From 9e651bae65ae0c0641a1420bb72e072a105e6645 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 13 Feb 2026 16:59:04 +0000 Subject: [PATCH 1/5] Daily Repo Goal Achiever: Fix typos and add Sub-Issue Closer workflow --- README.md | 1 + docs/daily-qa.md | 4 +- docs/sub-issue-closer.md | 92 +++++++++++++++++++++ workflows/daily-qa.md | 2 +- workflows/daily-team-status.md | 2 +- workflows/pr-fix.md | 4 +- workflows/sub-issue-closer.md | 144 +++++++++++++++++++++++++++++++++ 7 files changed, 243 insertions(+), 6 deletions(-) create mode 100644 docs/sub-issue-closer.md create mode 100644 workflows/sub-issue-closer.md diff --git a/README.md b/README.md index a070bf1..04187be 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ A sample family of reusable [GitHub Agentic Workflows](https://github.github.com ### Triage Workflows - [🏷️ Issue Triage](docs/issue-triage.md) - Triage issues and pull requests +- [πŸ”’ Sub-Issue Closer](docs/sub-issue-closer.md) - Automatically close parent issues when all sub-issues are complete ## Fault Analysis Workflows diff --git a/docs/daily-qa.md b/docs/daily-qa.md index b88cdc5..0b6996b 100644 --- a/docs/daily-qa.md +++ b/docs/daily-qa.md @@ -1,8 +1,8 @@ -# πŸ” Daily Adhoc QA +# πŸ” Daily Ad hoc QA > For an overview of all available workflows, see the [main README](../README.md). -The [daily Adhoc QA workflow](../workflows/daily-qa.md?plain=1) will perform adhoc quality assurance tasks in the repository, such as following the instructions in the README.md, tutorials and walkthroughs to check that the code builds and runs, and that the getting started process is simple and works well. You can edit and configure the workflow to describe more tasks. +The [daily Ad hoc QA workflow](../workflows/daily-qa.md?plain=1) will perform ad hoc quality assurance tasks in the repository, such as following the instructions in the README.md, tutorials and walkthroughs to check that the code builds and runs, and that the getting started process is simple and works well. You can edit and configure the workflow to describe more tasks. ## Installation diff --git a/docs/sub-issue-closer.md b/docs/sub-issue-closer.md new file mode 100644 index 0000000..0375447 --- /dev/null +++ b/docs/sub-issue-closer.md @@ -0,0 +1,92 @@ +# πŸ”’ Sub-Issue Closer + +> For an overview of all available workflows, see the [main README](../README.md). + +The [Sub-Issue Closer workflow](../workflows/sub-issue-closer.md?plain=1) automatically closes parent issues when all their sub-issues are 100% complete. This helps keep your issue tracker organized and reduces manual maintenance overhead when working with issue hierarchies. + +## What It Does + +1. Scans all open parent issues in the repository +2. Checks the completion status of all sub-issues +3. Recursively closes parent issues when all sub-issues are closed +4. Adds explanatory comments to closed issues +5. Provides a summary report of actions taken + +## Why It's Useful + +- **Reduces Manual Overhead**: No need to manually close parent issues after completing all sub-tasks +- **Maintains Clean Issue Tracker**: Automatically keeps your issue list organized +- **Recursive Processing**: Handles multi-level issue hierarchies intelligently +- **Transparent Operations**: Adds clear comments explaining why issues were closed +- **Conservative Approach**: Only closes when absolutely certain all sub-issues are complete + +## Installation + +```bash +# Install the 'gh aw' extension +gh extensions install github/gh-aw + +# Add the workflow +gh aw add githubnext/agentics/sub-issue-closer + +# Compile to generate the GitHub Actions workflow +gh aw compile +``` + +## Customization + +Edit `.github/workflows/sub-issue-closer.md` to adjust: + +- **Schedule**: Change from `daily` to a specific cron schedule +- **Limits**: Modify `max: 20` to process more or fewer issues per run +- **Timeout**: Adjust `timeout-minutes` based on your repository size +- **Comment format**: Customize the closure comment template + +## How It Works + +The workflow uses GitHub's issue tracking relationships to identify parent issues and their sub-issues. It processes the issue hierarchy bottom-up, ensuring that sub-issues are evaluated before their parents. This enables recursive closure up the tree as each level reaches 100% completion. + +### Example Scenario + +You have this issue hierarchy: + +``` +Issue #10: "Major Feature Release" (OPEN) +β”œβ”€ Issue #11: "Backend changes" (OPEN) +β”‚ β”œβ”€ Issue #12: "API updates" (CLOSED) +β”‚ └─ Issue #13: "Database migration" (CLOSED) +└─ Issue #14: "Frontend changes" (CLOSED) +``` + +When you close Issue #13 (the last sub-issue of #11), the