diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 9046460b98..7825906629 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -658,30 +658,32 @@ jobs: **HOW TO CALL THE TOOL:** - The `update_release` tool is an **MCP (Model Context Protocol) tool**, not a bash command or file operation. To call it: + The `update_release` tool is an **MCP (Model Context Protocol) tool**, not a bash command or file operation. - 1. **Use the MCP tool call syntax** - The tool is registered as `update_release` (or `safeoutputs___update_release`) - 2. **DO NOT write JSON files manually** - Writing files like `/tmp/gh-aw/safeoutputs/update_release_001.json` will NOT work - 3. **DO NOT use bash to simulate tool calls** - The tool must be called through the MCP protocol + **✅ CORRECT - Call the MCP tool directly:** - **Example Tool Call:** - - ```javascript - update_release({ - tag: "v0.37.26", - operation: "prepend", - body: "## 🌟 Release Highlights\n\n[Your complete markdown highlights here]" - }) ``` + safeoutputs/update_release( + tag="v0.38.1", + operation="prepend", + body="## 🌟 Release Highlights\n\n[Your complete markdown highlights here]" + ) + ``` + + **❌ INCORRECT - DO NOT:** + - Write JSON files manually (e.g., `/tmp/gh-aw/safeoutputs/update_release_001.json`) + - Use bash to simulate tool calls + - Create scripts that write to outputs.jsonl + - Use any file operations - the MCP tool handles everything **Required Parameters:** - - `tag` - Release tag from `${RELEASE_TAG}` environment variable (e.g., "v0.30.2") + - `tag` - Release tag from `${RELEASE_TAG}` environment variable (e.g., "v0.38.1") - `operation` - Must be `"prepend"` to add before existing notes - `body` - Complete markdown content (include all formatting, emojis, links) - **IMPORTANT**: This is a real tool call through MCP, NOT a bash command or file write operation. The tool will automatically write to the correct output file (`/opt/gh-aw/safeoutputs/outputs.jsonl`). + **IMPORTANT**: The tool is accessed via the MCP gateway as `safeoutputs/update_release`. When you call this tool, the MCP server automatically writes to `/opt/gh-aw/safeoutputs/outputs.jsonl`. - **WARNING**: If you don't call the `update_release` tool properly through MCP, the release notes will NOT be updated! + **WARNING**: If you don't call the MCP tool properly, the release notes will NOT be updated! **Documentation Base URLs:** - User docs: `https://githubnext.github.io/gh-aw/` diff --git a/.github/workflows/release.md b/.github/workflows/release.md index 7928596c78..a7f572b0c5 100644 --- a/.github/workflows/release.md +++ b/.github/workflows/release.md @@ -474,30 +474,32 @@ Dependency updates and internal improvements to keep things running smoothly. **HOW TO CALL THE TOOL:** -The `update_release` tool is an **MCP (Model Context Protocol) tool**, not a bash command or file operation. To call it: +The `update_release` tool is an **MCP (Model Context Protocol) tool**, not a bash command or file operation. -1. **Use the MCP tool call syntax** - The tool is registered as `update_release` (or `safeoutputs___update_release`) -2. **DO NOT write JSON files manually** - Writing files like `/tmp/gh-aw/safeoutputs/update_release_001.json` will NOT work -3. **DO NOT use bash to simulate tool calls** - The tool must be called through the MCP protocol +**✅ CORRECT - Call the MCP tool directly:** -**Example Tool Call:** - -```javascript -update_release({ - tag: "v0.37.26", - operation: "prepend", - body: "## 🌟 Release Highlights\n\n[Your complete markdown highlights here]" -}) ``` +safeoutputs/update_release( + tag="v0.38.1", + operation="prepend", + body="## 🌟 Release Highlights\n\n[Your complete markdown highlights here]" +) +``` + +**❌ INCORRECT - DO NOT:** +- Write JSON files manually (e.g., `/tmp/gh-aw/safeoutputs/update_release_001.json`) +- Use bash to simulate tool calls +- Create scripts that write to outputs.jsonl +- Use any file operations - the MCP tool handles everything **Required Parameters:** -- `tag` - Release tag from `${RELEASE_TAG}` environment variable (e.g., "v0.30.2") +- `tag` - Release tag from `${RELEASE_TAG}` environment variable (e.g., "v0.38.1") - `operation` - Must be `"prepend"` to add before existing notes - `body` - Complete markdown content (include all formatting, emojis, links) -**IMPORTANT**: This is a real tool call through MCP, NOT a bash command or file write operation. The tool will automatically write to the correct output file (`/opt/gh-aw/safeoutputs/outputs.jsonl`). +**IMPORTANT**: The tool is accessed via the MCP gateway as `safeoutputs/update_release`. When you call this tool, the MCP server automatically writes to `/opt/gh-aw/safeoutputs/outputs.jsonl`. -**WARNING**: If you don't call the `update_release` tool properly through MCP, the release notes will NOT be updated! +**WARNING**: If you don't call the MCP tool properly, the