Add CI validation for agent file URLs and enhance lock file checks

[Copilot]

Lock files must be compiled with dev builds (no version in header), and agent documentation URLs must reference main branch for consistency. Missing validation allowed incorrect references to slip through.

Changes

CI Validation Enhancements (.github/workflows/ci.yml):

• Added validation step for agentic-workflows.agent.md URLs - ensures all GitHub blob URLs use /blob/main/ instead of commit hashes or tags
• Enhanced lock file check with empty file list guard

Agent File URL Updates (.github/agents/agentic-workflows.agent.md):

• Updated 9 GitHub URLs from blob/v0.45.0-33-g6615116d61/ to blob/main/
• Ensures agent always references latest documentation

Example of URL validation check:

INVALID_URLS=$(grep -n 'https://github.com/github/gh-aw/blob/' "$AGENT_FILE" | grep -v '/blob/main/' || true)
if [ -n "$INVALID_URLS" ]; then
  echo "❌ ERROR: Found URLs not using 'main' branch"
  exit 1
fi

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/setup-go/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v6 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha (http block)
• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login ath ../../../.pr.prettierignore (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR enhances CI validation to enforce consistency in agent file documentation references and improves robustness of lock file validation. The changes prevent incorrect URL references (using specific versions/commits instead of main branch) from being committed to the repository.

Changes:

• Added CI validation step to ensure all GitHub blob URLs in agentic-workflows.agent.md use /blob/main/ instead of commit hashes or version tags
• Added empty file list guard to lock file validation for better error handling
• Updated 9 GitHub URLs in the agent file from version-specific references to main branch references

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The comment incorrectly states "Uses negative lookahead to exclude 'main'". The implementation uses grep -v (inverted match) to exclude lines containing /blob/main/, not a regex negative lookahead pattern. Consider updating the comment to accurately reflect the implementation, such as: "Uses grep -v to exclude lines containing '/blob/main/'".

Suggested change

	# Uses negative lookahead to exclude 'main'
	# Uses grep -v to exclude lines containing '/blob/main/'

[mohamedbouddi7777-dev]

Ok في الاثنين، ١٦ فبراير ٢٠٢٦، ٢٢:٤٢ Copilot ***@***.***> كتب:

…

***@***.**** commented on this pull request. Pull request overview This PR enhances CI validation to enforce consistency in agent file documentation references and improves robustness of lock file validation. The changes prevent incorrect URL references (using specific versions/commits instead of main branch) from being committed to the repository. *Changes:* - Added CI validation step to ensure all GitHub blob URLs in agentic-workflows.agent.md use /blob/main/ instead of commit hashes or version tags - Added empty file list guard to lock file validation for better error handling - Updated 9 GitHub URLs in the agent file from version-specific references to main branch references ------------------------------ 💡 Add Copilot custom instructions <http:///github/gh-aw/new/main/.github/instructions?filename=*.instructions.md> for smarter, more guided reviews. Learn how to get started <https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot> . ------------------------------ In .github/workflows/ci.yml <#16232 (comment)>: > @@ -680,6 +685,43 @@ jobs: echo "✅ All lock files compiled with development build (no version in header)" + - name: Check agent file URLs use main branch + run: | + echo "🔍 Checking .github/agents/agentic-workflows.agent.md for correct branch URLs..." + + AGENT_FILE=".github/agents/agentic-workflows.agent.md" + + if [ ! -f "$AGENT_FILE" ]; then + echo "⚠️ WARNING: $AGENT_FILE not found, skipping check" + exit 0 + fi + + # Check for URLs that don't use 'main' branch + # Pattern matches: https://github.com/github/gh-aw/blob/{anything-except-main}/ + # Uses negative lookahead to exclude 'main' The comment incorrectly states "Uses negative lookahead to exclude 'main'". The implementation uses grep -v (inverted match) to exclude lines containing /blob/main/, not a regex negative lookahead pattern. Consider updating the comment to accurately reflect the implementation, such as: "Uses grep -v to exclude lines containing '/blob/main/'". ⬇️ Suggested change - # Uses negative lookahead to exclude 'main' + # Uses grep -v to exclude lines containing '/blob/main/' — Reply to this email directly, view it on GitHub <#16232 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/B2DFN3TDOL2JV4E37HTHLZT4MJBUXAVCNFSM6AAAAACVKVMOW6VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTQMJQG44DQNJRGM> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>