workflow will: +1. Detect Issue #11 is now 100% complete β†’ Close #11 +2. Check if Issue #10's sub-issues are complete β†’ Detect #14 (closed) and #11 (now closed) +3. Close Issue #10 since all its sub-issues are complete + +## Safe Outputs + +The workflow uses these safe output actions: + +- **update-issue**: Closes parent issues (max 20 per run) +- **add-comment**: Adds explanatory comments (max 20 per run) + +All actions are logged and visible in the workflow run output. + +## Permissions + +Requires these permissions: +- `contents: read` - To access repository structure +- `issues: read` - To query issue relationships + +## Best Practices + +1. **Use clear issue hierarchies**: Structure issues with explicit parent-child relationships +2. **Review closure comments**: Check the automated comments to ensure correct operation +3. **Start with manual testing**: Run via workflow_dispatch first to observe behavior +4. **Adjust limits as needed**: Increase max values if you have large issue hierarchies +5. **Combine with event-driven workflows**: Consider adding a complementary workflow that runs when individual issues close + +## Related Workflows + +- [Issue Triage](issue-triage.md) - Automated issue categorization and labeling +- [Daily Plan](daily-plan.md) - Update planning issues for team coordination diff --git a/workflows/daily-qa.md b/workflows/daily-qa.md index 0bbdade..1313430 100644 --- a/workflows/daily-qa.md +++ b/workflows/daily-qa.md @@ -1,6 +1,6 @@ --- description: | - This workflow performs adhoc quality assurance by validating project health daily. + This workflow performs ad hoc quality assurance by validating project health daily. Checks that code builds and runs, tests pass, documentation is clear, and code is well-structured. Creates discussions for findings and can submit draft PRs with improvements. Provides continuous quality monitoring throughout development. diff --git a/workflows/daily-team-status.md b/workflows/daily-team-status.md index 0b885e4..7406900 100644 --- a/workflows/daily-team-status.md +++ b/workflows/daily-team-status.md @@ -1,6 +1,6 @@ --- description: | - This workflow created daily team status reporter creating upbeat activity summaries. + This workflow is a daily team status reporter creating upbeat activity summaries. Gathers recent repository activity (issues, PRs, discussions, releases, code changes) and generates engaging GitHub issues with productivity insights, community highlights, and project recommendations. Uses a positive, encouraging tone with diff --git a/workflows/pr-fix.md b/workflows/pr-fix.md index 75faf40..8a2a0ae 100644 --- a/workflows/pr-fix.md +++ b/workflows/pr-fix.md @@ -44,11 +44,11 @@ You are an AI assistant specialized in fixing pull requests with failing CI chec 4. Formulate a plan to follow the instructions. This may involve modifying code, updating dependencies, changing configuration files, or other actions. -4. Implement the changes needed to follow the instructions. +5. Implement the changes needed to follow the instructions. 5. Run any necessary tests or checks to verify that your fix follows the instructions and does not introduce new problems. -6. Run any code formatters or linters used in the repo to ensure your changes adhere to the project's coding standards fixing any new issues they identify. +6. Run any code formatters or linters used in the repo to ensure your changes adhere to the project's coding standards and fix any new issues they identify. 7. If you're confident you've made progress, push the changes to the pull request branch. diff --git a/workflows/sub-issue-closer.md b/workflows/sub-issue-closer.md new file mode 100644 index 0000000..d44015d --- /dev/null +++ b/workflows/sub-issue-closer.md @@ -0,0 +1,144 @@ +--- +description: Scheduled workflow that recursively closes parent issues when all sub-issues are 100% complete +name: Sub-Issue Closer +on: + schedule: daily + workflow_dispatch: +permissions: + contents: read + issues: read +engine: copilot +timeout-minutes: 15 +tools: + github: + toolsets: + - issues + bash: true +safe-outputs: + update-issue: + status: + target: "*" + max: 20 + add-comment: + target: "*" + max: 20 + messages: + run-started: "πŸ”’ Starting Sub-Issue Closer... [{workflow_name}]({run_url}) is checking for completed parent issues" + run-success: "βœ… Sub-Issue Closer complete! [{workflow_name}]({run_url}) has processed all parent issues." + run-failure: "❌ Sub-Issue Closer failed! [{workflow_name}]({run_url}) {status}. Some issues may not be processed." +--- + +# Sub-Issue Closer πŸ”’ + +You are an intelligent agent that automatically closes parent issues when all their sub-issues are 100% complete. + +## Task + +Recursively process GitHub issues in repository **${{ github.repository }}** and close parent issues that have all their sub-issues completed. + +## Process + +### Step 1: Find Open Parent Issues + +Use the GitHub tools to search for open issues that have sub-issues. Look for: +- Issues with state = "OPEN" +- Issues that have tracked issues (sub-issues) +- Issues that appear to be tracking/parent issues based on their structure + +You can use the `search_issues` tool to find issues with sub-issues, or use `list_issues` to get all open issues and filter those with sub-issues. + +### Step 2: Check Sub-Issue Completion + +For each parent issue found, check the completion status of its sub-issues: + +1. Get the sub-issues for the parent issue using the GitHub API +2. Check if ALL sub-issues are in state "CLOSED" +3. Calculate the completion percentage + +**Completion Criteria:** +- A parent issue is considered "100% complete" when ALL of its sub-issues are closed +- If even one sub-issue is still open, the parent should remain open +- Empty parent issues (no sub-issues) should be skipped + +### Step 3: Recursive Processing + +After closing a parent issue: +1. Check if that issue itself is a sub-issue of another parent +2. If it has a parent issue, check that parent's completion status +3. Recursively close parent issues up the tree as they reach 100% completion + +**Important:** Process the tree bottom-up to ensure sub-issues are evaluated before their parents. + +### Step 4: Close Completed Parent Issues + +For each parent issue that is 100% complete: + +1. **Close the issue** using the `update_issue` safe output tool +2. **Add a comment** explaining the closure using the `add_comment` safe output tool + +Example comment body: +``` +πŸŽ‰ **Automatically closed by Sub-Issue Closer** + +All sub-issues have been completed. This parent issue is now closed automatically. + +**Sub-issues status:** X/X closed (100%) +``` + +### Step 5: Report Summary + +At the end of processing, provide a summary of: +- Total parent issues analyzed +- Issues closed in this run +- Issues that remain open (with reason: incomplete sub-issues) +- Any errors or issues that couldn't be processed + +## Constraints + +- Maximum 20 issues closed per run (configured in safe-outputs) +- Maximum 20 comments added per run +- Only close issues when you are ABSOLUTELY certain all sub-issues are closed +- Skip issues that don't have sub-issues +- Only process open parent issues +- Be conservative: when in doubt, don't close + +## Example Output Format + +During processing, maintain clear logging: + +``` +πŸ” Analyzing parent issues... + +πŸ“‹ Issue #42: "Feature: Add dark mode" + State: OPEN + Sub-issues: 5 total + - #43: "Design dark mode colors" [CLOSED] + - #44: "Implement dark mode toggle" [CLOSED] + - #45: "Add dark mode to settings" [CLOSED] + - #46: "Test dark mode" [CLOSED] + - #47: "Document dark mode" [CLOSED] + Status: 5/5 closed (100%) + βœ… All sub-issues complete - CLOSING + +πŸ“‹ Issue #50: "Feature: User authentication" + State: OPEN + Sub-issues: 3 total + - #51: "Add login page" [CLOSED] + - #52: "Add logout functionality" [OPEN] + - #53: "Add password reset" [CLOSED] + Status: 2/3 closed (67%) + ⏸️ Incomplete - keeping open + +βœ… Summary: + - Parent issues analyzed: 2 + - Issues closed: 1 + - Issues remaining open: 1 +``` + +## Important Notes + +- This is a scheduled workflow that runs daily +- Use the GitHub tools to query issues and their relationships +- Be careful with recursive processing to avoid infinite loops +- Always verify the completion status before closing an issue +- Add clear, informative comments when closing issues for transparency From 127c25e7351952c15d0cbaeb62eadb9aeef8630d Mon Sep 17 00:00:00 2001 From: Don Syme Date: Mon, 16 Feb 2026 20:22:24 +0000 Subject: [PATCH 2/5] Delete docs/sub-issue-closer.md --- docs/sub-issue-closer.md | 92 ---------------------------------------- 1 file changed, 92 deletions(-) delete mode 100644 docs/sub-issue-closer.md diff --git a/docs/sub-issue-closer.md b/docs/sub-issue-closer.md deleted file mode 100644 index 0375447..0000000 --- a/docs/sub-issue-closer.md +++ /dev/null @@ -1,92 +0,0 @@ -# πŸ”’ Sub-Issue Closer - -> For an overview of all available workflows, see the [main README](../README.md). - -The [Sub-Issue Closer workflow](../workflows/sub-issue-closer.md?plain=1) automatically closes parent issues when all their sub-issues are 100% complete. This helps keep your issue tracker organized and reduces manual maintenance overhead when working with issue hierarchies. - -## What It Does - -1. Scans all