diff --git a/.github/aw/runbooks/README.md b/.github/aw/runbooks/README.md new file mode 100644 index 0000000000..ee4b76fce4 --- /dev/null +++ b/.github/aw/runbooks/README.md @@ -0,0 +1,32 @@ +# Agentic Workflow Runbooks + +This directory contains operational runbooks for managing and troubleshooting GitHub Agentic Workflows. + +## Available Runbooks + +- [**Workflow Health Monitoring**](workflow-health.md) - How to investigate and resolve workflow health issues, including missing-tool errors, authentication problems, and configuration failures. + +## Purpose + +Runbooks provide step-by-step procedures for: +- Diagnosing workflow issues +- Resolving common failure patterns +- Applying learnings from incident response +- Maintaining workflow reliability + +## How to Use Runbooks + +1. Identify the type of issue you're experiencing +2. Open the relevant runbook +3. Follow the investigation steps +4. Apply the resolution procedure +5. Verify the fix + +## Contributing + +When creating new runbooks: +- Focus on actionable procedures +- Include real-world examples and case studies +- Document commands and configuration patterns +- Reference related documentation +- Follow the how-to guide format diff --git a/.github/aw/runbooks/workflow-health.md b/.github/aw/runbooks/workflow-health.md new file mode 100644 index 0000000000..e995523f2c --- /dev/null +++ b/.github/aw/runbooks/workflow-health.md @@ -0,0 +1,443 @@ +# Workflow Health Monitoring Runbook + +This runbook documents how to investigate and resolve workflow health issues in GitHub Agentic Workflows, based on learnings from operational incident response. + +## When to Use This Runbook + +Use this runbook when: +- Workflows are failing in scheduled runs +- Missing-tool errors appear in workflow logs +- Authentication or permission errors occur +- Safe-input or safe-output configurations fail + +## Common Workflow Failure Patterns + +### Missing Tool Configurations + +**Symptoms**: +- Error messages containing "missing-tool" or "tool not found" +- Workflow fails when attempting to access GitHub APIs +- Agent cannot perform GitHub operations (read issues, create PRs, etc.) + +**Common Causes**: +- GitHub MCP server not configured in workflow frontmatter +- Missing toolsets specification +- Incorrect toolset names + +### Authentication and Permission Errors + +**Symptoms**: +- HTTP 403 (Forbidden) errors +- "Resource not accessible" errors +- Token scope errors + +**Common Causes**: +- Missing `permissions:` block in workflow frontmatter +- Insufficient token permissions for requested operations +- GITHUB_TOKEN not passed to custom actions + +### Input/Secret Validation Failures + +**Symptoms**: +- Safe-inputs action fails +- Environment variable not available +- Template expression evaluation errors + +**Common Causes**: +- Safe-inputs action not configured +- Missing required secrets +- Incorrect secret references + +## Investigation Steps + +### Step 1: Analyze Workflow Logs + +Use the `gh aw logs` command to download and analyze workflow logs: + +```bash +# Download logs from last 24 hours +gh aw logs --start-date -1d -o /tmp/workflow-logs + +# Download logs for a specific workflow run +gh aw logs --run-id -o /tmp/workflow-logs + +# Analyze logs for a specific workflow +gh aw logs --workflow --start-date -7d +``` + +**What to look for**: +- Error messages in the "Run AI Agent" step +- Missing-tool errors +- HTTP error codes (401, 403, 404, 500) +- Stack traces or exception details + +### Step 2: Identify Missing-Tool Errors + +Missing-tool errors typically appear in this format: + +``` +Error: Tool 'github:read_issue' not found +Error: missing tool configuration for safeinputs-gh +``` + +To identify which tools are missing: + +1. Check the workflow `.md` file for the `tools:` section +2. Compare with similar working workflows +3. Verify the tool is properly configured in frontmatter + +### Step 3: Verify MCP Server Configurations + +Check if the workflow has proper MCP server configuration: + +```aw +--- +tools: + github: + mode: remote # or "local" for Docker-based + toolsets: [default] # Enables repos, issues, pull_requests +--- +``` + +Use `gh aw mcp inspect ` to verify MCP server configuration: + +```bash +# Inspect MCP servers for a workflow +gh aw mcp inspect + +# List all workflows with MCP servers +gh aw mcp list +``` + +### Step 4: Check Permissions Configuration + +Verify the workflow has required permissions: + +```aw +--- +permissions: + contents: read # For reading repository files + issues: write # For creating/updating issues + pull-requests: write # For creating/updating PRs + actions: read # For accessing workflow runs +--- +``` + +Common permission requirements: +- **Reading issues**: `issues: read` +- **Creating issues**: `issues: write` +- **Reading PRs**: `pull-requests: read` +- **Creating PRs**: `pull-requests: write` +- **Reading workflow runs**: `actions: read` + +## Resolution Procedures + +### Adding GitHub MCP Server to Workflows + +**Problem**: Workflow fails with missing GitHub tool errors. + +**Solution**: Add GitHub MCP server configuration to the workflow frontmatter. + +1. Open the workflow `.md` file +2. Add or update the `tools:` section: + +```aw +--- +tools: + github: + mode: remote + toolsets: [default] +--- +``` + +3. Compile the workflow: + +```bash +gh aw compile .md +``` + +4. Verify the configuration: + +```bash +gh aw mcp inspect +``` + +**Available toolsets**: +- `default`: repositories, issues, pull requests, and common operations +- `repos`: repository management tools +- `issues`: issue operations +- `pull_requests`: PR operations +- `actions`: GitHub Actions workflow tools + +**Example**: Dev workflow with GitHub MCP server + +```aw +--- +description: Development workflow with GitHub integration +on: + workflow_dispatch: +permissions: + contents: read + issues: read + pull-requests: read +engine: copilot +tools: + github: + mode: remote + toolsets: [default] +--- + +# Development Agent + +Analyze repository issues and provide insights. +``` + +### Configuring Safe-Inputs and Safe-Outputs + +**Problem**: Workflow fails with missing safeinputs-gh or safe-output errors. + +**Solution**: Configure safe-inputs and safe-outputs in the workflow. + +#### Adding Safe-Inputs + +Safe-inputs securely pass GitHub context to AI agents: + +```aw +--- +safe-inputs: + issue: + title: ${{ github.event.issue.title }} + body: ${{ github.event.issue.body }} + number: ${{ github.event.issue.number }} +--- +``` + +The safe-inputs are automatically made available to the agent as environment variables. + +#### Adding Safe-Outputs + +Safe-outputs enable AI agents to create GitHub resources: + +```aw +--- +safe-outputs: + create-issue: + labels: ["ai-generated"] + create-pull-request: + labels: ["ai-generated"] + create-discussion: + category: "general" +--- +``` + +**Example**: Complete workflow with safe-inputs and safe-outputs + +```aw +--- +description: Issue triage workflow +on: + issues: + types: [opened] +permissions: + contents: read + issues: write +engine: copilot +tools: + github: + mode: remote + toolsets: [default] +safe-inputs: + issue: + title: ${{ github.event.issue.title }} + body: ${{ github.event.issue.body }} + number: ${{ github.event.issue.number }} +safe-outputs: + create-issue: + labels: ["ai-generated", "triage"] +--- + +# Issue Triage Agent + +Analyze the issue and determine appropriate labels and priority. +``` + +### Testing Workflow Fixes + +After making changes, test the workflow: + +1. **Compile the workflow**: + +```bash +gh aw compile .md +``` + +2. **Trigger manually** (if `workflow_dispatch` is enabled): + +```bash +gh workflow run .lock.yml +``` + +3. **Monitor the run**: + +```bash +# Get the run ID +gh run list --workflow=.lock.yml --limit 1 + +# Watch the run +gh run watch + +# Download logs if it fails +gh aw logs --run-id +``` + +4. **Verify success**: + - Check that no missing-tool errors occur + - Verify the agent completes successfully + - Confirm any created resources (issues, PRs, discussions) + +## Case Study: DeepReport Incident Response + +### Background + +The DeepReport Intelligence Briefing (Discussion #7277) identified several workflow health issues: + +1. **Weekly Issue Summary workflow** - Failed in recent runs +2. **Dev workflow** - Missing GitHub MCP read_issue capability (Run #20435819459) +3. **Daily Copilot PR Merged workflow** - Missing safeinputs-gh tool + +### Investigation + +**Weekly Issue Summary**: +- Analyzed workflow logs using `gh aw logs` +- Identified authentication errors in GitHub API calls +- Found missing permissions in workflow configuration + +**Dev Workflow**: +- Error: "Tool 'github:read_issue' not found" +- Root cause: GitHub MCP server not configured +- The workflow attempted to read issue information without GitHub MCP toolset + +**Daily Copilot PR Merged**: +- Error: "missing tool configuration for safeinputs-gh" +- Root cause: Safe-inputs action not set up in workflow +- PR merge data not being passed securely to agent + +### Resolution + +**Weekly Issue Summary**: +- Added missing `actions: read` permission +- Recompiled workflow with `gh aw compile` +- Verified success in next scheduled run + +**Dev Workflow**: +Added GitHub MCP server configuration: + +```aw +tools: + github: + mode: remote + toolsets: [default] +``` + +**Daily Copilot PR Merged**: +Added safe-inputs configuration: + +```aw +safe-inputs: + pull_request: + number: ${{ github.event.pull_request.number }} + title: ${{ github.event.pull_request.title }} +``` + +### Lessons Learned + +1. **MCP-first approach**: Always configure GitHub MCP server when workflows need GitHub API access +2. **Permission planning**: Define required permissions upfront based on workflow operations +3. **Safe-inputs for context**: Use safe-inputs to securely pass GitHub event context to agents +4. **Test after compilation**: Always test workflows manually after making configuration changes +5. **Monitor systematically**: Use `gh aw logs` for regular workflow health monitoring + +## Quick Reference + +### Essential Commands + +```bash +# Download recent workflow logs +gh aw logs --start-date -1d -o /tmp/logs + +# Inspect MCP configuration +gh aw mcp inspect + +# List all workflows with MCP servers +gh aw mcp list + +# Compile workflow after changes +gh aw compile .md + +# Trigger workflow manually +gh workflow run .lock.yml + +# Watch workflow execution +gh run watch +``` + +### Common Configuration Patterns + +**Basic GitHub integration**: +```aw +--- +permissions: + contents: read + issues: read +tools: + github: + mode: remote + toolsets: [default] +--- +``` + +**Issue-triggered workflow with safe-inputs**: +```aw +--- +on: + issues: + types: [opened] +permissions: + contents: read + issues: write +safe-inputs: + issue: + title: ${{ github.event.issue.title }} + body: ${{ github.event.issue.body }} +tools: + github: + mode: remote + toolsets: [default] +--- +``` + +**Workflow with safe-outputs**: +```aw +--- +permissions: + contents: read + issues: write + discussions: write +safe-outputs: + create-issue: + labels: ["ai-generated"] + create-discussion: + category: "general" +tools: + github: + mode: remote + toolsets: [default] +--- +``` + +## Additional Resources + +- [Getting Started with MCP](/docs/src/content/docs/guides/getting-started-mcp.md) +- [Security Guide](/docs/src/content/docs/guides/security.md) +- [Error Reference](/docs/src/content/docs/troubleshooting/errors.md) +- [Common Issues](/docs/src/content/docs/troubleshooting/common-issues.md) diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 4da0f2317f..392f4582e2 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -47,7 +47,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "agent-performance-analyzer.lock.yml" with: @@ -205,7 +205,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1769,36 +1769,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1813,57 +1813,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1973,7 +1962,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2016,7 +2005,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2702,7 +2691,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2753,7 +2742,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2962,7 +2951,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3085,7 +3074,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4340,7 +4329,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5825,7 +5814,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5992,7 +5981,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6270,7 +6259,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6363,7 +6352,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Agent Performance Analyzer - Meta-Orchestrator" @@ -6471,7 +6460,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6768,7 +6757,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Agent Performance Analyzer - Meta-Orchestrator" WORKFLOW_DESCRIPTION: "Meta-orchestrator that analyzes AI agent performance, quality, and effectiveness across the repository" @@ -6947,7 +6936,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6999,7 +6988,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7174,7 +7163,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8628,7 +8617,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8926,7 +8915,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -9210,7 +9199,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_URL: ${{ steps.create_issue.outputs.issue_url }} diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index f7f93373b3..ae2d6d52f6 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -44,7 +44,7 @@ jobs: discussions: write steps: - name: Close expired discussions - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const MAX_UPDATES_PER_RUN = 100; @@ -230,7 +230,7 @@ jobs: issues: write steps: - name: Close expired issues - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const MAX_UPDATES_PER_RUN = 100; diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index ce74c8c49c..c46dc6c72a 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -62,7 +62,7 @@ jobs: issue_locked: ${{ steps.lock-issue.outputs.locked }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "ai-moderator.lock.yml" with: @@ -149,7 +149,7 @@ jobs: - name: Lock issue for agent workflow id: lock-issue if: (github.event_name == 'issues') || (github.event_name == 'issue_comment') - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | async function main() { @@ -234,7 +234,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1704,36 +1704,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1748,57 +1748,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1908,7 +1897,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1951,7 +1940,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2125,7 +2114,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2264,7 +2253,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2333,7 +2322,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2546,7 +2535,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2669,7 +2658,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3924,7 +3913,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5409,7 +5398,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5567,7 +5556,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5895,7 +5884,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5988,7 +5977,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "AI Moderator" @@ -6096,7 +6085,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6358,7 +6347,7 @@ jobs: - name: Unlock issue after agent workflow id: unlock-issue if: (always()) && (((github.event_name == 'issues') || (github.event_name == 'issue_comment')) && (needs.activation.outputs.issue_locked == 'true')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | async function main() { @@ -6408,7 +6397,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write GH_AW_ALLOWED_BOTS: agentic-workflows-dev[bot] @@ -7350,7 +7339,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "spam,ai-generated,link-spam,ai-inspected" @@ -7472,7 +7461,7 @@ jobs: - name: Hide Comment id: hide_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'hide_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index e112ce49bf..933134374b 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -67,7 +67,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "archie.lock.yml" with: @@ -153,7 +153,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -484,7 +484,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: archie @@ -937,7 +937,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2376,36 +2376,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2420,57 +2420,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2586,7 +2575,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2629,7 +2618,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2864,7 +2853,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3018,7 +3007,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3087,7 +3076,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3314,7 +3303,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3437,7 +3426,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4693,7 +4682,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6178,7 +6167,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6336,7 +6325,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6613,7 +6602,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6706,7 +6695,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Archie" @@ -6814,7 +6803,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7110,7 +7099,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Archie" WORKFLOW_DESCRIPTION: "Generates Mermaid diagrams to visualize issue and pull request relationships when invoked with the /archie command" @@ -7289,7 +7278,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7349,7 +7338,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7492,7 +7481,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: archie with: @@ -8186,7 +8175,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 23a64bf35c..3f2bdb2259 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "artifacts-summary.lock.yml" with: @@ -177,7 +177,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1632,36 +1632,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1676,57 +1676,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1836,7 +1825,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1879,7 +1868,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1998,7 +1987,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2144,7 +2133,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2195,7 +2184,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2418,7 +2407,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2541,7 +2530,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -3796,7 +3785,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5281,7 +5270,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5439,7 +5428,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5728,7 +5717,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5821,7 +5810,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Artifacts Summary" @@ -5929,7 +5918,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6239,7 +6228,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Artifacts Summary" WORKFLOW_DESCRIPTION: "Generates a comprehensive summary of GitHub Actions artifacts usage across all workflows in the repository" @@ -6418,7 +6407,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7386,7 +7375,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 10fe81b71c..ab4dfd105f 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "audit-workflows.lock.yml" with: @@ -171,7 +171,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -193,7 +193,7 @@ jobs: pip install --user --quiet numpy pandas matplotlib seaborn scipy - if: always() name: Upload charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-charts @@ -201,7 +201,7 @@ jobs: retention-days: 30 - if: always() name: Upload source and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-source-and-data @@ -244,7 +244,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1722,36 +1722,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1766,57 +1766,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1921,7 +1910,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1964,7 +1953,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2284,7 +2273,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2440,7 +2429,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2491,7 +2480,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2773,7 +2762,7 @@ jobs: MCP_TOOL_TIMEOUT: 300000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2897,7 +2886,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4144,7 +4133,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5217,7 +5206,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5388,7 +5377,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5666,7 +5655,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5760,7 +5749,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Agentic Workflow Audit Agent" @@ -5869,7 +5858,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6167,7 +6156,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Agentic Workflow Audit Agent" WORKFLOW_DESCRIPTION: "Daily audit of all agentic workflow runs from the last 24 hours to identify issues, missing tools, errors, and improvement opportunities" @@ -6352,7 +6341,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7314,7 +7303,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -7598,7 +7587,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index d9bf8a8ffc..b23713ee86 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "blog-auditor.lock.yml" with: @@ -177,7 +177,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1630,36 +1630,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1674,57 +1674,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1840,7 +1829,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1883,7 +1872,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2207,7 +2196,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2353,7 +2342,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2404,7 +2393,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2720,7 +2709,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2844,7 +2833,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,githubnext.