Skip to content

Fix create_pull_request in safe-outputs container by installing git #11116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 3 commits into from
Closed

Fix create_pull_request in safe-outputs container by installing git #11116

Copilot wants to merge 3 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 21, 2026
edited
Loading

The safe-outputs MCP server runs in node:lts-alpine which lacks git. The create_pull_request tool fails when generating patches because git commands cannot execute in the container.

Changes

  • New shell wrapper (actions/setup/sh/start_safe_outputs_mcp.sh):

    • Installs git via apk add --no-cache git
    • Configures git user identity (github-actions[bot])
    • Marks $GITHUB_WORKSPACE as safe directory
    • Execs MCP server

  • Updated MCP configuration (pkg/workflow/mcp-config-builtin.go):

    • Changed container entrypoint: nodesh
    • Updated entrypointArgs to invoke shell wrapper
    • Applied to both JSON (Claude/Custom) and TOML (Codex) formats

  • Recompiled workflows (133 files):

    • All safe-outputs MCP server configs now use shell wrapper

  • Updated smoke-copilot workflow to test the fix:

    • Added create-pull-request safe-output configuration
    • Added test requirement to create poem file in poems/ directory and generate PR
    • Created poems/ directory structure for automated test outputs
    • Validates that create-pull-request works correctly with git in container

Example

Before:

"safeoutputs": {
  "container": "node:lts-alpine",
  "entrypoint": "node",
  "entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"]
}

After:

"safeoutputs": {
  "container": "node:lts-alpine",
  "entrypoint": "sh",
  "entrypointArgs": ["/opt/gh-aw/actions/start_safe_outputs_mcp.sh"]
}

The wrapper ensures git is available and properly configured before the MCP server processes create_pull_request requests. The smoke-copilot workflow now validates this functionality by creating test pull requests with poem files.

Original prompt

This section details on the original issue you should resolve

<issue_title>safe-output create-pull-request is failing</issue_title>
<issue_description>Since we moved safe-outputs in its own container, it fails to invoke git properly to generate the patch that create-pull-request uses. We need to make sure that the safe-outputs has the user workspace mounted, git is properly configured in the container.</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@mnkiefer
Add git configuration for safe-outputs container
a6dfd8b 
- Created start_safe_outputs_mcp.sh shell script that:
  - Installs git in the Alpine container
  - Configures git user email and name
  - Marks workspace as safe directory
  - Starts the MCP server
- Updated mcp-config-builtin.go to use shell entrypoint
- Applied changes to both JSON and TOML MCP configs
- Recompiled all workflows with new configuration

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix safe-outputs container git configuration issue Fix create_pull_request in safe-outputs container by installing git Jan 21, 2026
Copilot AI requested a review from mnkiefer January 21, 2026 23:15
@pelikhan
Copy link
Contributor

pelikhan commented Jan 21, 2026

@copilot update smoke-copilot to create a pull request with a new poem under "poems/*.md"

@pelikhan
Update smoke-copilot to create pull request with poem
d035824 
- Added create-pull-request safe-output configuration
- Added test requirement to create poem file and PR
- Created poems/ directory with README
- Updated allowed labels to include 'automated-poem'
- Added instructions for creating PR with poem content

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 21, 2026

@copilot update smoke-copilot to create a pull request with a new poem under "poems/*.md"

Updated smoke-copilot workflow to test create-pull-request functionality by creating a poem in poems/smoke-test-{run_id}.md. The workflow now:

  • Creates a new test requirement (add cli flag to guard dropping a agentic workflow instructinos file #6) to generate a creative poem about GitHub Actions
  • Commits the poem file
  • Creates a pull request with the poem content
  • Added safe-output configuration for create-pull-request with labels [smoke-copilot, automated-poem]
  • Created the poems/ directory structure

Changes in commit d035824.

Copilot AI requested a review from pelikhan January 21, 2026 23:28
@pelikhan pelikhan closed this Jan 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mnkiefer mnkiefer Awaiting requested review from mnkiefer

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@mnkiefer mnkiefer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

safe-output create-pull-request is failing

3 participants

@pelikhan @mnkiefer