open parent issues in the repository -2. Checks the completion status of all sub-issues -3. Recursively closes parent issues when all sub-issues are closed -4. Adds explanatory comments to closed issues -5. Provides a summary report of actions taken - -## Why It's Useful - -- **Reduces Manual Overhead**: No need to manually close parent issues after completing all sub-tasks -- **Maintains Clean Issue Tracker**: Automatically keeps your issue list organized -- **Recursive Processing**: Handles multi-level issue hierarchies intelligently -- **Transparent Operations**: Adds clear comments explaining why issues were closed -- **Conservative Approach**: Only closes when absolutely certain all sub-issues are complete - -## Installation - -```bash -# Install the 'gh aw' extension -gh extensions install github/gh-aw - -# Add the workflow -gh aw add githubnext/agentics/sub-issue-closer - -# Compile to generate the GitHub Actions workflow -gh aw compile -``` - -## Customization - -Edit `.github/workflows/sub-issue-closer.md` to adjust: - -- **Schedule**: Change from `daily` to a specific cron schedule -- **Limits**: Modify `max: 20` to process more or fewer issues per run -- **Timeout**: Adjust `timeout-minutes` based on your repository size -- **Comment format**: Customize the closure comment template - -## How It Works - -The workflow uses GitHub's issue tracking relationships to identify parent issues and their sub-issues. It processes the issue hierarchy bottom-up, ensuring that sub-issues are evaluated before their parents. This enables recursive closure up the tree as each level reaches 100% completion. - -### Example Scenario - -You have this issue hierarchy: - -``` -Issue #10: "Major Feature Release" (OPEN) -β”œβ”€ Issue #11: "Backend changes" (OPEN) -β”‚ β”œβ”€ Issue #12: "API updates" (CLOSED) -β”‚ └─ Issue #13: "Database migration" (CLOSED) -└─ Issue #14: "Frontend changes" (CLOSED) -``` - -When you close Issue #13 (the last sub-issue of #11), the workflow will: -1. Detect Issue #11 is now 100% complete β†’ Close #11 -2. Check if Issue #10's sub-issues are complete β†’ Detect #14 (closed) and #11 (now closed) -3. Close Issue #10 since all its sub-issues are complete - -## Safe Outputs - -The workflow uses these safe output actions: - -- **update-issue**: Closes parent issues (max 20 per run) -- **add-comment**: Adds explanatory comments (max 20 per run) - -All actions are logged and visible in the workflow run output. - -## Permissions - -Requires these permissions: -- `contents: read` - To access repository structure -- `issues: read` - To query issue relationships - -## Best Practices - -1. **Use clear issue hierarchies**: Structure issues with explicit parent-child relationships -2. **Review closure comments**: Check the automated comments to ensure correct operation -3. **Start with manual testing**: Run via workflow_dispatch first to observe behavior -4. **Adjust limits as needed**: Increase max values if you have large issue hierarchies -5. **Combine with event-driven workflows**: Consider adding a complementary workflow that runs when individual issues close - -## Related Workflows - -- [Issue Triage](issue-triage.md) - Automated issue categorization and labeling -- [Daily Plan](daily-plan.md) - Update planning issues for team coordination From 4286e416c2cf6dc7e67b139cc14879e940c2cda5 Mon Sep 17 00:00:00 2001 From: Don Syme Date: Mon, 16 Feb 2026 20:22:41 +0000 Subject: [PATCH 3/5] Delete workflows/sub-issue-closer.md --- workflows/sub-issue-closer.md | 144 ---------------------------------- 1 file changed, 144 deletions(-) delete mode 100644 workflows/sub-issue-closer.md diff --git a/workflows/sub-issue-closer.md b/workflows/sub-issue-closer.md deleted file mode 100644 index d44015d..0000000 --- a/workflows/sub-issue-closer.md +++ /dev/null @@ -1,144 +0,0 @@ ---- -description: Scheduled workflow that recursively closes parent issues when all sub-issues are 100% complete -name: Sub-Issue Closer -on: - schedule: daily - workflow_dispatch: -permissions: - contents: read - issues: read -engine: copilot -timeout-minutes: 15 -tools: - github: - toolsets: - - issues - bash: true -safe-outputs: - update-issue: - status: - target: "*" - max: 20 - add-comment: - target: "*" - max: 20 - messages: - run-started: "πŸ”’ Starting Sub-Issue Closer... [{workflow_name}]({run_url}) is checking for completed parent issues" - run-success: "βœ… Sub-Issue Closer complete! [{workflow_name}]({run_url}) has processed all parent issues." - run-failure: "❌ Sub-Issue Closer failed! [{workflow_name}]({run_url}) {status}. Some issues may not be processed." ---- - -# Sub-Issue Closer πŸ”’ - -You are an