diff --git a/.changeset/patch-add-gh-debug-env.md b/.changeset/patch-add-gh-debug-env.md new file mode 100644 index 00000000000..35af7e9f155 --- /dev/null +++ b/.changeset/patch-add-gh-debug-env.md @@ -0,0 +1,11 @@ +--- +"gh-aw": patch +--- + +Add `GH_DEBUG=1` to the shared `gh` safe-input tool configuration so +that `gh` commands executed via the `safeinputs-gh` tool run with +verbose debugging enabled. + +This is an internal/tooling change that affects workflow execution +verbosity only. + diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 7a938366a62..9818008e49b 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -3406,7 +3406,8 @@ jobs: }, "handler": "gh.sh", "env": { - "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN" + "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN", + "GH_DEBUG": "GH_DEBUG" }, "timeout": 60 } @@ -3449,6 +3450,7 @@ jobs: env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_DEBUG: 1 run: | mkdir -p /tmp/gh-aw/mcp-config mkdir -p /home/runner/.copilot @@ -3461,7 +3463,8 @@ jobs: "args": ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"], "tools": ["*"], "env": { - "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}" + "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}", + "GH_DEBUG": "\${GH_DEBUG}" } }, "safeoutputs": { @@ -4243,6 +4246,7 @@ jobs: GH_AW_MODEL_AGENT_COPILOT: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_DEBUG: 1 GITHUB_HEAD_REF: ${{ github.head_ref }} GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index 254894a4afb..03414d72aef 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -3103,7 +3103,8 @@ jobs: }, "handler": "gh.sh", "env": { - "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN" + "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN", + "GH_DEBUG": "GH_DEBUG" }, "timeout": 60 } @@ -3146,6 +3147,7 @@ jobs: env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_DEBUG: 1 run: | mkdir -p /tmp/gh-aw/mcp-config mkdir -p /home/runner/.copilot @@ -3158,7 +3160,8 @@ jobs: "args": ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"], "tools": ["*"], "env": { - "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}" + "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}", + "GH_DEBUG": "\${GH_DEBUG}" } }, "safeoutputs": { @@ -3422,6 +3425,7 @@ jobs: GH_AW_MODEL_AGENT_COPILOT: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_DEBUG: 1 GITHUB_HEAD_REF: ${{ github.head_ref }} GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} diff --git a/.github/workflows/shared/gh.md b/.github/workflows/shared/gh.md index d09adf4a5c5..2e45ee234d0 100644 --- a/.github/workflows/shared/gh.md +++ b/.github/workflows/shared/gh.md @@ -13,6 +13,7 @@ safe-inputs: required: true env: GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_DEBUG: "1" run: | echo "gh $INPUT_ARGS" echo " token: ${GH_AW_GH_TOKEN:0:6}..." diff --git a/.github/workflows/smoke-copilot-no-firewall.lock.yml b/.github/workflows/smoke-copilot-no-firewall.lock.yml index 7b925d82048..f4e71b6db0c 100644 --- a/.github/workflows/smoke-copilot-no-firewall.lock.yml +++ b/.github/workflows/smoke-copilot-no-firewall.lock.yml @@ -5100,7 +5100,8 @@ jobs: }, "handler": "gh.sh", "env": { - "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN" + "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN", + "GH_DEBUG": "GH_DEBUG" }, "timeout": 60 } @@ -5144,6 +5145,7 @@ jobs: GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_DEBUG: 1 run: | mkdir -p /tmp/gh-aw/mcp-config mkdir -p /home/runner/.copilot @@ -5182,7 +5184,8 @@ jobs: "args": ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"], "tools": ["*"], "env": { - "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}" + "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}", + "GH_DEBUG": "\${GH_DEBUG}" } }, "safeoutputs": { @@ -5856,6 +5859,7 @@ jobs: GH_AW_MODEL_AGENT_COPILOT: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_DEBUG: 1 GITHUB_HEAD_REF: ${{ github.head_ref }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_REF_NAME: ${{ github.ref_name }} diff --git a/.github/workflows/smoke-copilot-playwright.lock.yml b/.github/workflows/smoke-copilot-playwright.lock.yml index 666b25ac9c1..22077acbc2c 100644 --- a/.github/workflows/smoke-copilot-playwright.lock.yml +++ b/.github/workflows/smoke-copilot-playwright.lock.yml @@ -5091,7 +5091,8 @@ jobs: }, "handler": "gh.sh", "env": { - "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN" + "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN", + "GH_DEBUG": "GH_DEBUG" }, "timeout": 60 } @@ -5135,6 +5136,7 @@ jobs: GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_DEBUG: 1 run: | mkdir -p /tmp/gh-aw/mcp-config mkdir -p /home/runner/.copilot @@ -5173,7 +5175,8 @@ jobs: "args": ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"], "tools": ["*"], "env": { - "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}" + "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}", + "GH_DEBUG": "\${GH_DEBUG}" } }, "safeoutputs": { @@ -5836,6 +5839,7 @@ jobs: GH_AW_MODEL_AGENT_COPILOT: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_DEBUG: 1 GITHUB_HEAD_REF: ${{ github.head_ref }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_REF_NAME: ${{ github.ref_name }} diff --git a/.github/workflows/smoke-copilot-safe-inputs.lock.yml b/.github/workflows/smoke-copilot-safe-inputs.lock.yml index e5840e7e546..bc51af6af37 100644 --- a/.github/workflows/smoke-copilot-safe-inputs.lock.yml +++ b/.github/workflows/smoke-copilot-safe-inputs.lock.yml @@ -4996,7 +4996,8 @@ jobs: }, "handler": "gh.sh", "env": { - "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN" + "GH_AW_GH_TOKEN": "GH_AW_GH_TOKEN", + "GH_DEBUG": "GH_DEBUG" }, "timeout": 60 } @@ -5039,6 +5040,7 @@ jobs: env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_DEBUG: 1 run: | mkdir -p /tmp/gh-aw/mcp-config mkdir -p /home/runner/.copilot @@ -5051,7 +5053,8 @@ jobs: "args": ["/tmp/gh-aw/safe-inputs/mcp-server.cjs"], "tools": ["*"], "env": { - "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}" + "GH_AW_GH_TOKEN": "\${GH_AW_GH_TOKEN}", + "GH_DEBUG": "\${GH_DEBUG}" } }, "safeoutputs": { @@ -5562,6 +5565,7 @@ jobs: GH_AW_MODEL_AGENT_COPILOT: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GH_DEBUG: 1 GITHUB_HEAD_REF: ${{ github.head_ref }} GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }}