diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index 3bce000132..a66ce6fb09 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -46,7 +46,7 @@ jobs: issues: write steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions @@ -144,7 +144,7 @@ jobs: contents: read steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index 4acfd42ee5..cba895e196 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -19,13 +19,13 @@ # gh aw compile # For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # -# Daily analysis of the default Ubuntu Actions runner image and guidance for creating Docker mimics +# Weekly analysis of the default Ubuntu Actions runner image and guidance for creating Docker mimics name: "Ubuntu Actions Image Analyzer" "on": schedule: - - cron: "21 15 * * *" - # Friendly format: daily (scattered) + - cron: "21 15 * * 0" + # Friendly format: weekly (scattered) # skip-if-match: is:pr is:open in:title "[ubuntu-image]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions @@ -95,7 +95,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions @@ -105,7 +105,7 @@ jobs: with: destination: /opt/gh-aw/actions - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false - name: Create gh-aw temp directory @@ -547,13 +547,13 @@ jobs: ## Mission - Analyze the software, tools, and configurations available in the default GitHub Actions Ubuntu runner image by discovering the runner image documentation URL from recent workflow logs, then create or update `specs/ubuntulatest.md` with comprehensive analysis and guidance. + Analyze the software, tools, and configurations available in the default GitHub Actions Ubuntu runner image by discovering the runner image documentation URL from recent workflow logs, then create or update `research/ubuntulatest.md` with comprehensive analysis and guidance. ## Current Context - **Repository**: __GH_AW_GITHUB_REPOSITORY__ - **Run Date**: $(date +%Y-%m-%d) - - **Target File**: `specs/ubuntulatest.md` + - **Target File**: `research/ubuntulatest.md` ## Tools Usage Guide @@ -699,9 +699,9 @@ jobs: - Key environment variables set by default - Paths and configuration locations - ### 4. Create or Update specs/ubuntulatest.md + ### 4. Create or Update research/ubuntulatest.md - Create or update the file `specs/ubuntulatest.md` with the following structure: + Create or update the file `research/ubuntulatest.md` with the following structure: ```markdown # Ubuntu Actions Runner Image Analysis @@ -918,7 +918,7 @@ jobs: ### 5. Create Pull Request - **CRITICAL**: After creating or updating `specs/ubuntulatest.md`, you MUST use the safe-outputs tool to create a pull request. + **CRITICAL**: After creating or updating `research/ubuntulatest.md`, you MUST use the safe-outputs tool to create a pull request. **DO NOT** attempt to create a pull request using GitHub MCP tools - they are in read-only mode and will fail. @@ -1042,7 +1042,7 @@ jobs: # Copilot CLI tool arguments (sorted): # --allow-tool github # --allow-tool safeoutputs - # --allow-tool shell(cat specs/ubuntulatest.md) + # --allow-tool shell(cat research/ubuntulatest.md) # --allow-tool shell(cat) # --allow-tool shell(date) # --allow-tool shell(echo) @@ -1069,7 +1069,7 @@ jobs: run: | set -o pipefail sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount /tmp:/tmp:rw --mount "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw" --mount /usr/bin/date:/usr/bin/date:ro --mount /usr/bin/gh:/usr/bin/gh:ro --mount /usr/bin/yq:/usr/bin/yq:ro --mount /usr/local/bin/copilot:/usr/local/bin/copilot:ro --mount /home/runner/.copilot:/home/runner/.copilot:rw --mount /opt/gh-aw:/opt/gh-aw:ro --allow-domains '*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.10.0 \ - -- /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-tool github --allow-tool safeoutputs --allow-tool 'shell(cat specs/ubuntulatest.md)' --allow-tool 'shell(cat)' --allow-tool 'shell(date)' --allow-tool 'shell(echo)' --allow-tool 'shell(find .github/workflows -name '\''*.lock.yml'\'' -type f)' --allow-tool 'shell(git add:*)' --allow-tool 'shell(git branch:*)' --allow-tool 'shell(git checkout:*)' --allow-tool 'shell(git commit:*)' --allow-tool 'shell(git merge:*)' --allow-tool 'shell(git rm:*)' --allow-tool 'shell(git status)' --allow-tool 'shell(git switch:*)' --allow-tool 'shell(grep)' --allow-tool 'shell(head)' --allow-tool 'shell(ls)' --allow-tool 'shell(pwd)' --allow-tool 'shell(sort)' --allow-tool 'shell(tail)' --allow-tool 'shell(uniq)' --allow-tool 'shell(wc)' --allow-tool 'shell(yq)' --allow-tool write --allow-all-paths --share /tmp/gh-aw/sandbox/agent/logs/conversation.md --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} \ + -- /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-tool github --allow-tool safeoutputs --allow-tool 'shell(cat research/ubuntulatest.md)' --allow-tool 'shell(cat)' --allow-tool 'shell(date)' --allow-tool 'shell(echo)' --allow-tool 'shell(find .github/workflows -name '\''*.lock.yml'\'' -type f)' --allow-tool 'shell(git add:*)' --allow-tool 'shell(git branch:*)' --allow-tool 'shell(git checkout:*)' --allow-tool 'shell(git commit:*)' --allow-tool 'shell(git merge:*)' --allow-tool 'shell(git rm:*)' --allow-tool 