intelligent agent that automatically closes parent issues when all their sub-issues are 100% complete. - -## Task - -Recursively process GitHub issues in repository **${{ github.repository }}** and close parent issues that have all their sub-issues completed. - -## Process - -### Step 1: Find Open Parent Issues - -Use the GitHub tools to search for open issues that have sub-issues. Look for: -- Issues with state = "OPEN" -- Issues that have tracked issues (sub-issues) -- Issues that appear to be tracking/parent issues based on their structure - -You can use the `search_issues` tool to find issues with sub-issues, or use `list_issues` to get all open issues and filter those with sub-issues. - -### Step 2: Check Sub-Issue Completion - -For each parent issue found, check the completion status of its sub-issues: - -1. Get the sub-issues for the parent issue using the GitHub API -2. Check if ALL sub-issues are in state "CLOSED" -3. Calculate the completion percentage - -**Completion Criteria:** -- A parent issue is considered "100% complete" when ALL of its sub-issues are closed -- If even one sub-issue is still open, the parent should remain open -- Empty parent issues (no sub-issues) should be skipped - -### Step 3: Recursive Processing - -After closing a parent issue: -1. Check if that issue itself is a sub-issue of another parent -2. If it has a parent issue, check that parent's completion status -3. Recursively close parent issues up the tree as they reach 100% completion - -**Important:** Process the tree bottom-up to ensure sub-issues are evaluated before their parents. - -### Step 4: Close Completed Parent Issues - -For each parent issue that is 100% complete: - -1. **Close the issue** using the `update_issue` safe output tool -2. **Add a comment** explaining the closure using the `add_comment` safe output tool - -Example comment body: -``` -πŸŽ‰ **Automatically closed by Sub-Issue Closer** - -All sub-issues have been completed. This parent issue is now closed automatically. - -**Sub-issues status:** X/X closed (100%) -``` - -### Step 5: Report Summary - -At the end of processing, provide a summary of: -- Total parent issues analyzed -- Issues closed in this run -- Issues that remain open (with reason: incomplete sub-issues) -- Any errors or issues that couldn't be processed - -## Constraints - -- Maximum 20 issues closed per run (configured in safe-outputs) -- Maximum 20 comments added per run -- Only close issues when you are ABSOLUTELY certain all sub-issues are closed -- Skip issues that don't have sub-issues -- Only process open parent issues -- Be conservative: when in doubt, don't close - -## Example Output Format - -During processing, maintain clear logging: - -``` -πŸ” Analyzing parent issues... - -πŸ“‹ Issue #42: "Feature: Add dark mode" - State: OPEN - Sub-issues: 5 total - - #43: "Design dark mode colors" [CLOSED] - - #44: "Implement dark mode toggle" [CLOSED] - - #45: "Add dark mode to settings" [CLOSED] - - #46: "Test dark mode" [CLOSED] - - #47: "Document dark mode" [CLOSED] - Status: 5/5 closed (100%) - βœ… All sub-issues complete - CLOSING - -πŸ“‹ Issue #50: "Feature: User authentication" - State: OPEN - Sub-issues: 3 total - - #51: "Add login page" [CLOSED] - - #52: "Add logout functionality" [OPEN] - - #53: "Add password reset" [CLOSED] - Status: 2/3 closed (67%) - ⏸️ Incomplete - keeping open - -βœ… Summary: - - Parent issues analyzed: 2 - - Issues closed: 1 - - Issues remaining open: 1 -``` - -## Important Notes - -- This is a scheduled workflow that runs daily -- Use the GitHub tools to query issues and their relationships -- Be careful with recursive processing to avoid infinite loops -- Always verify the completion status before closing an issue -- Add clear, informative comments when closing issues for transparency From 0503be1bee938bf0cfe7e7a2dbf22575f22fb2c0 Mon Sep 17 00:00:00 2001 From: Don Syme Date: Mon, 16 Feb 2026 20:23:25 +0000 Subject: [PATCH 4/5] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 8634d36..f0a6a37 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ A sample family of reusable [GitHub Agentic Workflows](https://github.github.com ### Triage Workflows - [🏷️ Issue Triage](docs/issue-triage.md) - Triage issues and pull requests -- [πŸ”’ Sub-Issue Closer](docs/sub-issue-closer.md) - Automatically close parent issues when all sub-issues are complete ## Fault Analysis Workflows From 2bc788458d98141b96c2d66a569c5a8b3c972795 Mon Sep 17 00:00:00 2001 From: Don Syme Date: Mon, 16 Feb 2026 20:27:46 +0000 Subject: [PATCH 5/5] fix workflow --- .github/aw/actions-lock.json | 5 +++ .github/workflows/daily-repo-goals.lock.yml | 45 +++++++++---------- .../workflows/daily-workflow-sync.lock.yml | 34 +++++++------- .github/workflows/maintainer.lock.yml | 37 ++++++++------- workflows/daily-doc-updater.md | 2 - 5 files changed, 61 insertions(+), 62 deletions(-) diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 1f53c31..b2933d9 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -24,6 +24,11 @@ "repo": "github/gh-aw/actions/setup", "version": "v0.43.15", "sha": "a0e753a02a1b3edc578b5c4c9d5d4eaf81ced5bd" + }, + "github/gh-aw/actions/setup@v0.43.22": { + "repo": "github/gh-aw/actions/setup", + "version": "v0.43.22", + "sha": "fe858c3e14589bf396594a0b106e634d9065823e" } } } diff --git a/.github/workflows/daily-repo-goals.lock.yml b/.github/workflows/daily-repo-goals.lock.yml index f8ce4f3..e67d338 100644 --- a/.github/workflows/daily-repo-goals.lock.yml +++ b/.github/workflows/daily-repo-goals.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw (v0.44.0). DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.43.22). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -31,7 +31,7 @@ name: "Daily Repo Goal Achiever" "on": schedule: - - cron: "46 20 * * *" + - cron: "20 1 * * *" # Friendly format: daily (scattered) workflow_dispatch: @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -81,7 +81,6 @@ jobs: GH_AW_SAFE_OUTPUTS: /opt/gh-aw/safeoutputs/outputs.jsonl GH_AW_SAFE_OUTPUTS_CONFIG_PATH: /opt/gh-aw/safeoutputs/config.json GH_AW_SAFE_OUTPUTS_TOOLS_PATH: /opt/gh-aw/safeoutputs/tools.json - GH_AW_WORKFLOW_ID_SANITIZED: dailyrepogoals outputs: checkout_pr_success: ${{ steps.checkout-pr.outputs.checkout_pr_success || 'true' }} has_patch: ${{ steps.collect_output.outputs.has_patch }} @@ -91,7 +90,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -106,10 +105,10 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-${{ github.workflow }}- - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -147,8 +146,8 @@ jobs: engine_name: "GitHub Copilot CLI", model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", - agent_version: "0.0.410", - cli_version: "v0.44.0", + agent_version: "0.0.409", + cli_version: "v0.43.22", workflow_name: "Daily Repo Goal Achiever", experimental: false, supports_tools_allowlist: true, @@ -164,8 +163,8 @@ jobs: staged: false, allowed_domains: ["defaults"], firewall_enabled: true, - awf_version: "v0.18.0", - awmg_version: "v0.1.4", + awf_version: "v0.16.4", + awmg_version: "", steps: { firewall: "squid" }, @@ -186,9 +185,9 @@ jobs: env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI - run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.410 + run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.409 - name: Install awf binary - run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.18.0 + run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.4 - name: Determine automatic lockdown mode for GitHub MCP server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -200,7 +199,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.18.0 ghcr.io/github/gh-aw-firewall/squid:0.18.0 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.16.4 ghcr.io/github/gh-aw-firewall/squid:0.16.4 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -705,7 +704,7 @@ jobs: timeout-minutes: 30 run: | set -o pipefail - sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.18.0 --skip-pull \ + sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.16.4 --skip-pull \ -- '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --add-dir /tmp/gh-aw/cache-memory/ --allow-all-paths --share /tmp/gh-aw/sandbox/agent/logs/conversation.md --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"}' \ 2>&1 | tee /tmp/gh-aw/agent-stdio.log env: @@ -781,7 +780,6 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - if: always() uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} @@ -871,7 +869,8 @@ jobs: if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: - contents: write + contents: read + discussions: write issues: write pull-requests: write outputs: @@ -880,7 +879,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1001,7 +1000,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1043,7 +1042,7 @@ jobs: env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI - run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.410 + run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.409 - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1113,7 +1112,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1176,7 +1175,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) @@ -1188,6 +1187,6 @@ jobs: - name: Save cache-memory to cache (default) uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-workflow-sync.lock.yml b/.github/workflows/daily-workflow-sync.lock.yml index fb7f097..b531ec4 100644 --- a/.github/workflows/daily-workflow-sync.lock.yml +++ b/.github/workflows/daily-workflow-sync.