/safeoutputs"; + if (!fs.existsSync(logsDir)) { + fs.mkdirSync(logsDir, { recursive: true }); + } + const hash = crypto.createHash("sha256").update(content).digest("hex"); + const filename = `${hash}.json`; + const filepath = path.join(logsDir, filename); + fs.writeFileSync(filepath, content, "utf8"); + const description = generateCompactSchema(content); + return { + filename: filename, + description: description, + }; + } + function getCurrentBranch() { + const cwd = process.env.GITHUB_WORKSPACE || process.cwd(); try { - fs.appendFileSync(outputFile, jsonLine); + const branch = execSync("git rev-parse --abbrev-ref HEAD", { + encoding: "utf8", + cwd: cwd, + }).trim(); + return branch; } catch (error) { - throw new Error(`Failed to write to output file: ${error instanceof Error ? error.message : String(error)}`); - } - } - const defaultHandler = type => args => { - const entry = { ...(args || {}), type }; - let largeContent = null; - let largeFieldName = null; - const TOKEN_THRESHOLD = 16000; - for (const [key, value] of Object.entries(entry)) { - if (typeof value === "string") { - const tokens = estimateTokens(value); - if (tokens > TOKEN_THRESHOLD) { - largeContent = value; - largeFieldName = key; - server.debug(`Field '${key}' has ${tokens} tokens (exceeds ${TOKEN_THRESHOLD})`); - break; + } + const ghHeadRef = process.env.GITHUB_HEAD_REF; + const ghRefName = process.env.GITHUB_REF_NAME; + if (ghHeadRef) { + return ghHeadRef; + } + if (ghRefName) { + return ghRefName; + } + throw new Error("Failed to determine current branch: git command failed and no GitHub environment variables available"); + } + function getBaseBranch() { + return process.env.GH_AW_BASE_BRANCH || "main"; + } + function generateGitPatch(branchName) { + const patchPath = "/tmp/gh-aw/aw.patch"; + const cwd = process.env.GITHUB_WORKSPACE || process.cwd(); + const defaultBranch = process.env.DEFAULT_BRANCH || getBaseBranch(); + const githubSha = process.env.GITHUB_SHA; + const patchDir = path.dirname(patchPath); + if (!fs.existsSync(patchDir)) { + fs.mkdirSync(patchDir, { recursive: true }); + } + let patchGenerated = false; + let errorMessage = null; + try { + if (branchName) { + try { + execSync(`git show-ref --verify --quiet refs/heads/${branchName}`, { cwd, encoding: "utf8" }); + let baseRef; + try { + execSync(`git show-ref --verify --quiet refs/remotes/origin/${branchName}`, { cwd, encoding: "utf8" }); + baseRef = `origin/${branchName}`; + } catch { + execSync(`git fetch origin ${defaultBranch}`, { cwd, encoding: "utf8" }); + baseRef = execSync(`git merge-base origin/${defaultBranch} ${branchName}`, { cwd, encoding: "utf8" }).trim(); + } + const commitCount = parseInt(execSync(`git rev-list --count ${baseRef}..${branchName}`, { cwd, encoding: "utf8" }).trim(), 10); + if (commitCount > 0) { + const patchContent = execSync(`git format-patch ${baseRef}..${branchName} --stdout`, { + cwd, + encoding: "utf8", + }); + if (patchContent && patchContent.trim()) { + fs.writeFileSync(patchPath, patchContent, "utf8"); + patchGenerated = true; + } + } + } catch (branchError) { + } + } + if (!patchGenerated) { + const currentHead = execSync("git rev-parse HEAD", { cwd, encoding: "utf8" }).trim(); + if (!githubSha) { + errorMessage = "GITHUB_SHA environment variable is not set"; + } else if (currentHead === githubSha) { + } else { + try { + execSync(`git merge-base --is-ancestor ${githubSha} HEAD`, { cwd, encoding: "utf8" }); + const commitCount = parseInt(execSync(`git rev-list --count ${githubSha}..HEAD`, { cwd, encoding: "utf8" }).trim(), 10); + if (commitCount > 0) { + const patchContent = execSync(`git format-patch ${githubSha}..HEAD --stdout`, { + cwd, + encoding: "utf8", + }); + if (patchContent && patchContent.trim()) { + fs.writeFileSync(patchPath, patchContent, "utf8"); + patchGenerated = true; + } + } + } catch { + } + } + } + } catch (error) { + errorMessage = `Failed to generate patch: ${error instanceof Error ? error.message : String(error)}`; + } + if (patchGenerated && fs.existsSync(patchPath)) { + const patchContent = fs.readFileSync(patchPath, "utf8"); + const patchSize = Buffer.byteLength(patchContent, "utf8"); + const patchLines = patchContent.split("\n").length; + if (!patchContent.trim()) { + return { + success: false, + error: "No changes to commit - patch is empty", + patchPath: patchPath, + patchSize: 0, + patchLines: 0, + }; + } + return { + success: true, + patchPath: patchPath, + patchSize: patchSize, + patchLines: patchLines, + }; + } + return { + success: false, + error: errorMessage || "No changes to commit - no commits found", + patchPath: patchPath, + }; + } + function createHandlers(server, appendSafeOutput) { + const defaultHandler = type => args => { + const entry = { ...(args || {}), type }; + let largeContent = null; + let largeFieldName = null; + const TOKEN_THRESHOLD = 16000; + for (const [key, value] of Object.entries(entry)) { + if (typeof value === "string") { + const tokens = estimateTokens(value); + if (tokens > TOKEN_THRESHOLD) { + largeContent = value; + largeFieldName = key; + server.debug(`Field '${key}' has ${tokens} tokens (exceeds ${TOKEN_THRESHOLD})`); + break; + } + } + } + if (largeContent && largeFieldName) { + const fileInfo = writeLargeContentToFile(largeContent); + entry[largeFieldName] = `[Content too large, saved to file: ${fileInfo.filename}]`; + appendSafeOutput(entry); + return { + content: [ + { + type: "text", + text: JSON.stringify(fileInfo), + }, + ], + }; + } + appendSafeOutput(entry); + return { + content: [ + { + type: "text", + text: JSON.stringify({ result: "success" }), + }, + ], + }; + }; + const uploadAssetHandler = args => { + const branchName = process.env.GH_AW_ASSETS_BRANCH; + if (!branchName) throw new Error("GH_AW_ASSETS_BRANCH not set"); + const normalizedBranchName = normalizeBranchName(branchName); + const { path: filePath } = args; + const absolutePath = path.resolve(filePath); + const workspaceDir = process.env.GITHUB_WORKSPACE || process.cwd(); + const tmpDir = "/tmp"; + const isInWorkspace = absolutePath.startsWith(path.resolve(workspaceDir)); + const isInTmp = absolutePath.startsWith(tmpDir); + if (!isInWorkspace && !isInTmp) { + throw new Error( + `File path must be within workspace directory (${workspaceDir}) or /tmp directory. ` + + `Provided path: ${filePath} (resolved to: ${absolutePath})` + ); + } + if (!fs.existsSync(filePath)) { + throw new Error(`File not found: ${filePath}`); + } + const stats = fs.statSync(filePath); + const sizeBytes = stats.size; + const sizeKB = Math.ceil(sizeBytes / 1024); + const maxSizeKB = process.env.GH_AW_ASSETS_MAX_SIZE_KB ? parseInt(process.env.GH_AW_ASSETS_MAX_SIZE_KB, 10) : 10240; + if (sizeKB > maxSizeKB) { + throw new Error(`File size ${sizeKB} KB exceeds maximum allowed size ${maxSizeKB} KB`); + } + const ext = path.extname(filePath).toLowerCase(); + const allowedExts = process.env.GH_AW_ASSETS_ALLOWED_EXTS + ? process.env.GH_AW_ASSETS_ALLOWED_EXTS.split(",").map(ext => ext.trim()) + : [ + ".png", + ".jpg", + ".jpeg", + ]; + if (!allowedExts.includes(ext)) { + throw new Error(`File extension '${ext}' is not allowed. Allowed extensions: ${allowedExts.join(", ")}`); + } + const assetsDir = "/tmp/gh-aw/safeoutputs/assets"; + if (!fs.existsSync(assetsDir)) { + fs.mkdirSync(assetsDir, { recursive: true }); + } + const fileContent = fs.readFileSync(filePath); + const sha = crypto.createHash("sha256").update(fileContent).digest("hex"); + const fileName = path.basename(filePath); + const fileExt = path.extname(fileName).toLowerCase(); + const targetPath = path.join(assetsDir, fileName); + fs.copyFileSync(filePath, targetPath); + const targetFileName = (sha + fileExt).toLowerCase(); + const githubServer = process.env.GITHUB_SERVER_URL || "https://github.com"; + const repo = process.env.GITHUB_REPOSITORY || "owner/repo"; + const url = `${githubServer.replace("github.com", "raw.githubusercontent.com")}/${repo}/${normalizedBranchName}/${targetFileName}`; + const entry = { + type: "upload_asset", + path: filePath, + fileName: fileName, + sha: sha, + size: sizeBytes, + url: url, + targetFileName: targetFileName, + }; + appendSafeOutput(entry); + return { + content: [ + { + type: "text", + text: JSON.stringify({ result: url }), + }, + ], + }; + }; + const createPullRequestHandler = args => { + const entry = { ...args, type: "create_pull_request" }; + const baseBranch = getBaseBranch(); + if (!entry.branch || entry.branch.trim() === "" || entry.branch === baseBranch) { + const detectedBranch = getCurrentBranch(); + if (entry.branch === baseBranch) { + server.debug(`Branch equals base branch (${baseBranch}), detecting actual working branch: ${detectedBranch}`); + } else { + server.debug(`Using current branch for create_pull_request: ${detectedBranch}`); + } + entry.branch = detectedBranch; + } + server.debug(`Generating patch for create_pull_request with branch: ${entry.branch}`); + const patchResult = generateGitPatch(entry.branch); + if (!patchResult.success) { + const errorMsg = patchResult.error || "Failed to generate patch"; + server.debug(`Patch generation failed: ${errorMsg}`); + throw new Error(errorMsg); + } + server.debug(`Patch generated successfully: ${patchResult.patchPath} (${patchResult.patchSize} bytes, ${patchResult.patchLines} lines)`); + appendSafeOutput(entry); + return { + content: [ + { + type: "text", + text: JSON.stringify({ + result: "success", + patch: { + path: patchResult.patchPath, + size: patchResult.patchSize, + lines: patchResult.patchLines, + }, + }), + }, + ], + }; + }; + const pushToPullRequestBranchHandler = args => { + const entry = { ...args, type: "push_to_pull_request_branch" }; + const baseBranch = getBaseBranch(); + if (!entry.branch || entry.branch.trim() === "" || entry.branch === baseBranch) { + const detectedBranch = getCurrentBranch(); + if (entry.branch === baseBranch) { + server.debug(`Branch equals base branch (${baseBranch}), detecting actual working branch: ${detectedBranch}`); + } else { + server.debug(`Using current branch for push_to_pull_request_branch: ${detectedBranch}`); } + entry.branch = detectedBranch; } - } - if (largeContent && largeFieldName) { - const fileInfo = writeLargeContentToFile(largeContent); - entry[largeFieldName] = `[Content too large, saved to file: ${fileInfo.filename}]`; + server.debug(`Generating patch for push_to_pull_request_branch with branch: ${entry.branch}`); + const patchResult = generateGitPatch(entry.branch); + if (!patchResult.success) { + const errorMsg = patchResult.error || "Failed to generate patch"; + server.debug(`Patch generation failed: ${errorMsg}`); + throw new Error(errorMsg); + } + server.debug(`Patch generated successfully: ${patchResult.patchPath} (${patchResult.patchSize} bytes, ${patchResult.patchLines} lines)`); appendSafeOutput(entry); return { content: [ { type: "text", - text: JSON.stringify(fileInfo), + text: JSON.stringify({ + result: "success", + patch: { + path: patchResult.patchPath, + size: patchResult.patchSize, + lines: patchResult.patchLines, + }, + }), }, ], }; - } - appendSafeOutput(entry); - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: "success" }), - }, - ], - }; - }; - const uploadAssetHandler = args => { - const branchName = process.env.GH_AW_ASSETS_BRANCH; - if (!branchName) throw new Error("GH_AW_ASSETS_BRANCH not set"); - const normalizedBranchName = normalizeBranchName(branchName); - const { path: filePath } = args; - const absolutePath = path.resolve(filePath); - const workspaceDir = process.env.GITHUB_WORKSPACE || process.cwd(); - const tmpDir = "/tmp"; - const isInWorkspace = absolutePath.startsWith(path.resolve(workspaceDir)); - const isInTmp = absolutePath.startsWith(tmpDir); - if (!isInWorkspace && !isInTmp) { - throw new Error( - `File path must be within workspace directory (${workspaceDir}) or /tmp directory. ` + - `Provided path: ${filePath} (resolved to: ${absolutePath})` - ); - } - if (!fs.existsSync(filePath)) { - throw new Error(`File not found: ${filePath}`); - } - const stats = fs.statSync(filePath); - const sizeBytes = stats.size; - const sizeKB = Math.ceil(sizeBytes / 1024); - const maxSizeKB = process.env.GH_AW_ASSETS_MAX_SIZE_KB ? parseInt(process.env.GH_AW_ASSETS_MAX_SIZE_KB, 10) : 10240; - if (sizeKB > maxSizeKB) { - throw new Error(`File size ${sizeKB} KB exceeds maximum allowed size ${maxSizeKB} KB`); - } - const ext = path.extname(filePath).toLowerCase(); - const allowedExts = process.env.GH_AW_ASSETS_ALLOWED_EXTS - ? process.env.GH_AW_ASSETS_ALLOWED_EXTS.split(",").map(ext => ext.trim()) - : [ - ".png", - ".jpg", - ".jpeg", - ]; - if (!allowedExts.includes(ext)) { - throw new Error(`File extension '${ext}' is not allowed. Allowed extensions: ${allowedExts.join(", ")}`); - } - const assetsDir = "/tmp/gh-aw/safeoutputs/assets"; - if (!fs.existsSync(assetsDir)) { - fs.mkdirSync(assetsDir, { recursive: true }); - } - const fileContent = fs.readFileSync(filePath); - const sha = crypto.createHash("sha256").update(fileContent).digest("hex"); - const fileName = path.basename(filePath); - const fileExt = path.extname(fileName).toLowerCase(); - const targetPath = path.join(assetsDir, fileName); - fs.copyFileSync(filePath, targetPath); - const targetFileName = (sha + fileExt).toLowerCase(); - const githubServer = process.env.GITHUB_SERVER_URL || "https://github.com"; - const repo = process.env.GITHUB_REPOSITORY || "owner/repo"; - const url = `${githubServer.replace("github.com", "raw.githubusercontent.com")}/${repo}/${normalizedBranchName}/${targetFileName}`; - const entry = { - type: "upload_asset", - path: filePath, - fileName: fileName, - sha: sha, - size: sizeBytes, - url: url, - targetFileName: targetFileName, }; - appendSafeOutput(entry); return { - content: [ - { - type: "text", - text: JSON.stringify({ result: url }), - }, - ], - }; - }; - const createPullRequestHandler = args => { - const entry = { ...args, type: "create_pull_request" }; - const baseBranch = getBaseBranch(); - if (!entry.branch || entry.branch.trim() === "" || entry.branch === baseBranch) { - const detectedBranch = getCurrentBranch(); - if (entry.branch === baseBranch) { - server.debug(`Branch equals base branch (${baseBranch}), detecting actual working branch: ${detectedBranch}`); - } else { - server.debug(`Using current branch for create_pull_request: ${detectedBranch}`); - } - entry.branch = detectedBranch; - } - server.debug(`Generating patch for create_pull_request with branch: ${entry.branch}`); - const patchResult = generateGitPatch(entry.branch); - if (!patchResult.success) { - const errorMsg = patchResult.error || "Failed to generate patch"; - server.debug(`Patch generation failed: ${errorMsg}`); - throw new Error(errorMsg); - } - server.debug(`Patch generated successfully: ${patchResult.patchPath} (${patchResult.patchSize} bytes, ${patchResult.patchLines} lines)`); - appendSafeOutput(entry); - return { - content: [ - { - type: "text", - text: JSON.stringify({ - result: "success", - patch: { - path: patchResult.patchPath, - size: patchResult.patchSize, - lines: patchResult.patchLines, - }, - }), - }, - ], + defaultHandler, + uploadAssetHandler, + createPullRequestHandler, + pushToPullRequestBranchHandler, }; - }; - const pushToPullRequestBranchHandler = args => { - const entry = { ...args, type: "push_to_pull_request_branch" }; - const baseBranch = getBaseBranch(); - if (!entry.branch || entry.branch.trim() === "" || entry.branch === baseBranch) { - const detectedBranch = getCurrentBranch(); - if (entry.branch === baseBranch) { - server.debug(`Branch equals base branch (${baseBranch}), detecting actual working branch: ${detectedBranch}`); + } + function loadTools(server) { + const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; + let ALL_TOOLS = []; + server.debug(`Reading tools from file: ${toolsPath}`); + try { + if (fs.existsSync(toolsPath)) { + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + ALL_TOOLS = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); } else { - server.debug(`Using current branch for push_to_pull_request_branch: ${detectedBranch}`); + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + ALL_TOOLS = []; } - entry.branch = detectedBranch; - } - server.debug(`Generating patch for push_to_pull_request_branch with branch: ${entry.branch}`); - const patchResult = generateGitPatch(entry.branch); - if (!patchResult.success) { - const errorMsg = patchResult.error || "Failed to generate patch"; - server.debug(`Patch generation failed: ${errorMsg}`); - throw new Error(errorMsg); - } - server.debug(`Patch generated successfully: ${patchResult.patchPath} (${patchResult.patchSize} bytes, ${patchResult.patchLines} lines)`); - appendSafeOutput(entry); - return { - content: [ - { - type: "text", - text: JSON.stringify({ - result: "success", - patch: { - path: patchResult.patchPath, - size: patchResult.patchSize, - lines: patchResult.patchLines, - }, - }), - }, - ], - }; - }; - const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; - server.debug(`Reading tools from file: ${toolsPath}`); - try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); + } catch (error) { + server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); + server.debug(`Falling back to empty tools array`); ALL_TOOLS = []; } - } catch (error) { - server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); - server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; - } - ALL_TOOLS.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = uploadAssetHandler; - } - }); + return ALL_TOOLS; + } + function attachHandlers(tools, handlers) { + tools.forEach(tool => { + if (tool.name === "create_pull_request") { + tool.handler = handlers.createPullRequestHandler; + } else if (tool.name === "push_to_pull_request_branch") { + tool.handler = handlers.pushToPullRequestBranchHandler; + } else if (tool.name === "upload_asset") { + tool.handler = handlers.uploadAssetHandler; + } + }); + return tools; + } + function registerPredefinedTools(server, tools, config, registerTool, normalizeTool) { + tools.forEach(tool => { + if (Object.keys(config).find(configKey => normalizeTool(configKey) === tool.name)) { + registerTool(server, tool); + } + }); + } + function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { + Object.keys(config).forEach(configKey => { + const normalizedKey = normalizeTool(configKey); + if (server.tools[normalizedKey]) { + return; + } + if (!tools.find(t => t.name === normalizedKey)) { + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { + type: normalizedKey, + ...args, + }; + const entryJSON = JSON.stringify(entry); + fs.appendFileSync(outputFile, entryJSON + "\n"); + const outputText = + jobConfig && jobConfig.output + ? jobConfig.output + : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [ + { + type: "text", + text: JSON.stringify({ result: outputText }), + }, + ], + }; + }, + }; + if (jobConfig && jobConfig.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (inputDef.options && Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); + } + registerTool(server, dynamicTool); + } + }); + } + const SERVER_INFO = { name: "safeoutputs", version: "1.0.0" }; + const MCP_LOG_DIR = process.env.GH_AW_MCP_LOG_DIR; + const server = createServer(SERVER_INFO, { logDir: MCP_LOG_DIR }); + const { config: safeOutputsConfig, outputFile } = loadConfig(server); + const appendSafeOutput = createAppendFunction(outputFile); + const handlers = createHandlers(server, appendSafeOutput); + const { defaultHandler } = handlers; + let ALL_TOOLS = loadTools(server); + ALL_TOOLS = attachHandlers(ALL_TOOLS, handlers); server.debug(` output file: ${outputFile}`); server.debug(` config: ${JSON.stringify(safeOutputsConfig)}`); - ALL_TOOLS.forEach(tool => { - if (Object.keys(safeOutputsConfig).find(config => normalizeTool(config) === tool.name)) { - registerTool(server, tool); - } - }); - Object.keys(safeOutputsConfig).forEach(configKey => { - const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { - return; - } - if (!ALL_TOOLS.find(t => t.name === normalizedKey)) { - const jobConfig = safeOutputsConfig[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = - jobConfig && jobConfig.output - ? jobConfig.output - : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); - } - }); + registerPredefinedTools(server, ALL_TOOLS, safeOutputsConfig, registerTool, normalizeTool); + registerDynamicTools(server, ALL_TOOLS, safeOutputsConfig, outputFile, registerTool, normalizeTool); server.debug(` tools: ${Object.keys(server.tools).join(", ")}`); if (!Object.keys(server.tools).length) throw new Error("No tools enabled in configuration"); start(server, { defaultHandler }); @@ -1512,7 +1733,7 @@ jobs: - name: Setup MCPs env: - GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -1530,8 +1751,8 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_TOOLSETS=default", - "ghcr.io/github/github-mcp-server:v0.24.0" + "GITHUB_TOOLSETS=context,repos,issues,pull_requests", + "ghcr.io/github/github-mcp-server:v0.24.1" ], "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_MCP_SERVER_TOKEN" @@ -1546,13 +1767,17 @@ jobs: "GH_AW_ASSETS_MAX_SIZE_KB": "$GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_ASSETS_ALLOWED_EXTS": "$GH_AW_ASSETS_ALLOWED_EXTS", "GITHUB_REPOSITORY": "$GITHUB_REPOSITORY", - "GITHUB_SERVER_URL": "$GITHUB_SERVER_URL" + "GITHUB_SERVER_URL": "$GITHUB_SERVER_URL", + "GITHUB_SHA": "$GITHUB_SHA", + "GITHUB_WORKSPACE": "$GITHUB_WORKSPACE", + "DEFAULT_BRANCH": "$DEFAULT_BRANCH" } } } } EOF - name: Generate agentic run info + id: generate_aw_info uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | @@ -1561,9 +1786,9 @@ jobs: const awInfo = { engine_id: "claude", engine_name: "Claude Code", - model: "", + model: process.env.GH_AW_MODEL_AGENT_CLAUDE || "", version: "", - agent_version: "2.0.56", + agent_version: "2.0.61", workflow_name: "Dev", experimental: true, supports_tools_allowlist: true, @@ -1592,6 +1817,9 @@ jobs: fs.writeFileSync(tmpPath, JSON.stringify(awInfo, null, 2)); console.log('Generated aw_info.json at:', tmpPath); console.log(JSON.stringify(awInfo, null, 2)); + + // Set model as output for reuse in other steps/jobs + core.setOutput('model', awInfo.model); - name: Generate workflow overview uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: @@ -1638,7 +1866,7 @@ jobs: run: | PROMPT_DIR="$(dirname "$GH_AW_PROMPT")" mkdir -p "$PROMPT_DIR" - cat << 'PROMPT_EOF' | envsubst > "$GH_AW_PROMPT" + cat << 'PROMPT_EOF' > "$GH_AW_PROMPT" # Find and Assign Issue to Copilot Find a random open issue in this repository that would be suitable for GitHub Copilot to work on, then assign it to the Copilot agent. @@ -1673,7 +1901,7 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - cat << 'PROMPT_EOF' | envsubst >> "$GH_AW_PROMPT" + cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" Cross-Prompt Injection Attack (XPIA) Protection @@ -1695,7 +1923,7 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - cat << 'PROMPT_EOF' | envsubst >> "$GH_AW_PROMPT" + cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" /tmp/gh-aw/agent/ When you need to create temporary files or directories during your work, always use the /tmp/gh-aw/agent/ directory that has been pre-created for you. Do NOT use the root /tmp/ directory directly. @@ -1706,7 +1934,7 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: | - cat << 'PROMPT_EOF' | envsubst >> "$GH_AW_PROMPT" + cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" GitHub API Access Instructions @@ -1730,36 +1958,115 @@ jobs: GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} run: | - cat << 'PROMPT_EOF' | envsubst >> "$GH_AW_PROMPT" + cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" The following GitHub context information is available for this workflow: - {{#if ${GH_AW_GITHUB_ACTOR} }} - - **actor**: ${GH_AW_GITHUB_ACTOR} + {{#if __GH_AW_GITHUB_ACTOR__ }} + - **actor**: __GH_AW_GITHUB_ACTOR__ {{/if}} - {{#if ${GH_AW_GITHUB_REPOSITORY} }} - - **repository**: ${GH_AW_GITHUB_REPOSITORY} + {{#if __GH_AW_GITHUB_REPOSITORY__ }} + - **repository**: __GH_AW_GITHUB_REPOSITORY__ {{/if}} - {{#if ${GH_AW_GITHUB_WORKSPACE} }} - - **workspace**: ${GH_AW_GITHUB_WORKSPACE} + {{#if __GH_AW_GITHUB_WORKSPACE__ }} + - **workspace**: __GH_AW_GITHUB_WORKSPACE__ {{/if}} - {{#if ${GH_AW_GITHUB_EVENT_ISSUE_NUMBER} }} - - **issue-number**: #${GH_AW_GITHUB_EVENT_ISSUE_NUMBER} + {{#if __GH_AW_GITHUB_EVENT_ISSUE_NUMBER__ }} + - **issue-number**: #__GH_AW_GITHUB_EVENT_ISSUE_NUMBER__ {{/if}} - {{#if ${GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER} }} - - **discussion-number**: #${GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER} + {{#if __GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER__ }} + - **discussion-number**: #__GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER__ {{/if}} - {{#if ${GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER} }} - - **pull-request-number**: #${GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER} + {{#if __GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER__ }} + - **pull-request-number**: #__GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER__ {{/if}} - {{#if ${GH_AW_GITHUB_EVENT_COMMENT_ID} }} - - **comment-id**: ${GH_AW_GITHUB_EVENT_COMMENT_ID} + {{#if __GH_AW_GITHUB_EVENT_COMMENT_ID__ }} + - **comment-id**: __GH_AW_GITHUB_EVENT_COMMENT_ID__ {{/if}} - {{#if ${GH_AW_GITHUB_RUN_ID} }} - - **workflow-run-id**: ${GH_AW_GITHUB_RUN_ID} + {{#if __GH_AW_GITHUB_RUN_ID__ }} + - **workflow-run-id**: __GH_AW_GITHUB_RUN_ID__ {{/if}} PROMPT_EOF + - name: Substitute placeholders + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + env: + GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_ACTOR: ${{ github.actor }} + GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} + GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} + GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} + GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} + GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} + GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} + with: + script: | + /** + * @fileoverview Safe template placeholder substitution for GitHub Actions workflows. + * Replaces __VAR__ placeholders in a file with environment variable values without + * allowing shell expansion, preventing template injection attacks. + * + * @param {object} params - The parameters object + * @param {string} params.file - Path to the file to process + * @param {object} params.substitutions - Map of placeholder names to values (without __ prefix/suffix) + */ + + const fs = require("fs"); + + const substitutePlaceholders = async ({ file, substitutions }) => { + // Validate inputs + if (!file) { + throw new Error("file parameter is required"); + } + if (!substitutions || typeof substitutions !== "object") { + throw new Error("substitutions parameter must be an object"); + } + + // Read the file content + let content; + try { + content = fs.readFileSync(file, "utf8"); + } catch (error) { + throw new Error(`Failed to read file ${file}: ${error.message}`); + } + + // Perform substitutions + // Each placeholder is in the format __VARIABLE_NAME__ + // We replace it with the corresponding value from the substitutions object + for (const [key, value] of Object.entries(substitutions)) { + const placeholder = `__${key}__`; + // Use a simple string replacement - no regex to avoid any potential issues + // with special characters in the value + content = content.split(placeholder).join(value); + } + + // Write the updated content back to the file + try { + fs.writeFileSync(file, content, "utf8"); + } catch (error) { + throw new Error(`Failed to write file ${file}: ${error.message}`); + } + + return `Successfully substituted ${Object.keys(substitutions).length} placeholder(s) in ${file}`; + }; + + + + // Call the substitution function + return await substitutePlaceholders({ + file: process.env.GH_AW_PROMPT, + substitutions: { + GH_AW_GITHUB_ACTOR: process.env.GH_AW_GITHUB_ACTOR, + GH_AW_GITHUB_EVENT_COMMENT_ID: process.env.GH_AW_GITHUB_EVENT_COMMENT_ID, + GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: process.env.GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER, + GH_AW_GITHUB_EVENT_ISSUE_NUMBER: process.env.GH_AW_GITHUB_EVENT_ISSUE_NUMBER, + GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: process.env.GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER, + GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, + GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID, + GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE + } + }); - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: @@ -1930,7 +2237,7 @@ jobs: run: | set -o pipefail # Execute Claude Code CLI with prompt from file - claude --print --mcp-config /tmp/gh-aw/mcp-config/mcp-servers.json --allowed-tools ExitPlanMode,Glob,Grep,LS,NotebookRead,Read,Task,TodoWrite,Write,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_job_logs,mcp__github__get_label,mcp__github__get_latest_release,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_review_comments,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_release_by_tag,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__issue_read,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issue_types,mcp__github__list_issues,mcp__github__list_label,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_releases,mcp__github__list_secret_scanning_alerts,mcp__github__list_starred_repositories,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__pull_request_read,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users --debug --verbose --permission-mode bypassPermissions --output-format stream-json --settings /tmp/gh-aw/.claude/settings.json "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" 2>&1 | tee /tmp/gh-aw/agent-stdio.log + claude --print --disable-slash-commands --mcp-config /tmp/gh-aw/mcp-config/mcp-servers.json --allowed-tools ExitPlanMode,Glob,Grep,LS,NotebookRead,Read,Task,TodoWrite,Write,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_job_logs,mcp__github__get_label,mcp__github__get_latest_release,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_review_comments,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_release_by_tag,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__issue_read,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issue_types,mcp__github__list_issues,mcp__github__list_label,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_releases,mcp__github__list_secret_scanning_alerts,mcp__github__list_starred_repositories,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__pull_request_read,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users --debug --verbose --permission-mode bypassPermissions --output-format stream-json --settings /tmp/gh-aw/.claude/settings.json "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_CLAUDE:+ --model "$GH_AW_MODEL_AGENT_CLAUDE"} 2>&1 | tee /tmp/gh-aw/agent-stdio.log env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} @@ -1944,6 +2251,7 @@ jobs: BASH_DEFAULT_TIMEOUT_MS: "60000" BASH_MAX_TIMEOUT_MS: "60000" GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_AW_MODEL_AGENT_CLAUDE: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || '' }} - name: Clean up network proxy hook files if: always() run: | @@ -2061,9 +2369,10 @@ jobs: } await main(); env: - GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,CLAUDE_CODE_OAUTH_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' + GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,CLAUDE_CODE_OAUTH_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} SECRET_CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload Safe Outputs @@ -2085,6 +2394,7 @@ jobs: script: | async function main() { const fs = require("fs"); + const path = require("path"); const redactedDomains = []; function getRedactedDomains() { return [...redactedDomains]; @@ -2096,7 +2406,6 @@ jobs: if (redactedDomains.length === 0) { return null; } - const path = require("path"); const targetPath = filePath || "/tmp/gh-aw/redacted-urls.log"; const dir = path.dirname(targetPath); if (!fs.existsSync(dir)) { @@ -2260,7 +2569,7 @@ jobs: return s.replace(//g, "").replace(//g, ""); } function convertXmlTags(s) { - const allowedTags = ["details", "summary", "code", "em", "b", "p"]; + const allowedTags = ["details", "summary", "code", "em", "b", "p", "strong", "i", "u", "br", "ul", "ol", "li", "blockquote"]; s = s.replace(//g, (match, content) => { const convertedContent = content.replace(/<(\/?