release notes will NOT be updated! **Documentation Base URLs:** - User docs: `https://githubnext.github.io/gh-aw/` diff --git a/pkg/cli/templates/github-agentic-workflows.md b/pkg/cli/templates/github-agentic-workflows.md index 70a786b553..e4cbd22064 100644 --- a/pkg/cli/templates/github-agentic-workflows.md +++ b/pkg/cli/templates/github-agentic-workflows.md @@ -482,6 +482,17 @@ The YAML frontmatter supports these fields: target-repo: "owner/repo" # Optional: cross-repository ``` When using `safe-outputs.close-pull-request`, the main job does **not** need `pull-requests: write` permission since PR closing is handled by a separate job with appropriate permissions. + - `mark-pull-request-as-ready-for-review:` - Mark draft PRs as ready for review + ```yaml + safe-outputs: + mark-pull-request-as-ready-for-review: + max: 1 # Optional: max operations (default: 1) + target: "*" # Optional: "triggering" (default), "*", or number + required-labels: [automated] # Optional: only mark PRs with these labels + required-title-prefix: "[bot]" # Optional: only mark PRs with this prefix + target-repo: "owner/repo" # Optional: cross-repository + ``` + When using `safe-outputs.mark-pull-request-as-ready-for-review`, the main job does **not** need `pull-requests: write` permission since marking as ready is handled by a separate job with appropriate permissions. - `add-labels:` - Safe label addition to issues or PRs ```yaml safe-outputs: @@ -532,6 +543,26 @@ The YAML frontmatter supports these fields: target-repo: "owner/repo" # Optional: cross-repository ``` Links issues as sub-issues using GitHub's parent-child relationships. Agent output includes `parent_issue_number` and `sub_issue_number`. Use with `create-issue` temporary IDs or existing issue numbers. + - `create-project:` - Create GitHub Projects V2 + ```yaml + safe-outputs: + create-project: + max: 1 # Optional: max projects (default: 1) + github-token: ${{ secrets.PROJECTS_PAT }} # Optional: token with projects:write + target-owner: "org-or-user" # Optional: owner for created projects + title-prefix: "[ai] " # Optional: prefix for project titles + ``` + Not supported for cross-repository operations. + - `copy-project:` - Copy GitHub Projects V2 + ```yaml + safe-outputs: + copy-project: + max: 1 # Optional: max copies (default: 1) + github-token: ${{ secrets.PROJECTS_PAT }} # Optional: token with projects:write + source-project: "https://github.com/orgs/myorg/projects/42" # Optional: source project URL + target-owner: "org-or-user" # Optional: owner for copied project + ``` + Not supported for cross-repository operations. - `update-project:` - Manage GitHub Projects boards ```yaml safe-outputs: @@ -551,6 +582,14 @@ The YAML frontmatter supports these fields: {"type": "update_project", "project": "https://github.com/orgs/myorg/projects/42", "content_type": "draft_issue", "draft_title": "Task title", "draft_body": "Task description", "fields": {"Status": "Todo"}} ``` + Not supported for cross-repository operations. + - `create-project-status-update:` - Create GitHub project status updates + ```yaml + safe-outputs: + create-project-status-update: + max: 10 # Optional: max status updates (default: 10) + github-token: ${{ secrets.PROJECTS_PAT }} # Optional: token with projects:write + ``` Not supported for cross-repository operations. - `push-to-pull-request-branch:` - Push changes to PR branch ```yaml @@ -610,6 +649,13 @@ The YAML frontmatter supports these fields: max: 50 # Optional: max findings (default: unlimited) ``` Severity levels: error, warning, info, note. + - `autofix-code-scanning-alert:` - Add autofixes to code scanning alerts + ```yaml + safe-outputs: + autofix-code-scanning-alert: + max: 10 # Optional: max autofixes (default: 10) + ``` + Provides automated fixes for code scanning alerts. - `create-agent-session:` - Create GitHub Copilot agent sessions ```yaml safe-outputs: @@ -663,6 +709,15 @@ The YAML frontmatter supports these fields: missing-tool: ``` The missing-tool safe-output allows agents to report when they need tools or functionality not currently available. This is automatically enabled by default and helps track feature requests from agents. + - `missing-data:` - Report missing data required to complete tasks (auto-enabled) + ```yaml + safe-outputs: + missing-data: + create-issue: true # Optional: create issues for missing data (default: true) + title-prefix: "[missing data]" # Optional: prefix for issue titles + labels: [data-request] # Optional: labels for created issues + ``` + The missing-data safe-output allows agents to report when required data or information is unavailable. This is automatically enabled by default. When `create-issue` is true, missing data reports create or update GitHub issues for tracking. **Global Safe Output Configuration:** - `github-token:` - Custom GitHub token for all safe output jobs