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.githubnext.com" @@ -4091,7 +4080,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5164,7 +5153,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5322,7 +5311,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5599,7 +5588,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5693,7 +5682,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Blog Auditor" @@ -5802,7 +5791,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6100,7 +6089,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Blog Auditor" WORKFLOW_DESCRIPTION: "Verifies that the GitHub Next Agentic Workflows blog page is accessible and contains expected content" @@ -6285,7 +6274,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7244,7 +7233,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 61de7e0b2e..8c97464e32 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -59,7 +59,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "brave.lock.yml" with: @@ -145,7 +145,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -476,7 +476,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: brave @@ -916,7 +916,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2356,36 +2356,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2400,57 +2400,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2578,7 +2567,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2621,7 +2610,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2777,7 +2766,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2914,7 +2903,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2983,7 +2972,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3198,7 +3187,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3322,7 +3311,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4578,7 +4567,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6063,7 +6052,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6221,7 +6210,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6498,7 +6487,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6591,7 +6580,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Brave Web Search Agent" @@ -6699,7 +6688,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6995,7 +6984,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Brave Web Search Agent" WORKFLOW_DESCRIPTION: "Performs web searches using Brave search engine when invoked with /brave command in issues or PRs" @@ -7174,7 +7163,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7228,7 +7217,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7371,7 +7360,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: brave with: @@ -8065,7 +8054,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 163295a110..330943fb84 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -47,7 +47,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "breaking-change-checker.lock.yml" with: @@ -174,7 +174,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1650,36 +1650,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1694,57 +1694,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1854,7 +1843,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1897,7 +1886,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2108,7 +2097,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2258,7 +2247,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2309,7 +2298,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2539,7 +2528,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2662,7 +2651,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3917,7 +3906,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5402,7 +5391,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5560,7 +5549,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5837,7 +5826,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5931,7 +5920,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Breaking Change Checker" @@ -6040,7 +6029,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6339,7 +6328,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Breaking Change Checker" WORKFLOW_DESCRIPTION: "Daily analysis of recent commits and merged PRs for breaking CLI changes" @@ -6518,7 +6507,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6570,7 +6559,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -6713,7 +6702,7 @@ jobs: await main(); - name: Check skip-if-match query id: check_skip_if_match - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SKIP_QUERY: "is:issue is:open in:title \"[breaking-change]\"" GH_AW_WORKFLOW_NAME: "Breaking Change Checker" @@ -7436,7 +7425,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[breaking-change] " diff --git a/.github/workflows/campaign-generator.lock.yml b/.github/workflows/campaign-generator.lock.yml index 0672f18e54..a19399c06f 100644 --- a/.github/workflows/campaign-generator.lock.yml +++ b/.github/workflows/campaign-generator.lock.yml @@ -50,7 +50,7 @@ jobs: issue_locked: ${{ steps.lock-issue.outputs.locked }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "campaign-generator.lock.yml" with: @@ -137,7 +137,7 @@ jobs: - name: Lock issue for agent workflow id: lock-issue if: (github.event_name == 'issues') || (github.event_name == 'issue_comment') - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | async function main() { @@ -225,7 +225,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1725,36 +1725,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1769,57 +1769,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1929,7 +1918,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1972,7 +1961,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2080,7 +2069,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -2211,7 +2200,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2262,7 +2251,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -2472,7 +2461,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2595,7 +2584,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3850,7 +3839,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5335,7 +5324,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5493,7 +5482,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5770,7 +5759,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5863,7 +5852,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Campaign Generator" @@ -5971,7 +5960,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6234,7 +6223,7 @@ jobs: - name: Unlock issue after agent workflow id: unlock-issue if: (always()) && (((github.event_name == 'issues') || (github.event_name == 'issue_comment')) && (needs.activation.outputs.issue_locked == 'true')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | async function main() { @@ -6311,7 +6300,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Campaign Generator" WORKFLOW_DESCRIPTION: "Campaign generator that updates issue status and assigns to Copilot agent for campaign design" @@ -6490,7 +6479,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6543,7 +6532,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7850,7 +7839,7 @@ jobs: - name: Assign To Agent id: assign_to_agent if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'assign_to_agent')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8028,7 +8017,7 @@ jobs: - name: Update Issue id: update_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/campaign-manager.lock.yml b/.github/workflows/campaign-manager.lock.yml index 258d1ab3f4..5ec81a38c6 100644 --- a/.github/workflows/campaign-manager.lock.yml +++ b/.github/workflows/campaign-manager.lock.yml @@ -47,7 +47,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "campaign-manager.lock.yml" with: @@ -205,7 +205,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1820,36 +1820,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1864,57 +1864,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2017,7 +2006,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2060,7 +2049,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2537,7 +2526,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2588,7 +2577,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2797,7 +2786,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2920,7 +2909,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4175,7 +4164,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5660,7 +5649,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5827,7 +5816,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6105,7 +6094,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6198,7 +6187,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Campaign Manager - Meta-Orchestrator" @@ -6306,7 +6295,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6603,7 +6592,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Campaign Manager - Meta-Orchestrator" WORKFLOW_DESCRIPTION: "Meta-orchestrator workflow that manages multiple campaigns, analyzes their performance, and makes strategic decisions" @@ -6782,7 +6771,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6834,7 +6823,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7009,7 +6998,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8463,7 +8452,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8761,7 +8750,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -9045,7 +9034,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_URL: ${{ steps.create_issue.outputs.issue_url }} @@ -9457,7 +9446,7 @@ jobs: - name: Update Project id: update_project if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_project')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 9ea1fd770a..1cfb4fe4e5 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -67,7 +67,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "changeset.lock.yml" with: @@ -153,7 +153,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -484,7 +484,7 @@ jobs: - name: Add rocket reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "rocket" GH_AW_WORKFLOW_NAME: "Changeset Generator" @@ -925,7 +925,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2434,36 +2434,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2478,57 +2478,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2618,7 +2607,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2661,7 +2650,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2930,7 +2919,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} @@ -3080,7 +3069,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3131,7 +3120,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} @@ -3338,7 +3327,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3462,7 +3451,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.npms.io,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4717,7 +4706,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -6007,7 +5996,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6166,7 +6155,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6324,7 +6313,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -6620,7 +6609,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6713,7 +6702,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Changeset Generator" @@ -6821,7 +6810,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7129,7 +7118,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Changeset Generator" WORKFLOW_DESCRIPTION: "Automatically creates changeset files when PRs are labeled with 'changeset' or 'smoke' to document changes for release notes" @@ -7241,7 +7230,7 @@ jobs: # AI engine disabled for threat detection (engine: false) - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7297,7 +7286,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -8761,7 +8750,7 @@ jobs: - name: Update Pull Request id: update_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8848,7 +8837,7 @@ jobs: - name: Push To Pull Request Branch id: push_to_pull_request_branch if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'push_to_pull_request_branch')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PUSH_IF_NO_CHANGES: "warn" diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index a9b65a5d0f..6dadb5f2ce 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "ci-coach.lock.yml" with: @@ -232,7 +232,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1697,36 +1697,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1741,57 +1741,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1901,7 +1890,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1944,7 +1933,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2428,7 +2417,7 @@ jobs: - Only makes sense if they don't need unit test artifacts PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_AFTER: ${{ github.event.after }} @@ -2784,7 +2773,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_AFTER: ${{ github.event.after }} @@ -2961,7 +2950,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3012,7 +3001,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_AFTER: ${{ github.event.after }} @@ -3223,7 +3212,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3346,7 +3335,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4601,7 +4590,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6086,7 +6075,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6250,7 +6239,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6535,7 +6524,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6629,7 +6618,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "CI Optimization Coach" @@ -6738,7 +6727,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7036,7 +7025,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "CI Optimization Coach" WORKFLOW_DESCRIPTION: "Daily CI optimization coach that analyzes workflow runs for efficiency improvements and cost reduction opportunities" @@ -7215,7 +7204,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7589,7 +7578,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 991c7be54b..f2760210f1 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -60,7 +60,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "ci-doctor.lock.yml" with: @@ -204,7 +204,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1717,36 +1717,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1761,57 +1761,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1931,7 +1920,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1974,7 +1963,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2183,7 +2172,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} @@ -2351,7 +2340,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2402,7 +2391,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} @@ -2619,7 +2608,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2742,7 +2731,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3997,7 +3986,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5482,7 +5471,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5646,7 +5635,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5924,7 +5913,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6019,7 +6008,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "CI Failure Doctor" @@ -6129,7 +6118,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6427,7 +6416,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "CI Failure Doctor" WORKFLOW_DESCRIPTION: "Investigates failed CI workflows to identify root causes and patterns, creating issues with diagnostic information" @@ -6606,7 +6595,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6659,7 +6648,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -6802,7 +6791,7 @@ jobs: await main(); - name: Check stop-time limit id: check_stop_time - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_STOP_TIME: 2026-01-02 23:42:43 GH_AW_WORKFLOW_NAME: "CI Failure Doctor" @@ -7815,7 +7804,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[CI Failure Doctor] " @@ -8114,7 +8103,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_URL: ${{ steps.create_issue.outputs.issue_url }} diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 31e5d8d1c2..a7f150d6cf 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -44,7 +44,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "cli-consistency-checker.lock.yml" with: @@ -173,7 +173,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1650,36 +1650,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1694,57 +1694,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1864,7 +1853,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1907,7 +1896,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2127,7 +2116,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2275,7 +2264,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2326,7 +2315,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2535,7 +2524,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2658,7 +2647,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -3913,7 +3902,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5398,7 +5387,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5556,7 +5545,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5833,7 +5822,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5926,7 +5915,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "CLI Consistency Checker" @@ -6034,7 +6023,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6331,7 +6320,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "CLI Consistency Checker" WORKFLOW_DESCRIPTION: "Inspects the gh-aw CLI to identify inconsistencies, typos, bugs, or documentation gaps by running commands and analyzing output" @@ -6510,7 +6499,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7226,7 +7215,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[cli-consistency] " diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 126b277fd2..2b52c4b75f 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "cli-version-checker.lock.yml" with: @@ -195,7 +195,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1668,36 +1668,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1712,57 +1712,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1860,7 +1849,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1903,7 +1892,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2279,7 +2268,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2452,7 +2441,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2503,7 +2492,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2786,7 +2775,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2910,7 +2899,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,files.pythonhosted.org,get.pnpm.io,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,skimdb.npmjs.com,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4157,7 +4146,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5230,7 +5219,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5394,7 +5383,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5672,7 +5661,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5765,7 +5754,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "CLI Version Checker" @@ -5873,7 +5862,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6170,7 +6159,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "CLI Version Checker" WORKFLOW_DESCRIPTION: "Monitors and updates agentic CLI tools (Claude Code, GitHub Copilot CLI, OpenAI Codex, GitHub MCP Server, Playwright MCP, Playwright Browser) for new versions" @@ -6355,7 +6344,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7071,7 +7060,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[ca] " diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 950537f98e..13dd0fa435 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -93,7 +93,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "cloclo.lock.yml" with: @@ -179,7 +179,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -510,7 +510,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: cloclo @@ -993,7 +993,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2492,36 +2492,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2536,57 +2536,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2719,7 +2708,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2762,7 +2751,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3060,7 +3049,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3260,7 +3249,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3329,7 +3318,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3662,7 +3651,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3786,7 +3775,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -5034,7 +5023,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -6107,7 +6096,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6271,7 +6260,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6556,7 +6545,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6649,7 +6638,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "/cloclo" @@ -6757,7 +6746,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7053,7 +7042,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "/cloclo" WORKFLOW_DESCRIPTION: "No description provided" @@ -7239,7 +7228,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7307,7 +7296,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7450,7 +7439,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: cloclo with: @@ -8413,7 +8402,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -8921,7 +8910,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_PULL_REQUEST_URL: ${{ steps.create_pull_request.outputs.pull_request_url }} diff --git a/.github/workflows/close-old-discussions.lock.yml b/.github/workflows/close-old-discussions.lock.yml index 491180addb..0ec66ebe95 100644 --- a/.github/workflows/close-old-discussions.lock.yml +++ b/.github/workflows/close-old-discussions.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "close-old-discussions.lock.yml" with: @@ -209,7 +209,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1666,36 +1666,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1710,57 +1710,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1850,7 +1839,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1893,7 +1882,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2257,7 +2246,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2308,7 +2297,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2513,7 +2502,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2637,7 +2626,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.openai.com,openai.com" @@ -3892,7 +3881,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5182,7 +5171,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5341,7 +5330,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5505,7 +5494,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -5783,7 +5772,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5876,7 +5865,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Close Outdated Discussions" @@ -5984,7 +5973,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6281,7 +6270,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Close Outdated Discussions" WORKFLOW_DESCRIPTION: "Automatically closes outdated discussions - agentic workflow discussions older than 3 days, and daily reports superseded by fresher versions" @@ -6445,7 +6434,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6769,7 +6758,7 @@ jobs: - name: Close Discussion id: close_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'close_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 356341bfa5..8b174a0b7b 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "commit-changes-analyzer.lock.yml" with: @@ -179,7 +179,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1631,36 +1631,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1675,57 +1675,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1823,7 +1812,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1866,7 +1855,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2158,7 +2147,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2308,7 +2297,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2359,7 +2348,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2639,7 +2628,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2763,7 +2752,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4010,7 +3999,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5083,7 +5072,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5241,7 +5230,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5518,7 +5507,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5611,7 +5600,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Commit Changes Analyzer" @@ -5719,7 +5708,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6016,7 +6005,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Commit Changes Analyzer" WORKFLOW_DESCRIPTION: "Analyzes and provides a comprehensive developer-focused report of all changes in the repository since a specified commit" @@ -6202,7 +6191,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7160,7 +7149,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index df7c38c42b..6ea675f434 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "copilot-agent-analysis.lock.yml" with: @@ -204,7 +204,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1656,36 +1656,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1700,57 +1700,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1848,7 +1837,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1891,7 +1880,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2402,7 +2391,7 @@ jobs: - "Closed" - PR was closed without merging PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2520,7 +2509,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2676,7 +2665,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2727,7 +2716,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3030,7 +3019,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3154,7 +3143,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4401,7 +4390,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5474,7 +5463,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5638,7 +5627,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5916,7 +5905,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6009,7 +5998,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Copilot Agent PR Analysis" @@ -6117,7 +6106,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6414,7 +6403,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Copilot Agent PR Analysis" WORKFLOW_DESCRIPTION: "Analyzes GitHub Copilot agent usage patterns in pull requests to provide insights on agent effectiveness and behavior" @@ -6599,7 +6588,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7557,7 +7546,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index adb4624c69..32e9b05576 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "copilot-pr-merged-report.lock.yml" with: @@ -178,7 +178,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1603,36 +1603,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1647,57 +1647,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -3039,7 +3028,7 @@ jobs: - name: Generate Safe Inputs MCP Server Config id: safe-inputs-config - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function generateSafeInputsConfig({ core, crypto }) { @@ -3189,7 +3178,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3232,7 +3221,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3531,7 +3520,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3637,7 +3626,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3847,7 +3836,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3970,7 +3959,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -5232,7 +5221,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6717,7 +6706,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6875,7 +6864,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -7152,7 +7141,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -7245,7 +7234,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Copilot PR Merged Report" @@ -7353,7 +7342,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7650,7 +7639,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Copilot PR Merged Report" WORKFLOW_DESCRIPTION: "Generates a daily report analyzing Copilot pull requests merged in the last 24 hours, tracking code generation, tests, and token usage" @@ -7829,7 +7818,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8787,7 +8776,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index e8122b1dcc..dd098dfc42 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "copilot-pr-nlp-analysis.lock.yml" with: @@ -177,7 +177,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -185,7 +185,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -236,7 +236,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1717,36 +1717,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1761,57 +1761,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1924,7 +1913,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1967,7 +1956,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2520,7 +2509,7 @@ jobs: **Repository**: __GH_AW_GITHUB_REPOSITORY__ PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2821,7 +2810,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2994,7 +2983,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3045,7 +3034,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3257,7 +3246,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3380,7 +3369,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,bun.sh,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,files.pythonhosted.org,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.anaconda.com,repo.continuum.io,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4635,7 +4624,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6120,7 +6109,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6291,7 +6280,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6569,7 +6558,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6662,7 +6651,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Copilot PR Conversation NLP Analysis" @@ -6770,7 +6759,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7067,7 +7056,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Copilot PR Conversation NLP Analysis" WORKFLOW_DESCRIPTION: "Performs natural language processing analysis on Copilot PR conversations to extract insights and patterns from user interactions" @@ -7246,7 +7235,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8207,7 +8196,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8491,7 +8480,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index cfdde19c6e..615a01807c 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "copilot-pr-prompt-analysis.lock.yml" with: @@ -204,7 +204,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1659,36 +1659,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1703,57 +1703,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1863,7 +1852,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1906,7 +1895,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2316,7 +2305,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2489,7 +2478,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2540,7 +2529,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2749,7 +2738,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2872,7 +2861,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4127,7 +4116,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5612,7 +5601,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5776,7 +5765,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6054,7 +6043,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6147,7 +6136,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Copilot PR Prompt Pattern Analysis" @@ -6255,7 +6244,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6552,7 +6541,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Copilot PR Prompt Pattern Analysis" WORKFLOW_DESCRIPTION: "Analyzes prompt patterns used in Copilot PR interactions to identify common usage patterns and optimization opportunities" @@ -6731,7 +6720,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7689,7 +7678,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 0fe64cdb80..e68f89fa1b 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -53,7 +53,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "copilot-session-insights.lock.yml" with: @@ -184,7 +184,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -192,7 +192,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -230,7 +230,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1708,36 +1708,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1752,57 +1752,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1903,7 +1892,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1946,7 +1935,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2518,7 +2507,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3268,7 +3257,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3428,7 +3417,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3479,7 +3468,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3762,7 +3751,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3886,7 +3875,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,*.pythonhosted.org,anaconda.org,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,cdn.playwright.dev,codeload.github.com,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.npmjs.org,repo.anaconda.com,repo.continuum.io,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -5133,7 +5122,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -6206,7 +6195,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6377,7 +6366,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6655,7 +6644,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6748,7 +6737,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Copilot Session Insights" @@ -6856,7 +6845,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7153,7 +7142,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Copilot Session Insights" WORKFLOW_DESCRIPTION: "Analyzes GitHub Copilot agent sessions to provide detailed insights on usage patterns, success rates, and performance metrics" @@ -7338,7 +7327,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8299,7 +8288,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8583,7 +8572,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index a61877f6fe..6501cd3831 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -55,7 +55,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "craft.lock.yml" with: @@ -141,7 +141,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -472,7 +472,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: craft @@ -917,7 +917,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2404,36 +2404,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2448,57 +2448,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2608,7 +2597,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2651,7 +2640,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2951,7 +2940,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -3101,7 +3090,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3170,7 +3159,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -3380,7 +3369,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3503,7 +3492,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4759,7 +4748,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6244,7 +6233,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6402,7 +6391,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6686,7 +6675,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6779,7 +6768,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Workflow Craft Agent" @@ -6887,7 +6876,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7183,7 +7172,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Workflow Craft Agent" WORKFLOW_DESCRIPTION: "Generates new agentic workflow markdown files based on user requests when invoked with /craft command" @@ -7362,7 +7351,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7415,7 +7404,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7558,7 +7547,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: craft with: @@ -8456,7 +8445,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8882,7 +8871,7 @@ jobs: - name: Push To Pull Request Branch id: push_to_pull_request_branch if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'push_to_pull_request_branch')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PUSH_IF_NO_CHANGES: "warn" diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 8d8e5cd7ad..8db558e58f 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -44,7 +44,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-assign-issue-to-user.lock.yml" with: @@ -172,7 +172,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1660,36 +1660,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1704,57 +1704,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1864,7 +1853,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1907,7 +1896,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2068,7 +2057,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2119,7 +2108,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2328,7 +2317,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2451,7 +2440,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3706,7 +3695,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5191,7 +5180,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5349,7 +5338,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5626,7 +5615,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5719,7 +5708,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Auto-Assign Issue" @@ -5827,7 +5816,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6124,7 +6113,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Auto-Assign Issue" WORKFLOW_DESCRIPTION: "No description provided" @@ -6303,7 +6292,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7657,7 +7646,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_TARGET: "*" @@ -8065,7 +8054,7 @@ jobs: - name: Assign To User id: assign_to_user if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'assign_to_user')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 29c6a2d864..6a86afdc39 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-code-metrics.lock.yml" with: @@ -170,7 +170,7 @@ jobs: pip install --user --quiet numpy pandas matplotlib seaborn scipy - if: always() name: Upload charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-charts @@ -178,7 +178,7 @@ jobs: retention-days: 30 - if: always() name: Upload source and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-source-and-data @@ -217,7 +217,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1669,36 +1669,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1713,57 +1713,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1861,7 +1850,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1904,7 +1893,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2188,7 +2177,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2239,7 +2228,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2516,7 +2505,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2640,7 +2629,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3887,7 +3876,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -4960,7 +4949,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5124,7 +5113,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5402,7 +5391,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5496,7 +5485,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Code Metrics and Trend Tracking Agent" @@ -5605,7 +5594,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -5903,7 +5892,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Code Metrics and Trend Tracking Agent" WORKFLOW_DESCRIPTION: "Tracks and visualizes daily code metrics and trends to monitor repository health and development patterns" @@ -6088,7 +6077,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7047,7 +7036,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index 326ab27b67..ec37993d73 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-copilot-token-report.lock.yml" with: @@ -173,7 +173,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -181,7 +181,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -223,7 +223,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1704,36 +1704,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1748,57 +1748,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1911,7 +1900,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1954,7 +1943,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2526,7 +2515,7 @@ jobs: os.makedirs('/tmp/gh-aw/python/data', exist_ok=True) PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2925,7 +2914,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3081,7 +3070,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3132,7 +3121,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3343,7 +3332,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3466,7 +3455,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4721,7 +4710,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6206,7 +6195,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6377,7 +6366,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6655,7 +6644,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6749,7 +6738,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Copilot Token Consumption Report" @@ -6858,7 +6847,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7156,7 +7145,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Copilot Token Consumption Report" WORKFLOW_DESCRIPTION: "Daily report tracking Copilot token consumption and costs across all agentic workflows with trend analysis" @@ -7335,7 +7324,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8297,7 +8286,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8581,7 +8570,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 3358611c07..b9939f3e12 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-doc-updater.lock.yml" with: @@ -188,7 +188,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1650,36 +1650,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1694,57 +1694,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1842,7 +1831,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1885,7 +1874,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2097,7 +2086,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2268,7 +2257,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2319,7 +2308,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2623,7 +2612,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2747,7 +2736,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3994,7 +3983,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5067,7 +5056,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5231,7 +5220,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5516,7 +5505,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5610,7 +5599,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Documentation Updater" @@ -5719,7 +5708,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6017,7 +6006,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Documentation Updater" WORKFLOW_DESCRIPTION: "Automatically reviews and updates documentation to ensure accuracy and completeness" @@ -6202,7 +6191,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6576,7 +6565,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 45163277e1..29a8054d59 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -44,7 +44,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-fact.lock.yml" with: @@ -174,7 +174,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1610,36 +1610,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1654,57 +1654,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1794,7 +1783,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1837,7 +1826,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1948,7 +1937,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2079,7 +2068,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2130,7 +2119,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2335,7 +2324,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2459,7 +2448,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3714,7 +3703,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5004,7 +4993,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5163,7 +5152,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5321,7 +5310,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -5598,7 +5587,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5692,7 +5681,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Fact About gh-aw" @@ -5801,7 +5790,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6100,7 +6089,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Fact About gh-aw" WORKFLOW_DESCRIPTION: "Posts a daily poetic verse about the gh-aw project to a discussion thread" @@ -6263,7 +6252,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6950,7 +6939,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_TARGET: "4750" diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index f17db90dd3..6c45489685 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-file-diet.lock.yml" with: @@ -189,7 +189,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -197,7 +197,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -264,7 +264,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1766,36 +1766,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1810,57 +1810,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1979,7 +1968,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2022,7 +2011,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2595,7 +2584,7 @@ jobs: - **Test Coverage**: [RATIO or "No test file found"] PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2826,7 +2815,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3031,7 +3020,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3082,7 +3071,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3295,7 +3284,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3418,7 +3407,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4673,7 +4662,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6158,7 +6147,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6338,7 +6327,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6629,7 +6618,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6723,7 +6712,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily File Diet" @@ -6832,7 +6821,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7143,7 +7132,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily File Diet" WORKFLOW_DESCRIPTION: "Analyzes the largest Go source file daily and creates an issue to refactor it into smaller files if it exceeds the Go File Size Reduction campaign threshold" @@ -7322,7 +7311,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7374,7 +7363,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7517,7 +7506,7 @@ jobs: await main(); - name: Check skip-if-match query id: check_skip_if_match - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SKIP_QUERY: "is:issue is:open in:title \"[file-diet]\"" GH_AW_WORKFLOW_NAME: "Daily File Diet" @@ -7600,7 +7589,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8447,7 +8436,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[file-diet] " @@ -8747,7 +8736,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 83c3a510c4..c7864c908d 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-firewall-report.lock.yml" with: @@ -170,7 +170,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -190,7 +190,7 @@ jobs: pip install --user --quiet numpy pandas matplotlib seaborn scipy - if: always() name: Upload charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-charts @@ -198,7 +198,7 @@ jobs: retention-days: 30 - if: always() name: Upload source and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-source-and-data @@ -266,7 +266,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1747,36 +1747,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1791,57 +1791,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1961,7 +1950,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2004,7 +1993,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2562,7 +2551,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2613,7 +2602,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2823,7 +2812,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2946,7 +2935,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4201,7 +4190,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5686,7 +5675,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5866,7 +5855,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6145,7 +6134,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6239,7 +6228,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Firewall Logs Collector and Reporter" @@ -6348,7 +6337,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6646,7 +6635,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Firewall Logs Collector and Reporter" WORKFLOW_DESCRIPTION: "Collects and reports on firewall log events to monitor network security and access patterns" @@ -6825,7 +6814,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6903,7 +6892,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -7980,7 +7969,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8264,7 +8253,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index a26cdbb13a..c9cef0bf9d 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -55,7 +55,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-issues-report.lock.yml" with: @@ -187,7 +187,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -195,7 +195,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -233,7 +233,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1768,36 +1768,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1812,57 +1812,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1955,7 +1944,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1998,7 +1987,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2594,7 +2583,7 @@ jobs: # Set professional style PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3017,7 +3006,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3175,7 +3164,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3226,7 +3215,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3436,7 +3425,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3560,7 +3549,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4815,7 +4804,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -6105,7 +6094,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6264,7 +6253,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6435,7 +6424,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -6713,7 +6702,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6807,7 +6796,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Issues Report Generator" @@ -6916,7 +6905,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7214,7 +7203,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Issues Report Generator" WORKFLOW_DESCRIPTION: "Daily report analyzing repository issues with clustering, metrics, and trend charts" @@ -7378,7 +7367,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7430,7 +7419,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -8618,7 +8607,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8902,7 +8891,7 @@ jobs: - name: Close Discussion id: close_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'close_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -9138,7 +9127,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 15d769133f..da1b524389 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-malicious-code-scan.lock.yml" with: @@ -173,7 +173,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1669,36 +1669,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1713,57 +1713,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1873,7 +1862,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1916,7 +1905,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2255,7 +2244,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2386,7 +2375,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2437,7 +2426,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2659,7 +2648,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2782,7 +2771,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4037,7 +4026,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5522,7 +5511,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5680,7 +5669,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5956,7 +5945,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6050,7 +6039,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Malicious Code Scan Agent" @@ -6159,7 +6148,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6546,7 +6535,7 @@ jobs: - name: Create Code Scanning Alert id: create_code_scanning_alert if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_code_scanning_alert')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_FILENAME: "daily-malicious-code-scan" diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 6a61d304df..f1c8bb878e 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-multi-device-docs-tester.lock.yml" with: @@ -181,7 +181,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1681,36 +1681,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1725,57 +1725,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1894,7 +1883,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1937,7 +1926,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2085,7 +2074,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2233,7 +2222,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2284,7 +2273,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2607,7 +2596,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2731,7 +2720,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,files.pythonhosted.org,get.pnpm.io,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,skimdb.npmjs.com,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -3978,7 +3967,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5051,7 +5040,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5216,7 +5205,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5493,7 +5482,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5587,7 +5576,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Multi-Device Docs Tester" @@ -5696,7 +5685,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -5994,7 +5983,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Multi-Device Docs Tester" WORKFLOW_DESCRIPTION: "Tests documentation site functionality and responsive design across multiple device form factors" @@ -6180,7 +6169,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6900,7 +6889,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -7198,7 +7187,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 8eac6cb34e..bec0e4949a 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-news.lock.yml" with: @@ -179,7 +179,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -187,7 +187,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -231,7 +231,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1713,36 +1713,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1757,57 +1757,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1943,7 +1932,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1986,7 +1975,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2885,7 +2874,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2936,7 +2925,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -3147,7 +3136,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3271,7 +3260,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,bun.sh,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,files.pythonhosted.org,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.anaconda.com,repo.continuum.io,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4526,7 +4515,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6011,7 +6000,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6182,7 +6171,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6460,7 +6449,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6554,7 +6543,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily News" @@ -6663,7 +6652,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6961,7 +6950,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily News" WORKFLOW_DESCRIPTION: "Generates a daily news digest of repository activity including issues, PRs, discussions, and workflow runs" @@ -7140,7 +7129,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8102,7 +8091,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8386,7 +8375,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 1241567c76..21ba7f69c9 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-performance-summary.lock.yml" with: @@ -176,7 +176,7 @@ jobs: pip install --user --quiet numpy pandas matplotlib seaborn scipy - if: always() name: Upload charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-charts @@ -184,7 +184,7 @@ jobs: retention-days: 30 - if: always() name: Upload source and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-source-and-data @@ -223,7 +223,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1758,36 +1758,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1802,57 +1802,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -3490,7 +3479,7 @@ jobs: - name: Generate Safe Inputs MCP Server Config id: safe-inputs-config - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function generateSafeInputsConfig({ core, crypto }) { @@ -3634,7 +3623,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3677,7 +3666,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -4229,7 +4218,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -4387,7 +4376,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -4438,7 +4427,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -4649,7 +4638,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -4773,7 +4762,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.openai.com,openai.com" @@ -6035,7 +6024,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -7325,7 +7314,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -7484,7 +7473,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -7655,7 +7644,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -7933,7 +7922,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -8027,7 +8016,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Project Performance Summary Generator (Using Safe Inputs)" @@ -8136,7 +8125,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -8434,7 +8423,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Project Performance Summary Generator (Using Safe Inputs)" WORKFLOW_DESCRIPTION: "Daily project performance summary (90-day window) with trend charts using safe-inputs" @@ -8598,7 +8587,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -9689,7 +9678,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -9973,7 +9962,7 @@ jobs: - name: Close Discussion id: close_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'close_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -10209,7 +10198,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 290216ebbd..f5175eec98 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-repo-chronicle.lock.yml" with: @@ -174,7 +174,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -182,7 +182,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -220,7 +220,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1701,36 +1701,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1745,57 +1745,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1908,7 +1897,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1951,7 +1940,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2519,7 +2508,7 @@ jobs: ### Commit Activity & Contributors PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2636,7 +2625,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2807,7 +2796,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2858,7 +2847,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3069,7 +3058,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3192,7 +3181,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,bun.sh,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,files.pythonhosted.org,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.anaconda.com,repo.continuum.io,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4447,7 +4436,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5932,7 +5921,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6103,7 +6092,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6381,7 +6370,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6475,7 +6464,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "The Daily Repository Chronicle" @@ -6584,7 +6573,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6882,7 +6871,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "The Daily Repository Chronicle" WORKFLOW_DESCRIPTION: "Creates a narrative chronicle of daily repository activity including commits, PRs, issues, and discussions" @@ -7061,7 +7050,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8023,7 +8012,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8307,7 +8296,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 67fc3c1a19..2e4d80325d 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -58,7 +58,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-team-status.lock.yml" with: @@ -186,7 +186,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1641,36 +1641,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1685,57 +1685,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1845,7 +1834,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1888,7 +1877,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2131,7 +2120,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2182,7 +2171,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2391,7 +2380,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2514,7 +2503,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3769,7 +3758,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5254,7 +5243,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5412,7 +5401,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5689,7 +5678,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5785,7 +5774,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Team Status" @@ -5896,7 +5885,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6194,7 +6183,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Team Status" WORKFLOW_DESCRIPTION: "This workflow created daily team status reporter creating upbeat activity summaries.\nGathers recent repository activity (issues, PRs, discussions, releases, code changes)\nand generates engaging GitHub discussions with productivity insights, community\nhighlights, and project recommendations. Uses a positive, encouraging tone with\nmoderate emoji usage to boost team morale." @@ -6373,7 +6362,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6425,7 +6414,7 @@ jobs: steps: - name: Check stop-time limit id: check_stop_time - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_STOP_TIME: 2026-01-02 23:42:46 GH_AW_WORKFLOW_NAME: "Daily Team Status" @@ -7376,7 +7365,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 72642bf56f..8dd5a56ca6 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "daily-workflow-updater.lock.yml" with: @@ -173,7 +173,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1638,36 +1638,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1682,57 +1682,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1842,7 +1831,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1885,7 +1874,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2201,7 +2190,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2252,7 +2241,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2487,7 +2476,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2610,7 +2599,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3865,7 +3854,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5350,7 +5339,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5508,7 +5497,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5792,7 +5781,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5886,7 +5875,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Daily Workflow Updater" @@ -5995,7 +5984,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6293,7 +6282,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Daily Workflow Updater" WORKFLOW_DESCRIPTION: "Automatically updates GitHub Actions versions and creates a PR if changes are detected" @@ -6472,7 +6461,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6846,7 +6835,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index d50c9b7f2e..0855b02f3a 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "deep-report.lock.yml" with: @@ -179,7 +179,7 @@ jobs: name: Fetch weekly issues data run: "# Create output directories\nmkdir -p /tmp/gh-aw/weekly-issues-data\nmkdir -p /tmp/gh-aw/cache-memory\n\n# Get today's date for cache identification\nTODAY=$(date '+%Y-%m-%d')\nCACHE_DIR=\"/tmp/gh-aw/cache-memory\"\n\n# Check if cached data exists from today\nif [ -f \"$CACHE_DIR/weekly-issues-${TODAY}.json\" ] && [ -s \"$CACHE_DIR/weekly-issues-${TODAY}.json\" ]; then\n echo \"✓ Found cached weekly issues data from ${TODAY}\"\n cp \"$CACHE_DIR/weekly-issues-${TODAY}.json\" /tmp/gh-aw/weekly-issues-data/issues.json\n \n # Regenerate schema if missing\n if [ ! -f \"$CACHE_DIR/weekly-issues-${TODAY}-schema.json\" ]; then\n /tmp/gh-aw/jqschema.sh < /tmp/gh-aw/weekly-issues-data/issues.json > \"$CACHE_DIR/weekly-issues-${TODAY}-schema.json\"\n fi\n cp \"$CACHE_DIR/weekly-issues-${TODAY}-schema.json\" /tmp/gh-aw/weekly-issues-data/issues-schema.json\n \n echo \"Using cached data from ${TODAY}\"\n echo \"Total issues in cache: $(jq 'length' /tmp/gh-aw/weekly-issues-data/issues.json)\"\nelse\n echo \"⬇ Downloading fresh weekly issues data...\"\n \n # Calculate date 7 days ago (cross-platform: GNU date first, BSD fallback)\n DATE_7_DAYS_AGO=$(date -d '7 days ago' '+%Y-%m-%d' 2>/dev/null || date -v-7d '+%Y-%m-%d')\n \n echo \"Fetching issues created or updated since ${DATE_7_DAYS_AGO}...\"\n \n # Fetch issues from the last 7 days using gh CLI\n # Using --search with updated filter to get recent activity\n gh issue list --repo ${{ github.repository }} \\\n --search \"updated:>=${DATE_7_DAYS_AGO}\" \\\n --state all \\\n --json number,title,author,createdAt,state,url,body,labels,updatedAt,closedAt,milestone,assignees,comments \\\n --limit 500 \\\n > /tmp/gh-aw/weekly-issues-data/issues.json\n\n # Generate schema for reference\n /tmp/gh-aw/jqschema.sh < /tmp/gh-aw/weekly-issues-data/issues.json > /tmp/gh-aw/weekly-issues-data/issues-schema.json\n\n # Store in cache with today's date\n cp /tmp/gh-aw/weekly-issues-data/issues.json \"$CACHE_DIR/weekly-issues-${TODAY}.json\"\n cp /tmp/gh-aw/weekly-issues-data/issues-schema.json \"$CACHE_DIR/weekly-issues-${TODAY}-schema.json\"\n\n echo \"✓ Weekly issues data saved to cache: weekly-issues-${TODAY}.json\"\n echo \"Total issues found: $(jq 'length' /tmp/gh-aw/weekly-issues-data/issues.json)\"\nfi\n\n# Always ensure data is available at expected locations for backward compatibility\necho \"Weekly issues data available at: /tmp/gh-aw/weekly-issues-data/issues.json\"\necho \"Schema available at: /tmp/gh-aw/weekly-issues-data/issues-schema.json\"" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -253,7 +253,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1731,36 +1731,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1775,57 +1775,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1921,7 +1910,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1964,7 +1953,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2655,7 +2644,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2706,7 +2695,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2914,7 +2903,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3038,7 +3027,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.npms.io,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,bun.sh,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,files.pythonhosted.org,get.pnpm.io,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.anaconda.com,repo.continuum.io,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4293,7 +4282,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5583,7 +5572,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5742,7 +5731,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5922,7 +5911,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -6201,7 +6190,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6295,7 +6284,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "DeepReport - Intelligence Gathering Agent" @@ -6404,7 +6393,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6702,7 +6691,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "DeepReport - Intelligence Gathering Agent" WORKFLOW_DESCRIPTION: "Intelligence gathering agent that continuously reviews and aggregates information from agent-generated reports in discussions" @@ -6866,7 +6855,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6944,7 +6933,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8022,7 +8011,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8306,7 +8295,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 08717d3c46..15eced4006 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -44,7 +44,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "dependabot-go-checker.lock.yml" with: @@ -174,7 +174,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1689,36 +1689,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1733,57 +1733,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1903,7 +1892,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1946,7 +1935,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2414,7 +2403,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2545,7 +2534,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2596,7 +2585,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2804,7 +2793,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2927,7 +2916,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4182,7 +4171,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5667,7 +5656,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5825,7 +5814,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6102,7 +6091,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6195,7 +6184,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Dependabot Dependency Checker" @@ -6303,7 +6292,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6600,7 +6589,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Dependabot Dependency Checker" WORKFLOW_DESCRIPTION: "Checks for Go module and NPM dependency updates and analyzes Dependabot PRs for compatibility and breaking changes" @@ -6779,7 +6768,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7925,7 +7914,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[deps]" @@ -8225,7 +8214,7 @@ jobs: - name: Close Issue id: close_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'close_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index d2614f3480..2096509916 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -59,7 +59,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "dev-hawk.lock.yml" with: @@ -174,7 +174,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -203,7 +203,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1642,36 +1642,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1686,57 +1686,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1863,7 +1852,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1906,7 +1895,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2165,7 +2154,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} @@ -2308,7 +2297,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2359,7 +2348,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} @@ -2589,7 +2578,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2712,7 +2701,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3967,7 +3956,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5452,7 +5441,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5610,7 +5599,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5887,7 +5876,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5980,7 +5969,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Dev Hawk" @@ -6088,7 +6077,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6386,7 +6375,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Dev Hawk" WORKFLOW_DESCRIPTION: "Monitors development workflow activities and provides real-time alerts and insights on pull requests and CI status" @@ -6565,7 +6554,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6618,7 +6607,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7400,7 +7389,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_TARGET: "*" diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index b11d893536..13fabf413b 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -46,7 +46,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "dev.lock.yml" with: @@ -173,7 +173,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1601,36 +1601,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1645,57 +1645,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -3037,7 +3026,7 @@ jobs: - name: Generate Safe Inputs MCP Server Config id: safe-inputs-config - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function generateSafeInputsConfig({ core, crypto }) { @@ -3208,7 +3197,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3251,7 +3240,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3420,7 +3409,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3471,7 +3460,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -3683,7 +3672,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3806,7 +3795,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -5068,7 +5057,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6553,7 +6542,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6711,7 +6700,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6988,7 +6977,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -7081,7 +7070,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Dev" @@ -7189,7 +7178,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7487,7 +7476,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Dev" WORKFLOW_DESCRIPTION: "Add a poem to the latest discussion" @@ -7666,7 +7655,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8724,7 +8713,7 @@ jobs: - name: Update Discussion id: update_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_UPDATE_TARGET: "*" diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 1c0c58c67c..5578666003 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "developer-docs-consolidator.lock.yml" with: @@ -206,7 +206,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1720,36 +1720,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1764,57 +1764,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1925,7 +1914,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1968,7 +1957,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2573,7 +2562,7 @@ jobs: - Add comments when needed PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2646,7 +2635,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2819,7 +2808,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2870,7 +2859,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3176,7 +3165,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3300,7 +3289,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4547,7 +4536,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5620,7 +5609,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5784,7 +5773,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6069,7 +6058,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6162,7 +6151,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Developer Documentation Consolidator" @@ -6270,7 +6259,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6567,7 +6556,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Developer Documentation Consolidator" WORKFLOW_DESCRIPTION: "Consolidates and organizes developer documentation from multiple sources into a unified, searchable knowledge base" @@ -6752,7 +6741,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7879,7 +7868,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8182,7 +8171,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index 8b6c700dec..6e0c60e1ec 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "dictation-prompt.lock.yml" with: @@ -176,7 +176,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1641,36 +1641,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1685,57 +1685,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1845,7 +1834,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1888,7 +1877,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2128,7 +2117,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2179,7 +2168,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2386,7 +2375,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2509,7 +2498,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3764,7 +3753,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5249,7 +5238,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5407,7 +5396,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5691,7 +5680,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5784,7 +5773,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Dictation Prompt Generator" @@ -5892,7 +5881,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6189,7 +6178,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Dictation Prompt Generator" WORKFLOW_DESCRIPTION: "Generates optimized prompts for voice dictation and speech-to-text workflows" @@ -6368,7 +6357,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6741,7 +6730,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 99b2ee283d..174429b900 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "docs-noob-tester.lock.yml" with: @@ -176,7 +176,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1658,36 +1658,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1702,57 +1702,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1871,7 +1860,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1914,7 +1903,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2125,7 +2114,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2284,7 +2273,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2335,7 +2324,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2547,7 +2536,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2670,7 +2659,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -3925,7 +3914,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5410,7 +5399,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5575,7 +5564,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5852,7 +5841,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5945,7 +5934,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Documentation Noob Tester" @@ -6053,7 +6042,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6350,7 +6339,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Documentation Noob Tester" WORKFLOW_DESCRIPTION: "Tests documentation as a new user would, identifying confusing or broken steps in getting started guides" @@ -6529,7 +6518,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7490,7 +7479,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -7774,7 +7763,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 8e348628ad..bbecef50e1 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "duplicate-code-detector.lock.yml" with: @@ -185,7 +185,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1658,36 +1658,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1702,57 +1702,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1855,7 +1844,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1898,7 +1887,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2171,7 +2160,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2308,7 +2297,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2359,7 +2348,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2568,7 +2557,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2692,7 +2681,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.openai.com,openai.com" @@ -3947,7 +3936,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5237,7 +5226,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5396,7 +5385,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5554,7 +5543,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -5831,7 +5820,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5924,7 +5913,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Duplicate Code Detector" @@ -6032,7 +6021,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6329,7 +6318,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Duplicate Code Detector" WORKFLOW_DESCRIPTION: "Identifies duplicate code patterns across the codebase and suggests refactoring opportunities" @@ -6493,7 +6482,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7209,7 +7198,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[duplicate-code] " diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index b89d5ce2d5..81e3633291 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -42,7 +42,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "example-permissions-warning.lock.yml" with: @@ -162,7 +162,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -311,7 +311,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -354,7 +354,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -488,7 +488,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -539,7 +539,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -746,7 +746,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -877,7 +877,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -2362,7 +2362,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -2520,7 +2520,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 5c46c9f8bc..eff2a54756 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "example-workflow-analyzer.lock.yml" with: @@ -178,7 +178,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1643,36 +1643,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1687,57 +1687,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1843,7 +1832,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1886,7 +1875,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2067,7 +2056,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2118,7 +2107,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2388,7 +2377,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2512,7 +2501,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3759,7 +3748,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -4832,7 +4821,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -4990,7 +4979,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5267,7 +5256,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5360,7 +5349,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Weekly Workflow Analysis" @@ -5468,7 +5457,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -5765,7 +5754,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Weekly Workflow Analysis" WORKFLOW_DESCRIPTION: "Analyzes workflow examples to identify patterns, best practices, and potential improvements" @@ -5950,7 +5939,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6908,7 +6897,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index c00b48ca4d..85fe48f598 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -55,7 +55,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "firewall-escape.lock.yml" with: @@ -189,7 +189,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -351,7 +351,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -394,7 +394,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -703,7 +703,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -754,7 +754,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -960,7 +960,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -1091,7 +1091,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -2576,7 +2576,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -2734,7 +2734,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -3006,7 +3006,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 474fe7636c..b63ef59f00 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -42,7 +42,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "firewall.lock.yml" with: @@ -162,7 +162,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -324,7 +324,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -367,7 +367,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -439,7 +439,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -553,7 +553,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -604,7 +604,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -814,7 +814,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -945,7 +945,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -2430,7 +2430,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -2588,7 +2588,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 0bc8dc83de..774b546cf2 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "github-mcp-structural-analysis.lock.yml" with: @@ -175,7 +175,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -183,7 +183,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -221,7 +221,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1699,36 +1699,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1743,57 +1743,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1894,7 +1883,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1937,7 +1926,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2474,7 +2463,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2624,7 +2613,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2782,7 +2771,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2833,7 +2822,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3115,7 +3104,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3239,7 +3228,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4486,7 +4475,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5559,7 +5548,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5730,7 +5719,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6008,7 +5997,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6101,7 +6090,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "GitHub MCP Structural Analysis" @@ -6209,7 +6198,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6506,7 +6495,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "GitHub MCP Structural Analysis" WORKFLOW_DESCRIPTION: "Structural analysis of GitHub MCP tool responses with schema evaluation and usefulness ratings for agentic work" @@ -6691,7 +6680,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7652,7 +7641,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -7936,7 +7925,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 33a33e5802..44f511dead 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "github-mcp-tools-report.lock.yml" with: @@ -195,7 +195,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1679,36 +1679,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1723,57 +1723,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1862,7 +1851,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1905,7 +1894,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2332,7 +2321,7 @@ jobs: - Document the rationale for these defaults PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2465,7 +2454,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2636,7 +2625,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2687,7 +2676,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2987,7 +2976,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3111,7 +3100,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4358,7 +4347,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5431,7 +5420,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5595,7 +5584,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5880,7 +5869,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5973,7 +5962,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "GitHub MCP Remote Server Tools Report Generator" @@ -6081,7 +6070,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6378,7 +6367,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "GitHub MCP Remote Server Tools Report Generator" WORKFLOW_DESCRIPTION: "Generates a comprehensive report of available MCP server tools and their capabilities for GitHub integration" @@ -6563,7 +6552,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7690,7 +7679,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -7993,7 +7982,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index b2fc0a0e56..e956788a67 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "glossary-maintainer.lock.yml" with: @@ -205,7 +205,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1670,36 +1670,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1714,57 +1714,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1880,7 +1869,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1923,7 +1912,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2487,7 +2476,7 @@ jobs: 5. **Update the file** using the edit tool PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} @@ -2615,7 +2604,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} @@ -2786,7 +2775,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2837,7 +2826,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} @@ -3072,7 +3061,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3195,7 +3184,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4450,7 +4439,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5935,7 +5924,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6099,7 +6088,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6384,7 +6373,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6477,7 +6466,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Glossary Maintainer" @@ -6585,7 +6574,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6882,7 +6871,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Glossary Maintainer" WORKFLOW_DESCRIPTION: "Maintains and updates the documentation glossary based on codebase changes" @@ -7061,7 +7050,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7434,7 +7423,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index 53fbba4111..50743f8462 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "go-fan.lock.yml" with: @@ -204,7 +204,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1656,36 +1656,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1700,57 +1700,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1861,7 +1850,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1904,7 +1893,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2247,7 +2236,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2422,7 +2411,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2473,7 +2462,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2774,7 +2763,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2898,7 +2887,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,go.dev,golang.org,goproxy.io,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pkg.go.dev,playwright.download.prss.microsoft.com,ppa.launchpad.net,proxy.golang.org,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,sum.golang.org,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4145,7 +4134,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5218,7 +5207,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5382,7 +5371,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5660,7 +5649,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5754,7 +5743,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Go Fan" @@ -5863,7 +5852,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6161,7 +6150,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Go Fan" WORKFLOW_DESCRIPTION: "Daily Go module usage reviewer - analyzes direct dependencies prioritizing recently updated ones" @@ -6346,7 +6335,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7305,7 +7294,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/go-file-size-reduction-project64.campaign.g.lock.yml b/.github/workflows/go-file-size-reduction-project64.campaign.g.lock.yml index abf96de9ea..44223a9e7e 100644 --- a/.github/workflows/go-file-size-reduction-project64.campaign.g.lock.yml +++ b/.github/workflows/go-file-size-reduction-project64.campaign.g.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "go-file-size-reduction-project64.campaign.g.lock.yml" with: @@ -173,7 +173,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1693,36 +1693,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1737,57 +1737,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1897,7 +1886,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1940,7 +1929,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2277,7 +2266,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2328,7 +2317,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2537,7 +2526,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2660,7 +2649,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3915,7 +3904,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5400,7 +5389,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5558,7 +5547,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5835,7 +5824,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5928,7 +5917,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Go File Size Reduction Campaign (Project 64)" @@ -6036,7 +6025,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6333,7 +6322,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Go File Size Reduction Campaign (Project 64)" WORKFLOW_DESCRIPTION: "Systematically reduce oversized Go files to improve maintainability. Success: all files ≤800 LOC, maintain coverage, no regressions." @@ -6512,7 +6501,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7196,7 +7185,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -7603,7 +7592,7 @@ jobs: - name: Update Project id: update_project if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_project')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index 3dc0f9d1a6..095ec96d72 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "go-logger.lock.yml" with: @@ -204,7 +204,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1666,36 +1666,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1710,57 +1710,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1858,7 +1847,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1901,7 +1890,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2343,7 +2332,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2394,7 +2383,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2701,7 +2690,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2825,7 +2814,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4072,7 +4061,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5145,7 +5134,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5309,7 +5298,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5594,7 +5583,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5687,7 +5676,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Go Logger Enhancement" @@ -5795,7 +5784,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6092,7 +6081,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Go Logger Enhancement" WORKFLOW_DESCRIPTION: "Analyzes and enhances Go logging practices across the codebase for improved debugging and observability" @@ -6277,7 +6266,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6650,7 +6639,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index cc741976f9..778f79869f 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "go-pattern-detector.lock.yml" with: @@ -179,7 +179,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1653,36 +1653,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1697,57 +1697,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1855,7 +1844,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1898,7 +1887,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2087,7 +2076,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2222,7 +2211,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2273,7 +2262,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2547,7 +2536,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2671,7 +2660,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3918,7 +3907,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -4991,7 +4980,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5149,7 +5138,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5391,7 +5380,7 @@ jobs: found_patterns: ${{ steps.detect.outputs.found_patterns }} steps: - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: persist-credentials: false - name: Install ast-grep @@ -5460,7 +5449,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5553,7 +5542,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Go Pattern Detector" @@ -5661,7 +5650,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -5958,7 +5947,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Go Pattern Detector" WORKFLOW_DESCRIPTION: "Detects common Go code patterns and anti-patterns to maintain code quality and consistency" @@ -6143,7 +6132,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6859,7 +6848,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[ast-grep] " diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 3b187f2900..eb46785134 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -60,7 +60,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "grumpy-reviewer.lock.yml" with: @@ -146,7 +146,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -477,7 +477,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: grumpy @@ -931,7 +931,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2445,36 +2445,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2489,57 +2489,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2649,7 +2638,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2692,7 +2681,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2869,7 +2858,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -3029,7 +3018,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3098,7 +3087,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -3310,7 +3299,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3433,7 +3422,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4689,7 +4678,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6174,7 +6163,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6338,7 +6327,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6616,7 +6605,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6709,7 +6698,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Grumpy Code Reviewer 🔥" @@ -6817,7 +6806,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7113,7 +7102,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Grumpy Code Reviewer 🔥" WORKFLOW_DESCRIPTION: "Performs critical code review with a focus on edge cases, potential bugs, and code quality issues" @@ -7292,7 +7281,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7347,7 +7336,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7490,7 +7479,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: grumpy with: @@ -8319,7 +8308,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8726,7 +8715,7 @@ jobs: - name: Create PR Review Comment id: create_pr_review_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request_review_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PR_REVIEW_COMMENT_SIDE: "RIGHT" diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index d8a68f4f63..9458c57dd9 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "hourly-ci-cleaner.lock.yml" with: @@ -204,7 +204,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1669,36 +1669,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1713,57 +1713,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1873,7 +1862,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1916,7 +1905,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2302,7 +2291,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_ENV_CI_STATUS: ${{ env.CI_STATUS }} @@ -2452,7 +2441,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2503,7 +2492,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_ENV_CI_STATUS: ${{ env.CI_STATUS }} @@ -2713,7 +2702,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2836,7 +2825,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4091,7 +4080,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5576,7 +5565,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5734,7 +5723,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6018,7 +6007,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6112,7 +6101,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Hourly CI Cleaner" @@ -6221,7 +6210,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6519,7 +6508,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Hourly CI Cleaner" WORKFLOW_DESCRIPTION: "Hourly CI cleaner that fixes format, lint, and test issues when CI fails on main branch" @@ -6698,7 +6687,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7072,7 +7061,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/human-ai-collaboration.lock.yml b/.github/workflows/human-ai-collaboration.lock.yml index 06b069c983..15898928e1 100644 --- a/.github/workflows/human-ai-collaboration.lock.yml +++ b/.github/workflows/human-ai-collaboration.