[A-Za-z][A-Za-z0-9]*(?:[^>]*?))>/g, "($1)"); return `(![CDATA[${convertedContent}]])`; @@ -3252,7 +3561,13 @@ jobs: if (lastEntry.usage) { const usage = lastEntry.usage; if (usage.input_tokens || usage.output_tokens) { + const inputTokens = usage.input_tokens || 0; + const outputTokens = usage.output_tokens || 0; + const cacheCreationTokens = usage.cache_creation_input_tokens || 0; + const cacheReadTokens = usage.cache_read_input_tokens || 0; + const totalTokens = inputTokens + outputTokens + cacheCreationTokens + cacheReadTokens; markdown += `**Token Usage:**\n`; + if (totalTokens > 0) markdown += `- Total: ${totalTokens.toLocaleString()}\n`; if (usage.input_tokens) markdown += `- Input: ${usage.input_tokens.toLocaleString()}\n`; if (usage.cache_creation_input_tokens) markdown += `- Cache Creation: ${usage.cache_creation_input_tokens.toLocaleString()}\n`; if (usage.cache_read_input_tokens) markdown += `- Cache Read: ${usage.cache_read_input_tokens.toLocaleString()}\n`; @@ -3324,6 +3639,8 @@ jobs: "Safe Outputs": [], "Safe Inputs": [], "Git/GitHub": [], + Playwright: [], + Serena: [], MCP: [], "Custom Agents": [], Other: [], @@ -3363,6 +3680,10 @@ jobs: categories["Safe Inputs"].push(toolName); } else if (tool.startsWith("mcp__github__")) { categories["Git/GitHub"].push(formatMcpName(tool)); + } else if (tool.startsWith("mcp__playwright__")) { + categories["Playwright"].push(formatMcpName(tool)); + } else if (tool.startsWith("mcp__serena__")) { + categories["Serena"].push(formatMcpName(tool)); } else if (tool.startsWith("mcp__") || ["ListMcpResourcesTool", "ReadMcpResourceTool"].includes(tool)) { categories["MCP"].push(tool.startsWith("mcp__") ? formatMcpName(tool) : tool); } else if (isLikelyCustomAgent(tool)) { @@ -3590,6 +3911,73 @@ jobs: lines.push(`Model: ${model}`); } lines.push(""); + const initEntry = logEntries.find(entry => entry.type === "system" && entry.subtype === "init"); + if (initEntry && initEntry.tools && Array.isArray(initEntry.tools) && initEntry.tools.length > 0) { + lines.push("Available Tools:"); + lines.push(""); + const categories = { + Builtin: [], + "Safe Outputs": [], + "Safe Inputs": [], + "Git/GitHub": [], + Playwright: [], + Serena: [], + MCP: [], + "Custom Agents": [], + Other: [], + }; + const builtinTools = [ + "bash", + "write_bash", + "read_bash", + "stop_bash", + "list_bash", + "grep", + "glob", + "view", + "create", + "edit", + "store_memory", + "code_review", + "codeql_checker", + "report_progress", + "report_intent", + "gh-advisory-database", + ]; + const internalTools = ["fetch_copilot_cli_documentation"]; + for (const tool of initEntry.tools) { + const toolLower = tool.toLowerCase(); + if (builtinTools.includes(toolLower) || internalTools.includes(toolLower)) { + categories["Builtin"].push(tool); + } else if (tool.startsWith("safeoutputs-") || tool.startsWith("safe_outputs-")) { + const toolName = tool.replace(/^safeoutputs-|^safe_outputs-/, ""); + categories["Safe Outputs"].push(toolName); + } else if (tool.startsWith("safeinputs-") || tool.startsWith("safe_inputs-")) { + const toolName = tool.replace(/^safeinputs-|^safe_inputs-/, ""); + categories["Safe Inputs"].push(toolName); + } else if (tool.startsWith("mcp__github__")) { + categories["Git/GitHub"].push(formatMcpName(tool)); + } else if (tool.startsWith("mcp__playwright__")) { + categories["Playwright"].push(formatMcpName(tool)); + } else if (tool.startsWith("mcp__serena__")) { + categories["Serena"].push(formatMcpName(tool)); + } else if (tool.startsWith("mcp__") || ["ListMcpResourcesTool", "ReadMcpResourceTool"].includes(tool)) { + categories["MCP"].push(tool.startsWith("mcp__") ? formatMcpName(tool) : tool); + } else if (isLikelyCustomAgent(tool)) { + categories["Custom Agents"].push(tool); + } else { + categories["Other"].push(tool); + } + } + for (const [category, tools] of Object.entries(categories)) { + if (tools.length > 0) { + const toolText = tools.length === 1 ? "tool" : "tools"; + lines.push(`${category}: ${tools.length} ${toolText}`); + lines.push(tools.join(", ")); + } + } + lines.push(""); + } const toolUsePairs = new Map(); for (const entry of logEntries) { if (entry.type === "user" && entry.message?.content) { @@ -3660,8 +4048,15 @@ jobs: } if (lastEntry?.usage) { const usage = lastEntry.usage; - if (usage.input_tokens && usage.output_tokens) { - lines.push(` Tokens: ${usage.input_tokens.toLocaleString()} in / ${usage.output_tokens.toLocaleString()} out`); + if (usage.input_tokens || usage.output_tokens) { + const inputTokens = usage.input_tokens || 0; + const outputTokens = usage.output_tokens || 0; + const cacheCreationTokens = usage.cache_creation_input_tokens || 0; + const cacheReadTokens = usage.cache_read_input_tokens || 0; + const totalTokens = inputTokens + outputTokens + cacheCreationTokens + cacheReadTokens; + lines.push( + ` Tokens: ${totalTokens.toLocaleString()} total (${usage.input_tokens.toLocaleString()} in / ${usage.output_tokens.toLocaleString()} out)` + ); } } if (lastEntry?.total_cost_usd) { @@ -3748,11 +4143,6 @@ jobs: core.setFailed(error instanceof Error ? error : String(error)); } } - if (typeof module !== "undefined" && module.exports) { - module.exports = { - runLogParser, - }; - } function main() { runLogParser({ parseLog: parseClaudeLog, @@ -3833,11 +4223,6 @@ jobs: }; } } - if (typeof module !== "undefined" && module.exports) { - module.exports = { - parseClaudeLog, - }; - } main(); - name: Upload Agent Stdio if: always() @@ -4003,9 +4388,7 @@ jobs: } const level = extractLevel(match, pattern); const message = extractMessage(match, pattern, line); - const errorMessage = `Line ${lineIndex + 1}: ${message} (Pattern: ${ - pattern.description || "Unknown pattern" - }, Raw log: ${truncateString(line.trim(), 120)})`; + const errorMessage = `Line ${lineIndex + 1}: ${message} (Pattern: ${pattern.description || "Unknown pattern"}, Raw log: ${truncateString(line.trim(), 120)})`; if (level.toLowerCase() === "error") { core.error(errorMessage); hasErrors = true; @@ -4093,10 +4476,8 @@ jobs: (needs.detection.outputs.success == 'true') runs-on: ubuntu-slim permissions: - actions: write - contents: write + contents: read issues: write - pull-requests: write timeout-minutes: 10 outputs: assigned_agents: ${{ steps.assign_to_agent.outputs.assigned_agents }} @@ -4302,6 +4683,70 @@ jobs: return null; } } + async function assignAgentToIssueRest(owner, repo, issueNumber, agentName) { + const loginName = AGENT_LOGIN_NAMES[agentName]; + if (!loginName) { + core.error(`Unknown agent: ${agentName}. Supported agents: ${Object.keys(AGENT_LOGIN_NAMES).join(", ")}`); + return false; + } + try { + core.info(`Assigning ${agentName} (${loginName}) to issue #${issueNumber} via REST API...