'shell(git status)' --allow-tool 'shell(git switch:*)' --allow-tool 'shell(grep)' --allow-tool 'shell(head)' --allow-tool 'shell(ls)' --allow-tool 'shell(pwd)' --allow-tool 'shell(sort)' --allow-tool 'shell(tail)' --allow-tool 'shell(uniq)' --allow-tool 'shell(wc)' --allow-tool 'shell(yq)' --allow-tool write --allow-all-paths --share /tmp/gh-aw/sandbox/agent/logs/conversation.md --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} \ 2>&1 | tee /tmp/gh-aw/agent-stdio.log env: COPILOT_AGENT_RUNNER_TYPE: STANDALONE @@ -1224,7 +1224,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions @@ -1246,7 +1246,7 @@ jobs: echo "Agent Conclusion: $AGENT_CONCLUSION" - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent-output path: /tmp/gh-aw/safeoutputs/ @@ -1349,7 +1349,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions @@ -1360,13 +1360,13 @@ jobs: destination: /opt/gh-aw/actions - name: Download agent artifacts continue-on-error: true - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent-artifacts path: /tmp/gh-aw/threat-detection/ - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent-output path: /tmp/gh-aw/threat-detection/ @@ -1379,7 +1379,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Ubuntu Actions Image Analyzer" - WORKFLOW_DESCRIPTION: "Daily analysis of the default Ubuntu Actions runner image and guidance for creating Docker mimics" + WORKFLOW_DESCRIPTION: "Weekly analysis of the default Ubuntu Actions runner image and guidance for creating Docker mimics" HAS_PATCH: ${{ needs.agent.outputs.has_patch }} with: script: | @@ -1494,7 +1494,7 @@ jobs: activated: ${{ (steps.check_membership.outputs.is_team_member == 'true') && (steps.check_skip_if_match.outputs.skip_check_ok == 'true') }} steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions @@ -1551,7 +1551,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Checkout actions folder - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: sparse-checkout: | actions @@ -1562,7 +1562,7 @@ jobs: destination: /opt/gh-aw/actions - name: Download agent output artifact continue-on-error: true - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent-output path: /tmp/gh-aw/safeoutputs/ @@ -1573,13 +1573,13 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Download patch artifact continue-on-error: true - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: agent-artifacts path: /tmp/gh-aw/ - name: Checkout repository if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: token: ${{ github.token }} persist-credentials: false diff --git a/.github/workflows/ubuntu-image-analyzer.md b/.github/workflows/ubuntu-image-analyzer.md index 1c2a30fac2..0eae99c86e 100644 --- a/.github/workflows/ubuntu-image-analyzer.md +++ b/.github/workflows/ubuntu-image-analyzer.md @@ -1,8 +1,8 @@ --- name: Ubuntu Actions Image Analyzer -description: Daily analysis of the default Ubuntu Actions runner image and guidance for creating Docker mimics +description: Weekly analysis of the default Ubuntu Actions runner image and guidance for creating Docker mimics on: - schedule: daily + schedule: weekly workflow_dispatch: skip-if-match: 'is:pr is:open in:title "[ubuntu-image]"' @@ -27,7 +27,7 @@ tools: edit: bash: - "find .github/workflows -name '*.lock.yml' -type f" - - "cat specs/ubuntulatest.md" + - "cat research/ubuntulatest.md" safe-outputs: create-pull-request: @@ -45,13 +45,13 @@ You are an AI agent that analyzes the default Ubuntu Actions runner image and ma ## Mission -Analyze the software, tools, and configurations available in the default GitHub Actions Ubuntu runner image by discovering the runner image documentation URL from recent workflow logs, then create or update `specs/ubuntulatest.md` with comprehensive analysis and guidance. +Analyze the software, tools, and configurations available in the default GitHub Actions Ubuntu runner image by discovering the runner image documentation URL from recent workflow logs, then create or update `research/ubuntulatest.md` with comprehensive analysis and guidance. ## Current Context - **Repository**: ${{ github.repository }} - **Run Date**: $(date +%Y-%m-%d) -- **Target File**: `specs/ubuntulatest.md` +- **Target File**: `research/ubuntulatest.md` ## Tools Usage Guide @@ -197,9 +197,9 @@ Analyze the downloaded documentation and identify: - Key environment variables set by default - Paths and configuration locations -### 4. Create or Update specs/ubuntulatest.md +### 4. Create or Update research/ubuntulatest.md -Create or update the file `specs/ubuntulatest.md` with the following structure: +Create or update the file `research/ubuntulatest.md` with the following structure: ```markdown # Ubuntu Actions Runner Image Analysis @@ -416,7 +416,7 @@ Note any aspects that cannot be perfectly replicated: ### 5. Create Pull Request -**CRITICAL**: After creating or updating `specs/ubuntulatest.md`, you MUST use the safe-outputs tool to create a pull request. +**CRITICAL**: After creating or updating `research/ubuntulatest.md`, you MUST use the safe-outputs tool to create a pull request. **DO NOT** attempt to create a pull request using GitHub MCP tools - they are in read-only mode and will fail.