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "human-ai-collaboration.lock.yml" with: @@ -203,7 +203,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1679,36 +1679,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1723,57 +1723,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1883,7 +1872,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1926,7 +1915,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2419,7 +2408,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_INITIATIVE: ${{ github.event.inputs.initiative }} @@ -2584,7 +2573,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2635,7 +2624,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_INITIATIVE: ${{ github.event.inputs.initiative }} @@ -2847,7 +2836,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2970,7 +2959,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4225,7 +4214,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5710,7 +5699,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5877,7 +5866,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6155,7 +6144,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6248,7 +6237,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Human-AI Collaboration Campaign" @@ -6356,7 +6345,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6651,7 +6640,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Human-AI Collaboration Campaign" WORKFLOW_DESCRIPTION: "AI analyzes and proposes, humans approve based on risk, AI executes with guardrails" @@ -6830,7 +6819,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6908,7 +6897,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -7740,7 +7729,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/incident-response.lock.yml b/.github/workflows/incident-response.lock.yml index 5ac6f42c3c..b94164f2bd 100644 --- a/.github/workflows/incident-response.lock.yml +++ b/.github/workflows/incident-response.lock.yml @@ -60,7 +60,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "incident-response.lock.yml" with: @@ -217,7 +217,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1830,36 +1830,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1874,57 +1874,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2034,7 +2023,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2077,7 +2066,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2526,7 +2515,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_AFFECTED_SERVICES: ${{ github.event.inputs.affected_services }} @@ -2710,7 +2699,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2761,7 +2750,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_AFFECTED_SERVICES: ${{ github.event.inputs.affected_services }} @@ -2996,7 +2985,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3119,7 +3108,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4374,7 +4363,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5859,7 +5848,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6026,7 +6015,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6311,7 +6300,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6404,7 +6393,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Campaign - Incident Response" @@ -6512,7 +6501,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6809,7 +6798,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Campaign - Incident Response" WORKFLOW_DESCRIPTION: "Coordinate multi-team incident response with SLA tracking, stakeholder updates, and post-mortem" @@ -6988,7 +6977,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7066,7 +7055,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8969,7 +8958,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_LABELS: "campaign-tracker,incident" @@ -9287,7 +9276,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -9792,7 +9781,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_URL: ${{ steps.create_issue.outputs.issue_url }} @@ -10204,7 +10193,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index b2af32e136..59a34380f8 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "instructions-janitor.lock.yml" with: @@ -188,7 +188,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1650,36 +1650,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1694,57 +1694,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1842,7 +1831,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1885,7 +1874,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2227,7 +2216,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2278,7 +2267,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2581,7 +2570,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2705,7 +2694,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3952,7 +3941,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5025,7 +5014,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5189,7 +5178,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5474,7 +5463,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5567,7 +5556,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Instructions Janitor" @@ -5675,7 +5664,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -5972,7 +5961,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Instructions Janitor" WORKFLOW_DESCRIPTION: "Reviews and cleans up instruction files to ensure clarity, consistency, and adherence to best practices" @@ -6157,7 +6146,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6530,7 +6519,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/intelligence.lock.yml b/.github/workflows/intelligence.lock.yml index 02813425ac..02434d8c25 100644 --- a/.github/workflows/intelligence.lock.yml +++ b/.github/workflows/intelligence.lock.yml @@ -60,7 +60,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "intelligence.lock.yml" with: @@ -182,7 +182,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -190,7 +190,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -257,7 +257,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1759,36 +1759,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1803,57 +1803,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1966,7 +1955,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2009,7 +1998,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2581,7 +2570,7 @@ jobs: "roi": { PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} @@ -3079,7 +3068,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} @@ -3265,7 +3254,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3316,7 +3305,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} @@ -3527,7 +3516,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3650,7 +3639,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4905,7 +4894,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6390,7 +6379,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6570,7 +6559,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6849,7 +6838,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6942,7 +6931,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Campaign Intelligence System" @@ -7050,7 +7039,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7347,7 +7336,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Campaign Intelligence System" WORKFLOW_DESCRIPTION: "Analyze all past campaigns to generate insights, recommendations, and organizational learning" @@ -7526,7 +7515,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7604,7 +7593,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8439,7 +8428,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8737,7 +8726,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 83ff144384..f3cfadcc82 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "issue-arborist.lock.yml" with: @@ -184,7 +184,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1751,36 +1751,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1795,57 +1795,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1935,7 +1924,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1978,7 +1967,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2250,7 +2239,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2381,7 +2370,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2432,7 +2421,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2638,7 +2627,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2762,7 +2751,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4017,7 +4006,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5307,7 +5296,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5466,7 +5455,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5624,7 +5613,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -5901,7 +5890,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5994,7 +5983,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Issue Arborist" @@ -6102,7 +6091,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6399,7 +6388,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Issue Arborist" WORKFLOW_DESCRIPTION: "Daily workflow that analyzes recent issues and links related issues as sub-issues" @@ -6563,7 +6552,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7692,7 +7681,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[Parent] " @@ -7991,7 +7980,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8275,7 +8264,7 @@ jobs: - name: Link Sub Issue id: link_sub_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'link_sub_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_NUMBER: ${{ steps.create_issue.outputs.issue_number }} diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml index 0a8d23036c..d578b06cb3 100644 --- a/.github/workflows/issue-classifier.lock.yml +++ b/.github/workflows/issue-classifier.lock.yml @@ -56,7 +56,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "issue-classifier.lock.yml" with: @@ -142,7 +142,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -473,7 +473,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_WORKFLOW_NAME: "Issue Classifier" @@ -911,7 +911,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2308,36 +2308,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2352,57 +2352,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2500,7 +2489,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2543,7 +2532,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2633,7 +2622,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -2768,7 +2757,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2819,7 +2808,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -3006,7 +2995,7 @@ jobs: path: /tmp/gh-aw/aw_info.json if-no-files-found: warn - name: Run AI Inference - uses: actions/ai-inference@334892bb203895caaed82ec52d23c1ed9385151e # v2.0.4 + uses: actions/ai-inference@334892bb203895caaed82ec52d23c1ed9385151e # v1 env: GH_AW_MCP_CONFIG: /tmp/gh-aw/mcp-config/mcp-servers.json GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt @@ -3022,7 +3011,7 @@ jobs: touch /tmp/gh-aw/agent-stdio.log - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3144,7 +3133,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4439,7 +4428,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -4532,7 +4521,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Issue Classifier" @@ -4640,7 +4629,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -4935,7 +4924,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Issue Classifier" WORKFLOW_DESCRIPTION: "Automatically classifies and labels issues based on content analysis and predefined categories" @@ -5060,7 +5049,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -5112,7 +5101,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -6053,7 +6042,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "bug,feature,enhancement,documentation" diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index d3ab4fc6cf..96ab016ee7 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "issue-monster.lock.yml" with: @@ -182,7 +182,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1659,36 +1659,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1703,57 +1703,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1863,7 +1852,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1906,7 +1895,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2139,7 +2128,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2276,7 +2265,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2327,7 +2316,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2540,7 +2529,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2663,7 +2652,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3918,7 +3907,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5403,7 +5392,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5561,7 +5550,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5838,7 +5827,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5931,7 +5920,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Issue Monster" @@ -6039,7 +6028,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6337,7 +6326,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Issue Monster" WORKFLOW_DESCRIPTION: "The Cookie Monster of issues - assigns issues to Copilot agents one at a time" @@ -6516,7 +6505,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6568,7 +6557,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -6711,7 +6700,7 @@ jobs: await main(); - name: Check skip-if-match query id: check_skip_if_match - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SKIP_QUERY: "is:pr is:open is:draft author:app/copilot-swe-agent" GH_AW_WORKFLOW_NAME: "Issue Monster" @@ -7862,7 +7851,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8269,7 +8258,7 @@ jobs: - name: Assign To Agent id: assign_to_agent if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'assign_to_agent')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 979a244c44..3ce8acd76c 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -43,7 +43,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "issue-triage-agent.lock.yml" with: @@ -1605,36 +1605,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1649,57 +1649,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1809,7 +1798,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1852,7 +1841,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1911,7 +1900,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2042,7 +2031,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2093,7 +2082,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2303,7 +2292,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2426,7 +2415,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3681,7 +3670,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5166,7 +5155,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5324,7 +5313,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5601,7 +5590,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5694,7 +5683,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Issue Triage Agent" @@ -5802,7 +5791,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6099,7 +6088,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Issue Triage Agent" WORKFLOW_DESCRIPTION: "No description provided" @@ -6278,7 +6267,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7632,7 +7621,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8039,7 +8028,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "bug,feature,enhancement,documentation,question,help-wanted,good-first-issue" diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index c18c74a353..e7940903ba 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "jsweep.lock.yml" with: @@ -202,7 +202,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1667,36 +1667,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1711,57 +1711,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1877,7 +1866,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1920,7 +1909,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2114,7 +2103,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2287,7 +2276,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2338,7 +2327,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2578,7 +2567,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2701,7 +2690,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3956,7 +3945,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5441,7 +5430,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5605,7 +5594,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5890,7 +5879,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5984,7 +5973,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "jsweep - JavaScript Unbloater" @@ -6093,7 +6082,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6391,7 +6380,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "jsweep - JavaScript Unbloater" WORKFLOW_DESCRIPTION: "Daily JavaScript unbloater that cleans one .cjs file per day using modern JavaScript patterns" @@ -6570,7 +6559,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6944,7 +6933,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 4b0770fc94..4c1b7f9771 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -46,7 +46,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "layout-spec-maintainer.lock.yml" with: @@ -178,7 +178,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1643,36 +1643,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1687,57 +1687,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1847,7 +1836,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1890,7 +1879,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2318,7 +2307,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2369,7 +2358,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2605,7 +2594,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2728,7 +2717,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3983,7 +3972,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5468,7 +5457,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5626,7 +5615,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5910,7 +5899,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6004,7 +5993,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Layout Specification Maintainer" @@ -6113,7 +6102,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6411,7 +6400,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Layout Specification Maintainer" WORKFLOW_DESCRIPTION: "Maintains specs/layout.md with patterns of file paths, folder names, and artifact names used in lock.yml files" @@ -6590,7 +6579,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6964,7 +6953,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 4df3cea8f9..c6507fc2c3 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "lockfile-stats.lock.yml" with: @@ -192,7 +192,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1644,36 +1644,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1688,57 +1688,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1836,7 +1825,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1879,7 +1868,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2272,7 +2261,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2428,7 +2417,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2479,7 +2468,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2768,7 +2757,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2892,7 +2881,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4139,7 +4128,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5212,7 +5201,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5376,7 +5365,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5654,7 +5643,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5747,7 +5736,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Lockfile Statistics Analysis Agent" @@ -5855,7 +5844,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6152,7 +6141,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Lockfile Statistics Analysis Agent" WORKFLOW_DESCRIPTION: "Analyzes package lockfiles to track dependency statistics, vulnerabilities, and update patterns" @@ -6337,7 +6326,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7295,7 +7284,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 0883379945..a0145b73f0 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -64,7 +64,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "mcp-inspector.lock.yml" with: @@ -238,7 +238,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1699,36 +1699,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1743,57 +1743,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2131,7 +2120,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2174,7 +2163,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2550,7 +2539,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2601,7 +2590,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2893,7 +2882,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3028,7 +3017,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.docker.com,*.docker.io,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,auth.docker.io,azure.archive.ubuntu.com,bun.sh,cdn.jsdelivr.net,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,dl.k8s.io,fonts.googleapis.com,fonts.gstatic.com,gcr.io,get.pnpm.io,ghcr.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,mcr.microsoft.