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw (v0.44.0). DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.43.22). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -47,7 +47,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -76,7 +76,6 @@ jobs: GH_AW_SAFE_OUTPUTS: /opt/gh-aw/safeoutputs/outputs.jsonl GH_AW_SAFE_OUTPUTS_CONFIG_PATH: /opt/gh-aw/safeoutputs/config.json GH_AW_SAFE_OUTPUTS_TOOLS_PATH: /opt/gh-aw/safeoutputs/tools.json - GH_AW_WORKFLOW_ID_SANITIZED: dailyworkflowsync outputs: checkout_pr_success: ${{ steps.checkout-pr.outputs.checkout_pr_success || 'true' }} has_patch: ${{ steps.collect_output.outputs.has_patch }} @@ -86,7 +85,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Create gh-aw temp directory @@ -137,8 +136,8 @@ jobs: engine_name: "GitHub Copilot CLI", model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", - agent_version: "0.0.410", - cli_version: "v0.44.0", + agent_version: "0.0.409", + cli_version: "v0.43.22", workflow_name: "Daily Workflow Sync from github/gh-aw", experimental: false, supports_tools_allowlist: true, @@ -154,8 +153,8 @@ jobs: staged: false, allowed_domains: ["node","github"], firewall_enabled: true, - awf_version: "v0.18.0", - awmg_version: "v0.1.4", + awf_version: "v0.16.4", + awmg_version: "", steps: { firewall: "squid" }, @@ -176,9 +175,9 @@ jobs: env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI - run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.410 + run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.409 - name: Install awf binary - run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.18.0 + run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.4 - name: Determine automatic lockdown mode for GitHub MCP server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -190,7 +189,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.18.0 ghcr.io/github/gh-aw-firewall/squid:0.18.0 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.16.4 ghcr.io/github/gh-aw-firewall/squid:0.16.4 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -693,7 +692,7 @@ jobs: timeout-minutes: 30 run: | set -o pipefail - sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,*.jsr.io,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,bun.sh,codeload.github.com,deb.nodesource.com,deno.land,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,jsr.io,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,skimdb.npmjs.com,telemetry.enterprise.githubcopilot.com,www.npmjs.com,www.npmjs.org,yarnpkg.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.18.0 --skip-pull \ + sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,*.jsr.io,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,bun.sh,codeload.github.com,deb.nodesource.com,deno.land,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,jsr.io,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,skimdb.npmjs.com,telemetry.enterprise.githubcopilot.com,www.npmjs.com,www.npmjs.org,yarnpkg.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.16.4 --skip-pull \ -- '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --allow-all-paths --share /tmp/gh-aw/sandbox/agent/logs/conversation.md --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"}' \ 2>&1 | tee /tmp/gh-aw/agent-stdio.log env: @@ -769,7 +768,6 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - if: always() uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} @@ -852,7 +850,7 @@ jobs: if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: - contents: write + contents: read discussions: write issues: write pull-requests: write @@ -862,7 +860,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -983,7 +981,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1025,7 +1023,7 @@ jobs: env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI - run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.410 + run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.409 - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1096,7 +1094,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/maintainer.lock.yml b/.github/workflows/maintainer.lock.yml index c7b895f..ec208df 100644 --- a/.github/workflows/maintainer.lock.yml +++ b/.github/workflows/maintainer.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw (v0.44.0). DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.43.22). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -79,7 +79,6 @@ jobs: GH_AW_SAFE_OUTPUTS: /opt/gh-aw/safeoutputs/outputs.jsonl GH_AW_SAFE_OUTPUTS_CONFIG_PATH: /opt/gh-aw/safeoutputs/config.json GH_AW_SAFE_OUTPUTS_TOOLS_PATH: /opt/gh-aw/safeoutputs/tools.json - GH_AW_WORKFLOW_ID_SANITIZED: maintainer outputs: checkout_pr_success: ${{ steps.checkout-pr.outputs.checkout_pr_success || 'true' }} has_patch: ${{ steps.collect_output.outputs.has_patch }} @@ -89,7 +88,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Create gh-aw temp directory @@ -143,8 +142,8 @@ jobs: engine_name: "Claude Code", model: process.env.GH_AW_MODEL_AGENT_CLAUDE || "", version: "", - agent_version: "2.1.42", - cli_version: "v0.44.0", + agent_version: "2.1.39", + cli_version: "v0.43.22", workflow_name: "Agentic Workflow Maintainer", experimental: false, supports_tools_allowlist: true, @@ -160,8 +159,8 @@ jobs: staged: false, allowed_domains: ["defaults"], firewall_enabled: true, - awf_version: "v0.18.0", - awmg_version: "v0.1.4", + awf_version: "v0.16.4", + awmg_version: "", steps: { firewall: "squid" }, @@ -188,9 +187,9 @@ jobs: node-version: '24' package-manager-cache: false - name: Install awf binary - run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.18.0 + run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.16.4 - name: Install Claude Code CLI - run: npm install -g --silent @anthropic-ai/claude-code@2.1.42 + run: npm install -g --silent @anthropic-ai/claude-code@2.1.39 - name: Determine automatic lockdown mode for GitHub MCP server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -202,7 +201,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.18.0 ghcr.io/github/gh-aw-firewall/api-proxy:0.18.0 ghcr.io/github/gh-aw-firewall/squid:0.18.0 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.16.4 ghcr.io/github/gh-aw-firewall/squid:0.16.4 ghcr.io/github/gh-aw-mcpg:v0.1.4 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -765,7 +764,7 @@ jobs: timeout-minutes: 30 run: | set -o pipefail - sudo -E awf --tty --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.18.0 --skip-pull --enable-api-proxy \ + sudo -E awf --tty --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.16.4 --skip-pull \ -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && claude --print --disable-slash-commands --no-chrome --mcp-config /tmp/gh-aw/mcp-config/mcp-servers.json --allowed-tools Bash,BashOutput,Edit,ExitPlanMode,Glob,Grep,KillBash,LS,MultiEdit,NotebookEdit,NotebookRead,Read,Task,TodoWrite,Write,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_job_logs,mcp__github__get_label,mcp__github__get_latest_release,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_review_comments,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_release_by_tag,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__issue_read,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issue_types,mcp__github__list_issues,mcp__github__list_label,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_releases,mcp__github__list_secret_scanning_alerts,mcp__github__list_starred_repositories,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__pull_request_read,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users --debug-file /tmp/gh-aw/agent-stdio.log --verbose --permission-mode bypassPermissions --output-format stream-json "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_CLAUDE:+ --model "$GH_AW_MODEL_AGENT_CLAUDE"}' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} @@ -827,7 +826,6 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - if: always() uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} @@ -902,7 +900,8 @@ jobs: if: (always()) && (needs.agent.result != 'skipped') runs-on: ubuntu-slim permissions: - contents: write + contents: read + discussions: write issues: write pull-requests: write outputs: @@ -911,7 +910,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1032,7 +1031,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1080,7 +1079,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Claude Code CLI - run: npm install -g --silent @anthropic-ai/claude-code@2.1.42 + run: npm install -g --silent @anthropic-ai/claude-code@2.1.39 - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): @@ -1142,7 +1141,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1181,7 +1180,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.44.0 + uses: github/gh-aw/actions/setup@fe858c3e14589bf396594a0b106e634d9065823e # v0.43.22 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/workflows/daily-doc-updater.md b/workflows/daily-doc-updater.md index 1599ff6..c8a6346 100644 --- a/workflows/daily-doc-updater.md +++ b/workflows/daily-doc-updater.md @@ -22,8 +22,6 @@ tools: timeout-minutes: 30 -category: maintenance - safe-outputs: create-pull-request: expires: 2d