diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index 0eda0e55a4..6b3d56ac62 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -70,12 +70,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -105,15 +102,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/archie.md b/.github/workflows/archie.md index fd03bc70c3..d1e6a8556f 100644 --- a/.github/workflows/archie.md +++ b/.github/workflows/archie.md @@ -42,7 +42,7 @@ You are **Archie**, a specialized AI agent that analyzes issue and pull request ## Current Context - **Repository**: ${{ github.repository }} -- **Triggering Content**: "${{ needs.activation.outputs.text }}" +- **Triggering Content**: "${{ steps.sanitized.outputs.text }}" - **Issue/PR Number**: ${{ github.event.issue.number || github.event.pull_request.number }} - **Triggered by**: @${{ github.actor }} @@ -192,7 +192,7 @@ Create a well-formatted comment containing your diagrams: ### Security -- **Sanitized Input**: The triggering content is pre-sanitized via `needs.activation.outputs.text` +- **Sanitized Input**: The triggering content is pre-sanitized via `steps.sanitized.outputs.text` - **Read-Only**: You have read-only permissions; writing is handled by safe-outputs - **Validation**: Always validate Mermaid syntax before posting diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 62e3be5a7e..6a7a6d1d67 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -57,12 +57,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -92,15 +89,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/brave.md b/.github/workflows/brave.md index 00abb21ddf..4e66ad5c0b 100644 --- a/.github/workflows/brave.md +++ b/.github/workflows/brave.md @@ -41,7 +41,7 @@ When invoked with the `/brave` command in an issue or pull request comment, you ## Current Context - **Repository**: ${{ github.repository }} -- **Triggering Content**: "${{ needs.activation.outputs.text }}" +- **Triggering Content**: "${{ steps.sanitized.outputs.text }}" - **Issue/PR Number**: ${{ github.event.issue.number || github.event.pull_request.number }} - **Triggered by**: @${{ github.actor }} diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 47ec210d0f..38cd658c2f 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -65,11 +65,8 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -99,15 +96,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/changeset.md b/.github/workflows/changeset.md index 9ac622ef24..224875dcc9 100644 --- a/.github/workflows/changeset.md +++ b/.github/workflows/changeset.md @@ -53,7 +53,7 @@ When a pull request is marked as ready for review, analyze the changes and creat - **Repository**: ${{ github.repository }} - **Pull Request Number**: ${{ github.event.pull_request.number }} -- **Pull Request Content**: "${{ needs.activation.outputs.text }}" +- **Pull Request Content**: "${{ steps.sanitized.outputs.text }}" **IMPORTANT - Token Optimization**: The pull request content above is already sanitized and available. DO NOT use `pull_request_read` or similar GitHub API tools to fetch PR details - you already have everything you need in the context above. Using API tools wastes 40k+ tokens per call. diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 938527aeea..2cfb6649ba 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -93,12 +93,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -128,15 +125,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/cloclo.md b/.github/workflows/cloclo.md index 19707c33f9..88c7dab39d 100644 --- a/.github/workflows/cloclo.md +++ b/.github/workflows/cloclo.md @@ -63,7 +63,7 @@ This workflow is triggered when: - **Content**: ``` -${{ needs.activation.outputs.text }} +${{ steps.sanitized.outputs.text }} ``` {{#if github.event.issue.number}} diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index af6b5d7344..ef21031e94 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -57,12 +57,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -92,15 +89,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/craft.md b/.github/workflows/craft.md index 324b8b6910..651cba9cb6 100644 --- a/.github/workflows/craft.md +++ b/.github/workflows/craft.md @@ -44,7 +44,7 @@ You are an expert