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pkgs.k8s.io,ppa.launchpad.net,production.cloudflare.docker.com,quay.io,raw.githubusercontent.com,registry.bower.io,registry.hub.docker.com,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4283,7 +4272,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5768,7 +5757,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5932,7 +5921,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6212,7 +6201,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6305,7 +6294,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "MCP Inspector Agent" @@ -6413,7 +6402,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6710,7 +6699,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "MCP Inspector Agent" WORKFLOW_DESCRIPTION: "Inspects MCP (Model Context Protocol) server configurations and validates their functionality" @@ -6889,7 +6878,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8121,7 +8110,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 647912f682..679d71130b 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -54,7 +54,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "mergefest.lock.yml" with: @@ -141,7 +141,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: mergefest @@ -583,7 +583,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2034,36 +2034,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2078,57 +2078,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2238,7 +2227,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2281,7 +2270,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2626,7 +2615,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2776,7 +2765,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2845,7 +2834,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3094,7 +3083,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3217,7 +3206,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4473,7 +4462,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5958,7 +5947,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6116,7 +6105,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6400,7 +6389,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6493,7 +6482,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Mergefest" @@ -6601,7 +6590,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6896,7 +6885,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Mergefest" WORKFLOW_DESCRIPTION: "Automatically merges the main branch into pull request branches when invoked with /mergefest command" @@ -7075,7 +7064,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7129,7 +7118,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7272,7 +7261,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: mergefest with: @@ -7585,7 +7574,7 @@ jobs: - name: Push To Pull Request Branch id: push_to_pull_request_branch if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'push_to_pull_request_branch')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PUSH_IF_NO_CHANGES: "warn" diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index d527ef718c..8f003a4ca3 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "notion-issue-summary.lock.yml" with: @@ -179,7 +179,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1583,36 +1583,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1627,57 +1627,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1808,7 +1797,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1851,7 +1840,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1912,7 +1901,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_EXPR_FD3E9604: ${{ github.event.inputs.issue-number }} @@ -2043,7 +2032,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2094,7 +2083,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_EXPR_FD3E9604: ${{ github.event.inputs.issue-number }} @@ -2309,7 +2298,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2433,7 +2422,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3688,7 +3677,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5173,7 +5162,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5331,7 +5320,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5608,7 +5597,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5701,7 +5690,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Issue Summary to Notion" @@ -5809,7 +5798,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6106,7 +6095,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Issue Summary to Notion" WORKFLOW_DESCRIPTION: "Creates issue summaries and syncs them to Notion for project management and tracking" @@ -6285,7 +6274,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 9051469030..4851b14299 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "org-health-report.lock.yml" with: @@ -176,7 +176,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -184,7 +184,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -224,7 +224,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1705,36 +1705,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1749,57 +1749,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1912,7 +1901,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1955,7 +1944,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2922,7 +2911,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2973,7 +2962,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -3183,7 +3172,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3306,7 +3295,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.npmjs.org,repo.anaconda.com,repo.continuum.io,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4561,7 +4550,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6046,7 +6035,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6217,7 +6206,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6495,7 +6484,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6588,7 +6577,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Organization Health Report" @@ -6696,7 +6685,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6993,7 +6982,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Organization Health Report" WORKFLOW_DESCRIPTION: "Generate an organization-wide health report for all public repositories in the GitHub org" @@ -7172,7 +7161,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8133,7 +8122,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8417,7 +8406,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/org-wide-rollout.lock.yml b/.github/workflows/org-wide-rollout.lock.yml index 54f020a3f6..553124586f 100644 --- a/.github/workflows/org-wide-rollout.lock.yml +++ b/.github/workflows/org-wide-rollout.lock.yml @@ -67,7 +67,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "org-wide-rollout.lock.yml" with: @@ -224,7 +224,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1837,36 +1837,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1881,57 +1881,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2041,7 +2030,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2084,7 +2073,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2551,7 +2540,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_APPROVAL_REQUIRED: ${{ github.event.inputs.approval_required }} @@ -2737,7 +2726,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2788,7 +2777,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_APPROVAL_REQUIRED: ${{ github.event.inputs.approval_required }} @@ -3024,7 +3013,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3147,7 +3136,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4402,7 +4391,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5887,7 +5876,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6054,7 +6043,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6339,7 +6328,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6432,7 +6421,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Campaign - Org-Wide Rollout" @@ -6540,7 +6529,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6837,7 +6826,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Campaign - Org-Wide Rollout" WORKFLOW_DESCRIPTION: "Coordinate changes across 100+ repos with phased rollout, dependency tracking, and rollback" @@ -7016,7 +7005,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7094,7 +7083,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8997,7 +8986,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_LABELS: "campaign-tracker,org-rollout" @@ -9315,7 +9304,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -9820,7 +9809,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_URL: ${{ steps.create_issue.outputs.issue_url }} @@ -10232,7 +10221,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 82d13c036a..0dad031b3d 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -77,7 +77,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "pdf-summary.lock.yml" with: @@ -163,7 +163,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -494,7 +494,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: summarize @@ -956,7 +956,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2395,36 +2395,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2439,57 +2439,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2606,7 +2595,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2649,7 +2638,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2848,7 +2837,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3014,7 +3003,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3083,7 +3072,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3300,7 +3289,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3423,7 +3412,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4679,7 +4668,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6164,7 +6153,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6328,7 +6317,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6606,7 +6595,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6699,7 +6688,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Resource Summarizer Agent" @@ -6807,7 +6796,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7103,7 +7092,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Resource Summarizer Agent" WORKFLOW_DESCRIPTION: "Summarizes PDF and other documents by analyzing URLs provided via /summarize command or workflow dispatch" @@ -7282,7 +7271,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7339,7 +7328,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7482,7 +7471,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: summarize with: @@ -8176,7 +8165,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index a2579d69b6..61886c9a50 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -59,7 +59,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "plan.lock.yml" with: @@ -145,7 +145,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -476,7 +476,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: plan @@ -916,7 +916,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2449,36 +2449,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2493,57 +2493,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2653,7 +2642,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2696,7 +2685,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2923,7 +2912,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} @@ -3060,7 +3049,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3129,7 +3118,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} @@ -3342,7 +3331,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3465,7 +3454,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4721,7 +4710,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6206,7 +6195,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6364,7 +6353,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6641,7 +6630,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6734,7 +6723,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Plan Command" @@ -6842,7 +6831,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7137,7 +7126,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Plan Command" WORKFLOW_DESCRIPTION: "Generates project plans and task breakdowns when invoked with /plan command in issues or PRs" @@ -7316,7 +7305,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7371,7 +7360,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7514,7 +7503,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: plan with: @@ -8272,7 +8261,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[plan] " @@ -8572,7 +8561,7 @@ jobs: - name: Close Discussion id: close_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'close_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index defac55199..70f2d97876 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -62,7 +62,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "poem-bot.lock.yml" with: @@ -148,7 +148,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -479,7 +479,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: poem-bot @@ -938,7 +938,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2905,36 +2905,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2949,57 +2949,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -3112,7 +3101,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3155,7 +3144,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3250,7 +3239,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3427,7 +3416,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3496,7 +3485,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3733,7 +3722,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3856,7 +3845,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -5112,7 +5101,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6597,7 +6586,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6769,7 +6758,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -7054,7 +7043,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -7147,7 +7136,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Poem Bot - A Creative Agentic Workflow" @@ -7255,7 +7244,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7551,7 +7540,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Poem Bot - A Creative Agentic Workflow" WORKFLOW_DESCRIPTION: "Generates creative poems on specified themes when invoked with /poem-bot command" @@ -7729,7 +7718,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7784,7 +7773,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer with: @@ -7927,7 +7916,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: poem-bot with: @@ -10971,7 +10960,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[🎭 POEM-BOT] " @@ -11272,7 +11261,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_SAFE_OUTPUTS_STAGED: "true" @@ -11576,7 +11565,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -12085,7 +12074,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_TARGET: "*" @@ -12501,7 +12490,7 @@ jobs: - name: Close Pull Request id: close_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'close_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_SAFE_OUTPUTS_STAGED: "true" @@ -12554,7 +12543,7 @@ jobs: - name: Create PR Review Comment id: create_pr_review_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request_review_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PR_REVIEW_COMMENT_SIDE: "RIGHT" @@ -12765,7 +12754,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "poetry,creative,automation,ai-generated,epic,haiku,sonnet,limerick" @@ -12888,7 +12877,7 @@ jobs: - name: Update Issue id: update_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_SAFE_OUTPUTS_STAGED: "true" @@ -12952,7 +12941,7 @@ jobs: - name: Push To Pull Request Branch id: push_to_pull_request_branch if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'push_to_pull_request_branch')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PUSH_IF_NO_CHANGES: "warn" @@ -13272,7 +13261,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_SAFE_OUTPUTS_STAGED: "true" @@ -13409,7 +13398,7 @@ jobs: - name: Link Sub Issue id: link_sub_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'link_sub_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_NUMBER: ${{ steps.create_issue.outputs.issue_number }} @@ -13724,7 +13713,7 @@ jobs: - name: Create Agent Task id: create_agent_task if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_agent_task')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_SAFE_OUTPUTS_STAGED: "true" diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index d7aa6c8aa9..8aae29dfed 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "portfolio-analyst.lock.yml" with: @@ -171,7 +171,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -193,7 +193,7 @@ jobs: pip install --user --quiet numpy pandas matplotlib seaborn scipy - if: always() name: Upload charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-charts @@ -201,7 +201,7 @@ jobs: retention-days: 30 - if: always() name: Upload source and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-source-and-data @@ -246,7 +246,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1727,36 +1727,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1771,57 +1771,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1941,7 +1930,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1984,7 +1973,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2494,7 +2483,7 @@ jobs:
PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2756,7 +2745,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2912,7 +2901,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2963,7 +2952,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3174,7 +3163,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3297,7 +3286,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,binstar.org,bootstrap.pypa.io,conda.anaconda.org,conda.binstar.org,files.pythonhosted.org,github.com,host.docker.internal,pip.pypa.io,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.npmjs.org,repo.anaconda.com,repo.continuum.io" @@ -4552,7 +4541,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6037,7 +6026,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6208,7 +6197,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6486,7 +6475,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6580,7 +6569,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Automated Portfolio Analyst" @@ -6689,7 +6678,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6987,7 +6976,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Automated Portfolio Analyst" WORKFLOW_DESCRIPTION: "Weekly portfolio analyst that identifies cost reduction opportunities (20%+) while improving workflow reliability" @@ -7166,7 +7155,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8128,7 +8117,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8412,7 +8401,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 54aa174207..328e00b3f4 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -86,7 +86,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "pr-nitpick-reviewer.lock.yml" with: @@ -173,7 +173,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: nit @@ -628,7 +628,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2194,36 +2194,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2238,57 +2238,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2398,7 +2387,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2441,7 +2430,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2858,7 +2847,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3020,7 +3009,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3089,7 +3078,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3302,7 +3291,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3425,7 +3414,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4681,7 +4670,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6166,7 +6155,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6330,7 +6319,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6608,7 +6597,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6701,7 +6690,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "PR Nitpick Reviewer 🔍" @@ -6809,7 +6798,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7105,7 +7094,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "PR Nitpick Reviewer 🔍" WORKFLOW_DESCRIPTION: "Provides detailed nitpicky code review focusing on style, best practices, and minor improvements" @@ -7284,7 +7273,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7347,7 +7336,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7490,7 +7479,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: nit with: @@ -8803,7 +8792,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -9087,7 +9076,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_DISCUSSION_URL: ${{ steps.create_discussion.outputs.discussion_url }} @@ -9496,7 +9485,7 @@ jobs: - name: Create PR Review Comment id: create_pr_review_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request_review_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PR_REVIEW_COMMENT_SIDE: "RIGHT" diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index f0a07ad2d6..cc9955aefd 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -55,7 +55,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "prompt-clustering-analysis.lock.yml" with: @@ -173,7 +173,7 @@ jobs: - name: Set up jq utilities directory run: "mkdir -p /tmp/gh-aw\ncat > /tmp/gh-aw/jqschema.sh << 'EOF'\n#!/usr/bin/env bash\n# jqschema.sh\njq -c '\ndef walk(f):\n . as $in |\n if type == \"object\" then\n reduce keys[] as $k ({}; . + {($k): ($in[$k] | walk(f))})\n elif type == \"array\" then\n if length == 0 then [] else [.[0] | walk(f)] end\n else\n type\n end;\nwalk(.)