`); + await github.rest.issues.addAssignees({ + owner, + repo, + issue_number: issueNumber, + assignees: [loginName], + }); + core.info(`Successfully assigned ${agentName} to issue #${issueNumber} via REST API`); + return true; + } catch (error) { + const errorMessage = error instanceof Error ? error.message : String(error); + const status = error.status || (error.response && error.response.status); + core.debug(`REST API error: status=${status}, message=${errorMessage}`); + if (status === 422) { + core.error(`Failed to assign ${agentName}: Agent "${loginName}" is not available as an assignee for this repository`); + core.info("This may indicate:"); + core.info(" 1. Copilot coding agent is not enabled for this repository"); + core.info(" 2. Your organization has not enabled Copilot for this repository"); + core.info(" 3. The repository requires specific permissions or plan"); + core.info(""); + core.info( + "Please visit https://docs.github.com/en/copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-tasks/about-assigning-tasks-to-copilot" + ); + return false; + } + if (status === 403 || status === 401) { + logPermissionError(agentName); + return false; + } + if (status === 404) { + core.error(`Failed to assign ${agentName}: Issue #${issueNumber} not found in ${owner}/${repo}`); + return false; + } + core.error(`Failed to assign ${agentName} via REST API: ${errorMessage}`); + return false; + } + } + async function isAgentAssigned(owner, repo, issueNumber, agentName) { + const loginName = AGENT_LOGIN_NAMES[agentName]; + if (!loginName) { + return false; + } + try { + const { data: issue } = await github.rest.issues.get({ + owner, + repo, + issue_number: issueNumber, + }); + if (issue.assignees) { + return issue.assignees.some(assignee => assignee.login === loginName); + } + return false; + } catch (error) { + core.debug(`Failed to check if agent is assigned: ${error instanceof Error ? error.message : String(error)}`); + return false; + } + } async function assignAgentToIssue(issueId, agentId, currentAssignees, agentName) { const actorIds = [agentId]; for (const assigneeId of currentAssignees) { @@ -4450,6 +4895,19 @@ jobs: return { success: false, error }; } try { + core.info(`Checking if ${agentName} is already assigned to issue #${issueNumber}...`); + const alreadyAssigned = await isAgentAssigned(owner, repo, issueNumber, agentName); + if (alreadyAssigned) { + core.info(`${agentName} is already assigned to issue #${issueNumber}`); + return { success: true }; + } + core.info(`Assigning ${agentName} coding agent to issue #${issueNumber} via REST API...`); + const restSuccess = await assignAgentToIssueRest(owner, repo, issueNumber, agentName); + if (restSuccess) { + core.info(`Successfully assigned ${agentName} coding agent to issue #${issueNumber}`); + return { success: true }; + } + core.info("REST API assignment failed, attempting GraphQL fallback..."); core.info(`Looking for ${agentName} coding agent...`); const agentId = await findAgent(owner, repo, agentName); if (!agentId) { @@ -4465,11 +4923,7 @@ jobs: return { success: false, error: "Failed to get issue details" }; } core.info(`Issue ID: ${issueDetails.issueId}`); - if (issueDetails.currentAssignees.includes(agentId)) { - core.info(`${agentName} is already assigned to issue #${issueNumber}`); - return { success: true }; - } - core.info(`Assigning ${agentName} coding agent to issue #${issueNumber}...`); + core.info(`Assigning ${agentName} coding agent to issue #${issueNumber} via GraphQL...`); const success = await assignAgentToIssue(issueDetails.issueId, agentId, issueDetails.currentAssignees, agentName); if (!success) { return { success: false, error: `Failed to assign ${agentName} via GraphQL` }; @@ -4532,7 +4986,6 @@ jobs: core.warning(`Invalid target-repo format: ${targetRepoEnv}. Expected owner/repo. Using current repository.`); } } - const agentCache = {}; const results = []; for (const item of itemsToProcess) { const issueNumber = typeof item.issue_number === "number" ? item.issue_number : parseInt(String(item.issue_number), 10); @@ -4552,23 +5005,8 @@ jobs: continue; } try { - let agentId = agentCache[agentName]; - if (!agentId) { - core.info(`Looking for ${agentName} coding agent...`); - agentId = await findAgent(targetOwner, targetRepo, agentName); - if (!agentId) { - throw new Error(`${agentName} coding agent is not available for this repository`); - } - agentCache[agentName] = agentId; - core.info(`Found ${agentName} coding agent (ID: ${agentId})`); - } - core.info("Getting issue details..."); - const issueDetails = await getIssueDetails(targetOwner, targetRepo, issueNumber); - if (!issueDetails) { - throw new Error("Failed to get issue details"); - } - core.info(`Issue ID: ${issueDetails.issueId}`); - if (issueDetails.currentAssignees.includes(agentId)) { + const alreadyAssigned = await isAgentAssigned(targetOwner, targetRepo, issueNumber, agentName); + if (alreadyAssigned) { core.info(`${agentName} is already assigned to issue #${issueNumber}`); results.push({ issue_number: issueNumber, @@ -4578,9 +5016,9 @@ jobs: continue; } core.info(`Assigning ${agentName} coding agent to issue #${issueNumber}...`); - const success = await assignAgentToIssue(issueDetails.issueId, agentId, issueDetails.currentAssignees, agentName); + const success = await assignAgentToIssueRest(targetOwner, targetRepo, issueNumber, agentName); if (!success) { - throw new Error(`Failed to assign ${agentName} via GraphQL`); + throw new Error(`Failed to assign ${agentName} via REST API`); } core.info(`Successfully assigned ${agentName} coding agent to issue #${issueNumber}`); results.push({ @@ -4590,7 +5028,7 @@ jobs: }); } catch (error) { let errorMessage = error instanceof Error ? error.message : String(error); - if (errorMessage.includes("coding agent is not available for this repository")) { + if (errorMessage.includes("not available") || errorMessage.includes("422")) { try { const available = await getAvailableAgentLogins(targetOwner, targetRepo); if (available.length > 0) { @@ -4647,9 +5085,10 @@ jobs: conclusion: needs: - - agent - activation + - agent - assign_to_agent + - detection if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: @@ -4692,7 +5131,7 @@ jobs: GH_AW_NOOP_MAX: 1 GH_AW_WORKFLOW_NAME: "Dev" with: - github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | const fs = require("fs"); const MAX_LOG_CONTENT_LENGTH = 10000; @@ -4784,7 +5223,7 @@ jobs: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Dev" with: - github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | async function main() { const fs = require("fs"); @@ -4897,8 +5336,9 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_NAME: "Dev" GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.result }} with: - github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | const fs = require("fs"); const MAX_LOG_CONTENT_LENGTH = 10000; @@ -4949,17 +5389,7 @@ jobs: return null; } try { - const rawMessages = JSON.parse(messagesEnv); - return { - footer: rawMessages.footer, - footerInstall: rawMessages.footerInstall, - stagedTitle: rawMessages.stagedTitle, - stagedDescription: rawMessages.stagedDescription, - runStarted: rawMessages.runStarted, - runSuccess: rawMessages.runSuccess, - runFailure: rawMessages.runFailure, - closeOlderDiscussion: rawMessages.closeOlderDiscussion, - }; + return JSON.parse(messagesEnv); } catch (error) { core.warning(`Failed to parse GH_AW_SAFE_OUTPUT_MESSAGES: ${error instanceof Error ? error.message : String(error)}`); return null; @@ -4998,17 +5428,29 @@ jobs: const defaultMessage = "💀 Blimey! [{workflow_name}]({run_url}) {status} and walked the plank! No treasure today, matey! ☠️"; return messages?.runFailure ? renderTemplate(messages.runFailure, templateContext) : renderTemplate(defaultMessage, templateContext); } + function getDetectionFailureMessage(ctx) { + const messages = getMessages(); + const templateContext = toSnakeCase(ctx); + const defaultMessage = "⚠️ Security scanning failed for [{workflow_name}]({run_url}). Review the logs for details."; + return messages?.detectionFailure + ? renderTemplate(messages.detectionFailure, templateContext) + : renderTemplate(defaultMessage, templateContext); + } async function main() { const commentId = process.env.GH_AW_COMMENT_ID; const commentRepo = process.env.GH_AW_COMMENT_REPO; const runUrl = process.env.GH_AW_RUN_URL; const workflowName = process.env.GH_AW_WORKFLOW_NAME || "Workflow"; const agentConclusion = process.env.GH_AW_AGENT_CONCLUSION || "failure"; + const detectionConclusion = process.env.GH_AW_DETECTION_CONCLUSION; core.info(`Comment ID: ${commentId}`); core.info(`Comment Repo: ${commentRepo}`); core.info(`Run URL: ${runUrl}`); core.info(`Workflow Name: ${workflowName}`); core.info(`Agent Conclusion: ${agentConclusion}`); + if (detectionConclusion) { + core.info(`Detection Conclusion: ${detectionConclusion}`); + } let noopMessages = []; const agentOutputResult = loadAgentOutput(); if (agentOutputResult.success && agentOutputResult.data) { @@ -5043,7 +5485,12 @@ jobs: const repoName = commentRepo ? commentRepo.split("/")[1] : context.repo.repo; core.info(`Updating comment in ${repoOwner}/${repoName}`); let message; - if (agentConclusion === "success") { + if (detectionConclusion && detectionConclusion === "failure") { + message = getDetectionFailureMessage({ + workflowName, + runUrl, + }); + } else if (agentConclusion === "success") { message = getRunSuccessMessage({ workflowName, runUrl, @@ -5261,12 +5708,20 @@ jobs: - name: Validate CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret run: | if [ -z "$CLAUDE_CODE_OAUTH_TOKEN" ] && [ -z "$ANTHROPIC_API_KEY" ]; then + { + echo "❌ Error: Neither CLAUDE_CODE_OAUTH_TOKEN nor ANTHROPIC_API_KEY secret is set" + echo "The Claude Code engine requires either CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret to be configured." + echo "Please configure one of these secrets in your repository settings." + echo "Documentation: https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code" + } >> "$GITHUB_STEP_SUMMARY" echo "Error: Neither CLAUDE_CODE_OAUTH_TOKEN nor ANTHROPIC_API_KEY secret is set" echo "The Claude Code engine requires either CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret to be configured." echo "Please configure one of these secrets in your repository settings." echo "Documentation: https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code" exit 1 fi + + # Log success to stdout (not step summary) if [ -n "$CLAUDE_CODE_OAUTH_TOKEN" ]; then echo "CLAUDE_CODE_OAUTH_TOKEN secret is configured" else @@ -5281,7 +5736,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Claude Code CLI - run: npm install -g @anthropic-ai/claude-code@2.0.56 + run: npm install -g @anthropic-ai/claude-code@2.0.61 - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): @@ -5306,7 +5761,7 @@ jobs: run: | set -o pipefail # Execute Claude Code CLI with prompt from file - claude --print --allowed-tools 'Bash(cat),Bash(grep),Bash(head),Bash(jq),Bash(ls),Bash(tail),Bash(wc),BashOutput,ExitPlanMode,Glob,Grep,KillBash,LS,NotebookRead,Read,Task,TodoWrite' --debug --verbose --permission-mode bypassPermissions --output-format stream-json "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" 2>&1 | tee /tmp/gh-aw/threat-detection/detection.log + claude --print --disable-slash-commands --allowed-tools 'Bash(cat),Bash(grep),Bash(head),Bash(jq),Bash(ls),Bash(tail),Bash(wc),BashOutput,ExitPlanMode,Glob,Grep,KillBash,LS,NotebookRead,Read,Task,TodoWrite' --debug --verbose --permission-mode bypassPermissions --output-format stream-json "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_DETECTION_CLAUDE:+ --model "$GH_AW_MODEL_DETECTION_CLAUDE"} 2>&1 | tee /tmp/gh-aw/threat-detection/detection.log env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} @@ -5318,6 +5773,7 @@ jobs: MCP_TOOL_TIMEOUT: "60000" BASH_DEFAULT_TIMEOUT_MS: "60000" BASH_MAX_TIMEOUT_MS: "60000" + GH_AW_MODEL_DETECTION_CLAUDE: ${{ vars.GH_AW_MODEL_DETECTION_CLAUDE || '' }} - name: Parse threat detection results id: parse_results uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index 220d2eb0f7..15223ac806 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -237,8 +237,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -457,7 +457,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6631,7 +6631,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index d18f74086b..49154dd60c 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -247,8 +247,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -470,7 +470,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6830,7 +6830,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 74d268e8f2..31e5f86fa1 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -296,8 +296,8 @@ # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd # - actions/setup-go@v5 (d35c59abb061a4a6fb18e82ac0862c26744d6ab5) # https://github.com/actions/setup-go/commit/d35c59abb061a4a6fb18e82ac0862c26744d6ab5 -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/setup-python@v5 (a26af69be951a213d495a4c3e4e4022e16d87065) # https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) @@ -532,7 +532,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6797,7 +6797,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index b582be0344..0836226e71 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -65,8 +65,8 @@ # https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -277,7 +277,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index cdab386dd5..d70de1edf8 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -184,8 +184,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -406,7 +406,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6013,7 +6013,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 19855010fc..7a1b632cce 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -269,8 +269,8 @@ # https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -506,7 +506,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 44ccd4f672..7ea8744fea 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -84,8 +84,8 @@ # https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -296,7 +296,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index 396ff68dca..8621895fb6 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -256,8 +256,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -479,7 +479,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6153,7 +6153,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 347bdfb8f7..09017536e2 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -331,8 +331,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -557,7 +557,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6409,7 +6409,7 @@ jobs: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 99b93dc89a..34234f007a 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -310,8 +310,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -1129,7 +1129,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7365,7 +7365,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 26a3a4153e..ebc37e1a06 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -66,8 +66,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -801,7 +801,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6218,7 +6218,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 8bc1aa1d53..0b427882cf 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -401,8 +401,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -1024,7 +1024,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6824,7 +6824,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index cbe59faae6..131dec6833 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -84,8 +84,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -307,7 +307,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -5721,7 +5721,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 35b4215495..b5fee6ceb7 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -195,8 +195,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -1184,7 +1184,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7811,7 +7811,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index ff08e762e0..dd09f1c586 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -369,11 +369,11 @@ # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd # - actions/setup-go@v5 (d35c59abb061a4a6fb18e82ac0862c26744d6ab5) # https://github.com/actions/setup-go/commit/d35c59abb061a4a6fb18e82ac0862c26744d6ab5 -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 -# - anchore/sbom-action@v0.20.10 (fbfd9c6c189226748411491745178e0c2017392d) +# - anchore/sbom-action@v0 (fbfd9c6c189226748411491745178e0c2017392d) # https://github.com/anchore/sbom-action/commit/fbfd9c6c189226748411491745178e0c2017392d # - cli/gh-extension-precompile@v2 (9e2237c30f869ad3bcaed6a4be2cd43564dd421b) # https://github.com/cli/gh-extension-precompile/commit/9e2237c30f869ad3bcaed6a4be2cd43564dd421b @@ -604,7 +604,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6177,7 +6177,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index d02b06dcb1..a2155df688 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -275,8 +275,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -495,7 +495,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6757,7 +6757,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index b4017c18db..bcd3875fa2 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -194,8 +194,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -417,7 +417,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6671,7 +6671,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index 5a526f2d2b..335aa35605 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -611,8 +611,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -831,7 +831,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7058,7 +7058,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/smoke-copilot-safe-inputs.lock.yml b/.github/workflows/smoke-copilot-safe-inputs.lock.yml index 408fd11fbd..d38b50c228 100644 --- a/.github/workflows/smoke-copilot-safe-inputs.lock.yml +++ b/.github/workflows/smoke-copilot-safe-inputs.lock.yml @@ -149,8 +149,8 @@ # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd # - actions/setup-go@v5 (d35c59abb061a4a6fb18e82ac0862c26744d6ab5) # https://github.com/actions/setup-go/commit/d35c59abb061a4a6fb18e82ac0862c26744d6ab5 -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/setup-python@v5 (a26af69be951a213d495a4c3e4e4022e16d87065) # https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) @@ -1948,7 +1948,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -9298,7 +9298,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/smoke-srt-custom-config.lock.yml b/.github/workflows/smoke-srt-custom-config.lock.yml index 02364f1e3e..854f990b37 100644 --- a/.github/workflows/smoke-srt-custom-config.lock.yml +++ b/.github/workflows/smoke-srt-custom-config.lock.yml @@ -89,8 +89,8 @@ # https://github.com/actions/checkout/commit/93cb6efe18208431cddfb8368fd83d5badbf9bfd # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -297,7 +297,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/smoke-srt.lock.yml b/.github/workflows/smoke-srt.lock.yml index ccdc7e24b1..6dc7c92818 100644 --- a/.github/workflows/smoke-srt.lock.yml +++ b/.github/workflows/smoke-srt.lock.yml @@ -103,8 +103,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -327,7 +327,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -5564,7 +5564,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/speckit-dispatcher.lock.yml b/.github/workflows/speckit-dispatcher.lock.yml index 18e7902268..ef94b7f163 100644 --- a/.github/workflows/speckit-dispatcher.lock.yml +++ b/.github/workflows/speckit-dispatcher.lock.yml @@ -465,8 +465,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -2068,7 +2068,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -8600,7 +8600,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/test-discussion-expires.lock.yml b/.github/workflows/test-discussion-expires.lock.yml index 5a6f99d4fc..9a2bbced13 100644 --- a/.github/workflows/test-discussion-expires.lock.yml +++ b/.github/workflows/test-discussion-expires.lock.yml @@ -72,8 +72,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -288,7 +288,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6352,7 +6352,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/test-python-safe-input.lock.yml b/.github/workflows/test-python-safe-input.lock.yml index 99a6d3e6e4..b7f65936ba 100644 --- a/.github/workflows/test-python-safe-input.lock.yml +++ b/.github/workflows/test-python-safe-input.lock.yml @@ -153,8 +153,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -371,7 +371,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7881,7 +7881,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 155d743ed5..84a9fb9000 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -197,8 +197,8 @@ # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd # - actions/setup-go@v5 (d35c59abb061a4a6fb18e82ac0862c26744d6ab5) # https://github.com/actions/setup-go/commit/d35c59abb061a4a6fb18e82ac0862c26744d6ab5 -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -753,7 +753,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: cache: npm cache-dependency-path: pkg/workflow/js/package-lock.json @@ -841,7 +841,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7089,7 +7089,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 5e7aafe785..40bec79761 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -639,8 +639,8 @@ # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd # - actions/setup-go@v5 (d35c59abb061a4a6fb18e82ac0862c26744d6ab5) # https://github.com/actions/setup-go/commit/d35c59abb061a4a6fb18e82ac0862c26744d6ab5 -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/setup-python@v5 (a26af69be951a213d495a4c3e4e4022e16d87065) # https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) @@ -875,7 +875,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -7101,7 +7101,7 @@ jobs: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 19475b6a16..7ea47e2223 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -351,8 +351,8 @@ # https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # - actions/github-script@v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd) # https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd -# - actions/setup-node@v6 (395ad3262231945c25e8478fd5baf05154b1d79f) -# https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f +# - actions/setup-node@v6 (2028fbc5c25fe9cf00d9f06a71cc4710d4507903) +# https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # - actions/upload-artifact@v5 (330a01c490aca151604b8cf639adc76d48f6c5d4) # https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4 @@ -582,7 +582,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false @@ -6922,7 +6922,7 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} COPILOT_CLI_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 with: node-version: '24' package-manager-cache: false diff --git a/pkg/workflow/data/action_pins.json b/pkg/workflow/data/action_pins.json index 9e31f42dfd..f595c12518 100644 --- a/pkg/workflow/data/action_pins.json +++ b/pkg/workflow/data/action_pins.json @@ -5,16 +5,6 @@ "version": "v1", "sha": "b81b2afb8390ee6839b494a404766bef6493c7d9" }, - "actions/cache/restore@v4": { - "repo": "actions/cache/restore", - "version": "v4", - "sha": "0057852bfaa89a56745cba8c7296529d2fc39830" - }, - "actions/cache/save@v4": { - "repo": "actions/cache/save", - "version": "v4", - "sha": "0057852bfaa89a56745cba8c7296529d2fc39830" - }, "actions/cache@v4": { "repo": "actions/cache", "version": "v4", @@ -28,18 +18,13 @@ "actions/create-github-app-token@v2": { "repo": "actions/create-github-app-token", "version": "v2", - "sha": "29824e69f54612133e76f7eaac726eef6c875baf" + "sha": "7e473efe3cb98aa54f8d4bac15400b15fad77d94" }, "actions/download-artifact@v6": { "repo": "actions/download-artifact", "version": "v6", "sha": "018cc2cf5baa6db3ef3c5f8a56943fffe632ef53" }, - "actions/github-script@v7.0.1": { - "repo": "actions/github-script", - "version": "v7.0.1", - "sha": "60a0d83039c74a4aee543508d2ffcb1c3799cdea" - }, "actions/github-script@v8": { "repo": "actions/github-script", "version": "v8", @@ -58,12 +43,12 @@ "actions/setup-java@v4": { "repo": "actions/setup-java", "version": "v4", - "sha": "c1e323688fd81a25caa38c78aa6df2d33d3e20d9" + "sha": "c5195efecf7bdfc987ee8bae7a71cb8b11521c00" }, "actions/setup-node@v6": { "repo": "actions/setup-node", "version": "v6", - "sha": "395ad3262231945c25e8478fd5baf05154b1d79f" + "sha": "2028fbc5c25fe9cf00d9f06a71cc4710d4507903" }, "actions/setup-python@v5": { "repo": "actions/setup-python", @@ -85,11 +70,6 @@ "version": "v0", "sha": "fbfd9c6c189226748411491745178e0c2017392d" }, - "anchore/sbom-action@v0.20.10": { - "repo": "anchore/sbom-action", - "version": "v0.20.10", - "sha": "fbfd9c6c189226748411491745178e0c2017392d" - }, "astral-sh/setup-uv@v5": { "repo": "astral-sh/setup-uv", "version": "v5",