workflow designer for GitHub Agentic Workflows. Your task is t - **Issue/Comment**: ${{ github.event.issue.number }} - **Request**: - + ## Your Mission @@ -91,7 +91,7 @@ Create a workflow that includes: **Markdown Content:** - Clear title describing the workflow's purpose - Mission statement explaining what the AI should do -- Context section with allowed GitHub expressions (see documentation for allowed expressions like `${{ github.repository }}`, `${{ github.event.issue.number }}`, and `${{ needs.activation.outputs.text }}`) +- Context section with allowed GitHub expressions (see documentation for allowed expressions like `${{ github.repository }}`, `${{ github.event.issue.number }}`, and `${{ steps.sanitized.outputs.text }}`) - Step-by-step instructions for the AI agent - Guidelines and constraints - Output format specifications @@ -149,7 +149,7 @@ Add a comment to the issue with: - **Repository-agnostic**: Don't hardcode repository-specific details ### Security -- **Use sanitized context**: Prefer `${{ needs.activation.outputs.text }}` over raw event fields +- **Use sanitized context**: Prefer `${{ steps.sanitized.outputs.text }}` over raw event fields - **Validate inputs**: Check that user requests are reasonable and safe - **Minimal tools**: Only enable tools that are actually used @@ -249,7 +249,7 @@ Clear statement of the workflow's purpose. - **Repository**: ${{ github.repository }} - **Issue**: ${{ github.event.issue.number }} -- **Content**: "${{ needs.activation.outputs.text }}" +- **Content**: "${{ steps.sanitized.outputs.text }}" ## Instructions @@ -274,7 +274,7 @@ Clear statement of the workflow's purpose. ## Begin Workflow Creation -Now analyze the user's request: "${{ needs.activation.outputs.text }}" +Now analyze the user's request: "${{ steps.sanitized.outputs.text }}" 1. Load the documentation 2. Analyze the request diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index f0eadfd1ec..8ec4175627 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -61,12 +61,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -96,15 +93,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/grumpy-reviewer.md b/.github/workflows/grumpy-reviewer.md index f64295bf67..c8fe02b5de 100644 --- a/.github/workflows/grumpy-reviewer.md +++ b/.github/workflows/grumpy-reviewer.md @@ -46,7 +46,7 @@ You are a grumpy senior developer with 40+ years of experience who has been relu - **Repository**: ${{ github.repository }} - **Pull Request**: #${{ github.event.issue.number }} -- **Comment**: "${{ needs.activation.outputs.text }}" +- **Comment**: "${{ steps.sanitized.outputs.text }}" ## Your Mission diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml index fe7f38a728..43bdbb9ce8 100644 --- a/.github/workflows/issue-classifier.lock.yml +++ b/.github/workflows/issue-classifier.lock.yml @@ -54,11 +54,8 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -88,15 +85,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/issue-classifier.md b/.github/workflows/issue-classifier.md index 7ea371ab6a..66dd8e5eb3 100644 --- a/.github/workflows/issue-classifier.md +++ b/.github/workflows/issue-classifier.md @@ -30,7 +30,7 @@ You are an issue classification assistant. Your task is to analyze newly created - **Repository**: ${{ github.repository }} - **Issue Content**: ``` - ${{ needs.activation.outputs.text }} + ${{ steps.sanitized.outputs.text }} ``` ## Classification Guidelines diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 55fce34903..84c0cf66be 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -76,12 +76,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -111,15 +108,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/pdf-summary.md b/.github/workflows/pdf-summary.md index 6bfcecd620..2d6b9ccc41 100644 --- a/.github/workflows/pdf-summary.md +++ b/.github/workflows/pdf-summary.md @@ -66,7 +66,7 @@ When invoked with the `/summarize` command or triggered via workflow_dispatch, y - **Repository**: ${{ github.repository }} - **Triggered by**: @${{ github.actor }} -- **Triggering Content**: "${{ needs.activation.outputs.text }}" +- **Triggering Content**: "${{ steps.sanitized.outputs.text }}" - **Issue/PR