From 7d0a083ec8d510712fea8c31445064a5fe7e40b7 Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 14 Aug 2025 16:10:54 +0000 Subject: [PATCH 1/2] Add new allowed GitHub Actions context expressions for workflow runs --- docs/workflow-structure.md | 3 +++ pkg/cli/templates/instructions.md | 3 +++ pkg/constants/constants.go | 3 +++ pkg/workflow/expression_safety_test.go | 15 +++++++++++++++ 4 files changed, 24 insertions(+) diff --git a/docs/workflow-structure.md b/docs/workflow-structure.md index 0a892ea44e..c690be3d24 100644 --- a/docs/workflow-structure.md +++ b/docs/workflow-structure.md @@ -135,6 +135,9 @@ The following GitHub Actions context expressions are permitted in workflow markd - `${{ github.event.workflow_run.conclusion }}` - The conclusion of the workflow run that triggered the current workflow - `${{ github.event.workflow_run.html_url }}` - The URL of the workflow run that triggered the current workflow - `${{ github.event.workflow_run.head_sha }}` - The head SHA of the workflow run that triggered the current workflow +- `${{ github.event.workflow_run.run_number }}` - The run number of the workflow run that triggered the current workflow +- `${{ github.event.workflow_run.event }}` - The event that triggered the workflow run that triggered the current workflow +- `${{ github.event.workflow_run.status }}` - The status of the workflow run that triggered the current workflow - `${{ github.actor }}` - The username of the user who triggered the workflow - `${{ github.job }}` - Job ID of the current workflow run - `${{ github.owner }}` - The owner of the repository (user or organization name) diff --git a/pkg/cli/templates/instructions.md b/pkg/cli/templates/instructions.md index c17eb60852..8b01bb7546 100644 --- a/pkg/cli/templates/instructions.md +++ b/pkg/cli/templates/instructions.md @@ -193,6 +193,9 @@ Use GitHub Actions context expressions throughout the workflow content. **Note: - **`${{ github.event.workflow_run.conclusion }}`** - Conclusion of the workflow run - **`${{ github.event.workflow_run.html_url }}`** - URL of the workflow run - **`${{ github.event.workflow_run.head_sha }}`** - Head SHA of the workflow run +- **`${{ github.event.workflow_run.run_number }}`** - Run number of the workflow run +- **`${{ github.event.workflow_run.event }}`** - Event that triggered the workflow run +- **`${{ github.event.workflow_run.status }}`** - Status of the workflow run - **`${{ github.actor }}`** - Username of the person who initiated the workflow - **`${{ github.job }}`** - Job ID of the current workflow run - **`${{ github.owner }}`** - Owner of the repository diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 0f2eaed839..e2a189a6cf 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -35,6 +35,9 @@ var AllowedExpressions = []string{ "github.event.workflow_run.conclusion", "github.event.workflow_run.html_url", "github.event.workflow_run.head_sha", + "github.event.workflow_run.run_number", + "github.event.workflow_run.event", + "github.event.workflow_run.status", "github.actor", "github.job", "github.owner", diff --git a/pkg/workflow/expression_safety_test.go b/pkg/workflow/expression_safety_test.go index bebfb8e754..c87c5f57d5 100644 --- a/pkg/workflow/expression_safety_test.go +++ b/pkg/workflow/expression_safety_test.go @@ -72,6 +72,21 @@ func TestValidateExpressionSafety(t *testing.T) { content: "Head SHA: ${{ github.event.workflow_run.head_sha }}", expectError: false, }, + { + name: "allowed_github_event_workflow_run_run_number", + content: "Run number: ${{ github.event.workflow_run.run_number }}", + expectError: false, + }, + { + name: "allowed_github_event_workflow_run_event", + content: "Triggering event: ${{ github.event.workflow_run.event }}", + expectError: false, + }, + { + name: "allowed_github_event_workflow_run_status", + content: "Run status: ${{ github.event.workflow_run.status }}", + expectError: false, + }, { name: "multiple_allowed_expressions", content: "Workflow: ${{ github.workflow }}, Repository: ${{ github.repository }}, Output: ${{ needs.task.outputs.text }}", From fbf89f53cb2d9f07a1a02c7c469d2e72b882fa61 Mon Sep 17 00:00:00 2001 From: Peli de Halleux Date: Thu, 14 Aug 2025 16:24:00 +0000 Subject: [PATCH 2/2] Fix formatting in the long description of the root command --- cmd/gh-aw/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/gh-aw/main.go b/cmd/gh-aw/main.go index 3324ef31b0..357293ba0b 100644 --- a/cmd/gh-aw/main.go +++ b/cmd/gh-aw/main.go @@ -29,7 +29,7 @@ func validateEngine(engine string) error { var rootCmd = &cobra.Command{ Use: constants.CLIExtensionPrefix, Short: "GitHub Agentic Workflows CLI from GitHub Next", - Long: ` = GitHub Agentic Workflows from GitHub Next + Long: `GitHub Agentic Workflows from GitHub Next A natural language GitHub Action is a markdown file checked into the .github/workflows directory of a repository. The file contains a natural language description of the workflow, which is then compiled into a GitHub Actions workflow file.