Number**: ${{ github.event.issue.number || github.event.pull_request.number }} - **Workflow Dispatch URL**: ${{ github.event.inputs.url }} - **Workflow Dispatch Query**: ${{ github.event.inputs.query }} diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index f1f8db756d..6e2f0bfc8c 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -61,12 +61,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -96,15 +93,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/plan.md b/.github/workflows/plan.md index 88cd3f526a..967e4ba91e 100644 --- a/.github/workflows/plan.md +++ b/.github/workflows/plan.md @@ -41,7 +41,7 @@ You are an expert planning assistant for GitHub Copilot agents. Your task is to - **Comment Content**: -${{ needs.activation.outputs.text }} +${{ steps.sanitized.outputs.text }} ## Your Mission diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 1069a25c80..c8bd099bf8 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -65,12 +65,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -100,15 +97,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/poem-bot.md b/.github/workflows/poem-bot.md index 821d19a4aa..12e06dd9bb 100644 --- a/.github/workflows/poem-bot.md +++ b/.github/workflows/poem-bot.md @@ -157,7 +157,7 @@ You are the **Poem Bot**, a creative AI agent that creates original poetry about - **Repository**: ${{ github.repository }} - **Actor**: ${{ github.actor }} - **Theme**: ${{ github.event.inputs.poem_theme }} -- **Content**: "${{ needs.activation.outputs.text }}" +- **Content**: "${{ steps.sanitized.outputs.text }}" ## Your Mission diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 2df04e4b7a..5867549b23 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -85,12 +85,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -120,15 +117,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/q.md b/.github/workflows/q.md index 45fcaaad15..9b7ff94331 100644 --- a/.github/workflows/q.md +++ b/.github/workflows/q.md @@ -63,7 +63,7 @@ When invoked with the `/q` command in an issue or pull request comment, analyze ## Current Context - **Repository**: ${{ github.repository }} -- **Triggering Content**: "${{ needs.activation.outputs.text }}" +- **Triggering Content**: "${{ steps.sanitized.outputs.text }}" - **Issue/PR Number**: ${{ github.event.issue.number || github.event.pull_request.number }} - **Triggered by**: @${{ github.actor }} @@ -290,7 +290,7 @@ Create a pull request with your improvements using the safe-outputs MCP server: ### Security and Safety - **Never execute untrusted code** from workflow logs or external sources - **Validate all data** before using it in analysis or modifications -- **Use sanitized context** from `needs.activation.outputs.text` +- **Use sanitized context** from `steps.sanitized.outputs.text` - **Check file permissions** before writing changes ### Change Quality diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 0adf3226ac..4d8a2c0cfb 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -101,12 +101,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -136,15 +133,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/scout.md b/.github/workflows/scout.md index e1e113cf4c..d3cc70e3af 100644 --- a/.github/workflows/scout.md +++ b/.github/workflows/scout.md @@ -57,7 +57,7 @@ When invoked with the `/scout` command in an issue or pull request comment, OR m ## Current Context - **Repository**: ${{ github.repository }} -- **Triggering Content**: "${{ needs.activation.outputs.text }}" +- **Triggering Content**: "${{ steps.sanitized.outputs.text }}" - **Research Topic** (if workflow_dispatch): "${{ github.event.inputs.topic }}" - **Issue/PR Number**: ${{ github.event.issue.number || github.event.pull_request.number }} - **Triggered by**: @${{ github.actor }} diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index d3f8131029..7c933f56c9 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -61,12 +61,9 @@ jobs: issues: write pull-requests: write outputs: - body: ${{ steps.sanitized.outputs.body }} comment_id: "" comment_repo: "" slash_command: ${{ needs.pre_activation.outputs.matched_command }} - text: ${{ steps.sanitized.outputs.text }} - title: ${{ steps.sanitized.outputs.title }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -96,15 +93,6 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/check_workflow_timestamp_api.cjs'); await main(); - - name: Compute current body text - id: sanitized - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 - with: - script: | - const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io); - const { main } = require('/opt/gh-aw/actions/compute_text.cjs'); - await main(); - name: Create prompt with built-in context env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/security-review.md b/.github/workflows/security-review.md index 898cdbfda5..67229712d1 100644 --- a/.github/workflows/security-review.md +++ b/.github/workflows/security-review.md @@ -50,7 +50,7 @@ Carefully review pull request changes to identify any modifications that could: - **Repository**: ${{ github.repository }} - **Pull Request**: #${{ github.event.issue.number }} -- **Comment**: "${{ needs.activation.outputs.text }}" +- **Comment**: "${{ steps.sanitized.outputs.text }}" ## Security Review Areas diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 55d4e5d322..dcd0ace4f1 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -30,7 +30,7 @@ # - shared/python-dataviz.md # - shared/trending-charts-simple.md # -# frontmatter-hash: 12f4125ecf10924e373893abbeacab09140ad4dd035eafa75dd9f435eb626b1e +# frontmatter-hash: 0de1f0aac847f2beec40813bebbfb9838730eb23e30f47920ab7ed3b489cfe3e name: "Stale Repository Identifier" "on": @@ -360,7 +360,7 @@ jobs: ORGANIZATION: ${{ env.ORGANIZATION }} id: stale-repos name: Run stale_repos tool - uses: github/stale-repos@3477b6488008d9411aaf22a0924ec7c1f6a69980 # v3 + uses: github/stale-repos@a21e55567b83cf3c3f3f9085d3038dc6cee02598 # v3.0.2 - env: INACTIVE_REPOS: ${{ steps.stale-repos.outputs.inactiveRepos }} name: Save stale repos output diff --git a/.github/workflows/stale-repo-identifier.md b/.github/workflows/stale-repo-identifier.md index 2c92642ea5..025ccde0f1 100644 --- a/.github/workflows/stale-repo-identifier.md +++ b/.github/workflows/stale-repo-identifier.md @@ -67,7 +67,7 @@ env: steps: - name: Run stale_repos tool id: stale-repos - uses: github/stale-repos@v3 + uses: github/stale-repos@v3.0.2 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ORGANIZATION: ${{ env.ORGANIZATION }} diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 8ca6a4a9b3..b2e0240adb 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -28,7 +28,7 @@ # - shared/mood.md # - shared/reporting.md # -# frontmatter-hash: 2dd754991a7089d3f9a6c9fdf8c91a7f67cb480442cb886a66d1a2db790d44b0 +# frontmatter-hash: 658bec814a532760ef7ef68405abfe89dc1288fedc59b11ae7d0610c8e84f3de name: "Super Linter Report" "on": @@ -1140,7 +1140,7 @@ jobs: persist-credentials: false - name: Super-linter id: super-linter - uses: super-linter/super-linter@2bdd90ed3262e023ac84bf8fe35dc480721fc1f2 # v8.2.1 + uses: super-linter/super-linter@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0 env: CREATE_LOG_FILE: "true" DEFAULT_BRANCH: main diff --git a/.github/workflows/super-linter.md b/.github/workflows/super-linter.md index 93986e868b..b33248e63e 100644 --- a/.github/workflows/super-linter.md +++ b/.github/workflows/super-linter.md @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: Super-linter - uses: super-linter/super-linter@v8.2.1 # x-release-please-version + uses: super-linter/super-linter@v8.5.0 # x-release-please-version id: super-linter env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -184,7 +184,7 @@ docker run --rm \ -e RUN_LOCAL=true \ -e VALIDATE_MARKDOWN=true \ -v $(pwd):/tmp/lint \ - ghcr.io/super-linter/super-linter:slim-v8 + ghcr.io/super-linter/super-linter:slim-v8.5.0 # Run super-linter on specific file types only # For example, to validate only Markdown files: @@ -192,7 +192,7 @@ docker run --rm \ -e RUN_LOCAL=true \ -e VALIDATE_MARKDOWN=true \ -v $(pwd):/tmp/lint \ - ghcr.io/super-linter/super-linter:slim-v8 + ghcr.io/super-linter/super-linter:slim-v8.5.0 ``` **Note**: The Docker command uses the same super-linter configuration as this workflow. Files are mounted from your current directory to `/tmp/lint` in the container.