\n'\nEOF\nchmod +x /tmp/gh-aw/jqschema.sh" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -198,7 +198,7 @@ jobs: pip install --user --quiet numpy pandas matplotlib seaborn scipy - if: always() name: Upload charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-charts @@ -206,7 +206,7 @@ jobs: retention-days: 30 - if: always() name: Upload source and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-source-and-data @@ -265,7 +265,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1717,36 +1717,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1761,57 +1761,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1913,7 +1902,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1956,7 +1945,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2513,7 +2502,7 @@ jobs: - Success rates per cluster PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2724,7 +2713,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2880,7 +2869,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2931,7 +2920,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3209,7 +3198,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3333,7 +3322,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,*.pythonhosted.org,anaconda.org,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,cdn.playwright.dev,codeload.github.com,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.npmjs.org,repo.anaconda.com,repo.continuum.io,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4580,7 +4569,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5653,7 +5642,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5817,7 +5806,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6095,7 +6084,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6188,7 +6177,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Copilot Agent Prompt Clustering Analysis" @@ -6296,7 +6285,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6593,7 +6582,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Copilot Agent Prompt Clustering Analysis" WORKFLOW_DESCRIPTION: "Analyzes and clusters GitHub Copilot agent prompts to identify patterns and usage trends" @@ -6778,7 +6767,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7736,7 +7725,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 4e2d4ea778..da670a0f06 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "python-data-charts.lock.yml" with: @@ -172,7 +172,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -180,7 +180,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -218,7 +218,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1712,36 +1712,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1756,57 +1756,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1929,7 +1918,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1972,7 +1961,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2579,7 +2568,7 @@ jobs: summary.plot(kind='bar', ax=ax) PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3039,7 +3028,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3212,7 +3201,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3263,7 +3252,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3475,7 +3464,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3598,7 +3587,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4853,7 +4842,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6338,7 +6327,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6509,7 +6498,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6787,7 +6776,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6880,7 +6869,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Python Data Visualization Generator" @@ -6988,7 +6977,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7285,7 +7274,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Python Data Visualization Generator" WORKFLOW_DESCRIPTION: "Generates high-quality data visualizations and trend charts using Python scientific computing libraries" @@ -7464,7 +7453,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8425,7 +8414,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8709,7 +8698,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index c9b2bc0b9f..fe35a63b29 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -88,7 +88,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "q.lock.yml" with: @@ -174,7 +174,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -505,7 +505,7 @@ jobs: - name: Add rocket reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "rocket" GH_AW_COMMAND: q @@ -985,7 +985,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2486,36 +2486,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2530,57 +2530,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2716,7 +2705,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2759,7 +2748,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3181,7 +3170,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3364,7 +3353,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3433,7 +3422,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3655,7 +3644,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3779,7 +3768,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -5035,7 +5024,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6520,7 +6509,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6684,7 +6673,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6969,7 +6958,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -7062,7 +7051,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Q" @@ -7170,7 +7159,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7466,7 +7455,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Q" WORKFLOW_DESCRIPTION: "Intelligent assistant that answers questions, analyzes repositories, and can create PRs for workflow optimizations" @@ -7645,7 +7634,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7708,7 +7697,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7851,7 +7840,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: q with: @@ -8814,7 +8803,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -9322,7 +9311,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_PULL_REQUEST_URL: ${{ steps.create_pull_request.outputs.pull_request_url }} diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 532c8ef4e6..e203e68d27 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -46,7 +46,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "release.lock.yml" with: @@ -182,7 +182,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1642,36 +1642,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1686,57 +1686,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1846,7 +1835,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1889,7 +1878,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2066,7 +2055,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2214,7 +2203,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2265,7 +2254,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2474,7 +2463,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2597,7 +2586,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github.com,githubnext.github.io,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -3852,7 +3841,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5337,7 +5326,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5495,7 +5484,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5772,7 +5761,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5865,7 +5854,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Release" @@ -5973,7 +5962,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6268,7 +6257,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Release" WORKFLOW_DESCRIPTION: "Build, test, and release gh-aw extension, then generate and prepend release highlights" @@ -6447,7 +6436,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6500,28 +6489,28 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: false go-version-file: go.mod - name: Download Go modules run: go mod download - name: Generate SBOM (SPDX format) - uses: anchore/sbom-action@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11 + uses: anchore/sbom-action@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.10 with: artifact-name: sbom.spdx.json format: spdx-json output-file: sbom.spdx.json - name: Generate SBOM (CycloneDX format) - uses: anchore/sbom-action@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11 + uses: anchore/sbom-action@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.10 with: artifact-name: sbom.cdx.json format: cyclonedx-json output-file: sbom.cdx.json - name: Upload SBOM artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: sbom-artifacts path: | @@ -6544,7 +6533,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer with: @@ -6700,12 +6689,12 @@ jobs: release_tag: ${{ steps.get_release.outputs.release_tag }} steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 persist-credentials: false - name: Release with gh-extension-precompile - uses: cli/gh-extension-precompile@9e2237c30f869ad3bcaed6a4be2cd43564dd421b # v2.1.0 + uses: cli/gh-extension-precompile@9e2237c30f869ad3bcaed6a4be2cd43564dd421b # v2 with: build_script_override: scripts/build-release.sh go_version_file: go.mod @@ -6898,7 +6887,7 @@ jobs: - name: Update Release id: update_release if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_release')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index 38bbfa827a..74bbc23e3e 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "repo-tree-map.lock.yml" with: @@ -177,7 +177,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1632,36 +1632,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1676,57 +1676,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1836,7 +1825,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1879,7 +1868,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2162,7 +2151,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2213,7 +2202,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2420,7 +2409,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2543,7 +2532,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3798,7 +3787,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5283,7 +5272,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5441,7 +5430,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5718,7 +5707,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5811,7 +5800,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Repository Tree Map Generator" @@ -5919,7 +5908,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6216,7 +6205,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Repository Tree Map Generator" WORKFLOW_DESCRIPTION: "Generates ASCII tree map visualization of repository file structure weekly" @@ -6395,7 +6384,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7353,7 +7342,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 48cb998eab..e5cd7b1719 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "repository-quality-improver.lock.yml" with: @@ -202,7 +202,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1657,36 +1657,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1701,57 +1701,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1867,7 +1856,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1910,7 +1899,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2456,7 +2445,7 @@ jobs: - **Think holistically**: Consider workflow-specific aspects, tool integration quality, user experience, developer productivity, and documentation PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2540,7 +2529,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2712,7 +2701,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2763,7 +2752,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2971,7 +2960,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3094,7 +3083,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4349,7 +4338,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5834,7 +5823,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5998,7 +5987,7 @@ jobs: path: /tmp/gh-aw/cache-memory-focus-areas - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6276,7 +6265,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6369,7 +6358,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Repository Quality Improvement Agent" @@ -6477,7 +6466,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6774,7 +6763,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Repository Quality Improvement Agent" WORKFLOW_DESCRIPTION: "Daily analysis and improvement of repository quality focusing on different software development lifecycle areas" @@ -6953,7 +6942,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7911,7 +7900,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 6bc9b572ce..1168ed9fd7 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "research.lock.yml" with: @@ -180,7 +180,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1635,36 +1635,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1679,57 +1679,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1852,7 +1841,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1895,7 +1884,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1986,7 +1975,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2121,7 +2110,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2172,7 +2161,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2387,7 +2376,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2511,7 +2500,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -3766,7 +3755,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5251,7 +5240,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5409,7 +5398,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5686,7 +5675,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5779,7 +5768,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Basic Research Agent" @@ -5887,7 +5876,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6184,7 +6173,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Basic Research Agent" WORKFLOW_DESCRIPTION: "Performs web research on any topic using Tavily search and creates a discussion with findings" @@ -6363,7 +6352,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7321,7 +7310,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 83b39a201c..d294d1f905 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "safe-output-health.lock.yml" with: @@ -167,7 +167,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -217,7 +217,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1669,36 +1669,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1713,57 +1713,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1865,7 +1854,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1908,7 +1897,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2394,7 +2383,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2550,7 +2539,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2601,7 +2590,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2893,7 +2882,7 @@ jobs: MCP_TOOL_TIMEOUT: 300000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3017,7 +3006,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4264,7 +4253,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5337,7 +5326,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5501,7 +5490,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5779,7 +5768,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5872,7 +5861,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Safe Output Health Monitor" @@ -5980,7 +5969,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6277,7 +6266,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Safe Output Health Monitor" WORKFLOW_DESCRIPTION: "Monitors and analyzes the health of safe output operations across all agentic workflows" @@ -6462,7 +6451,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7420,7 +7409,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 038ef12137..182493d5f4 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "schema-consistency-checker.lock.yml" with: @@ -195,7 +195,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1617,36 +1617,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1661,57 +1661,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1800,7 +1789,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1843,7 +1832,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2373,7 +2362,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2424,7 +2413,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2704,7 +2693,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2828,7 +2817,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4075,7 +4064,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5148,7 +5137,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5312,7 +5301,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5590,7 +5579,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5683,7 +5672,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Schema Consistency Checker" @@ -5791,7 +5780,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6088,7 +6077,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Schema Consistency Checker" WORKFLOW_DESCRIPTION: "Detects inconsistencies between JSON schema, implementation code, and documentation" @@ -6273,7 +6262,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7231,7 +7220,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 010357acdb..d0a2a37978 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -103,7 +103,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "scout.lock.yml" with: @@ -189,7 +189,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -520,7 +520,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: scout @@ -984,7 +984,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2422,36 +2422,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2466,57 +2466,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2658,7 +2647,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2701,7 +2690,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3010,7 +2999,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3189,7 +3178,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3258,7 +3247,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3567,7 +3556,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3693,7 +3682,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4941,7 +4930,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -6014,7 +6003,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6178,7 +6167,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6456,7 +6445,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6549,7 +6538,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Scout" @@ -6657,7 +6646,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6953,7 +6942,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Scout" WORKFLOW_DESCRIPTION: "Performs deep research investigations using web search to gather and synthesize comprehensive information on any topic" @@ -7138,7 +7127,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7205,7 +7194,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7348,7 +7337,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: scout with: @@ -8042,7 +8031,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index ddc2311d37..96b3a1cd38 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "security-compliance.lock.yml" with: @@ -208,7 +208,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1684,36 +1684,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1728,57 +1728,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1888,7 +1877,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1931,7 +1920,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2236,7 +2225,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_AUDIT_DATE: ${{ github.event.inputs.audit_date }} @@ -2403,7 +2392,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2454,7 +2443,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_AUDIT_DATE: ${{ github.event.inputs.audit_date }} @@ -2667,7 +2656,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2790,7 +2779,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4045,7 +4034,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5530,7 +5519,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5697,7 +5686,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5975,7 +5964,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6068,7 +6057,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Security Compliance Campaign" @@ -6176,7 +6165,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6471,7 +6460,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Security Compliance Campaign" WORKFLOW_DESCRIPTION: "Fix critical vulnerabilities before audit deadline with full tracking and reporting" @@ -6650,7 +6639,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6728,7 +6717,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -7560,7 +7549,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_LABELS: "security,campaign-tracker" diff --git a/.github/workflows/security-fix-pr.lock.yml b/.github/workflows/security-fix-pr.lock.yml index db8a97be97..d35dc76dda 100644 --- a/.github/workflows/security-fix-pr.lock.yml +++ b/.github/workflows/security-fix-pr.lock.yml @@ -53,7 +53,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "security-fix-pr.lock.yml" with: @@ -196,7 +196,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1658,36 +1658,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1702,57 +1702,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1850,7 +1839,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1893,7 +1882,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2082,7 +2071,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2257,7 +2246,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2308,7 +2297,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2591,7 +2580,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2715,7 +2704,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3962,7 +3951,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5035,7 +5024,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5199,7 +5188,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5484,7 +5473,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5577,7 +5566,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Security Fix PR" @@ -5685,7 +5674,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -5982,7 +5971,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Security Fix PR" WORKFLOW_DESCRIPTION: "Identifies and automatically fixes code security issues by creating pull requests with remediation" @@ -6167,7 +6156,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6219,7 +6208,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -6362,7 +6351,7 @@ jobs: await main(); - name: Check skip-if-match query id: check_skip_if_match - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SKIP_QUERY: "is:pr is:open in:title \"[security-fix]\"" GH_AW_WORKFLOW_NAME: "Security Fix PR" @@ -6740,7 +6729,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index e15471a27d..ad663a3f9b 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "semantic-function-refactor.lock.yml" with: @@ -177,7 +177,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1688,36 +1688,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1732,57 +1732,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1880,7 +1869,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1923,7 +1912,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2415,7 +2404,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2563,7 +2552,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2614,7 +2603,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2911,7 +2900,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3035,7 +3024,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4282,7 +4271,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5355,7 +5344,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5513,7 +5502,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5790,7 +5779,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5883,7 +5872,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Semantic Function Refactoring" @@ -5991,7 +5980,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6288,7 +6277,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Semantic Function Refactoring" WORKFLOW_DESCRIPTION: "Analyzes Go codebase daily to identify opportunities for semantic function extraction and refactoring" @@ -6473,7 +6462,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7619,7 +7608,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[refactor] " @@ -7919,7 +7908,7 @@ jobs: - name: Close Issue id: close_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'close_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index c0b7d7d7ed..36a4eb67f4 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "slide-deck-maintainer.lock.yml" with: @@ -167,7 +167,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: cache: npm cache-dependency-path: docs/package-lock.json @@ -206,7 +206,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1672,36 +1672,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1716,57 +1716,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1882,7 +1871,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1925,7 +1914,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2182,7 +2171,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2372,7 +2361,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2423,7 +2412,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2672,7 +2661,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2795,7 +2784,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,bun.sh,deb.nodesource.com,deno.land,get.pnpm.io,github.com,host.docker.internal,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,skimdb.npmjs.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4050,7 +4039,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5535,7 +5524,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5699,7 +5688,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5984,7 +5973,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6078,7 +6067,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Slide Deck Maintainer" @@ -6187,7 +6176,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6485,7 +6474,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Slide Deck Maintainer" WORKFLOW_DESCRIPTION: "Maintains the gh-aw slide deck by scanning repository content and detecting layout issues using Playwright" @@ -6664,7 +6653,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6716,7 +6705,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -6859,7 +6848,7 @@ jobs: await main(); - name: Check skip-if-match query id: check_skip_if_match - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SKIP_QUERY: "is:pr is:open in:title \"[slides]\"" GH_AW_WORKFLOW_NAME: "Slide Deck Maintainer" @@ -7238,7 +7227,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 693fe6803a..f5c618312f 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -63,7 +63,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-claude.lock.yml" with: @@ -150,7 +150,7 @@ jobs: - name: Add heart reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "heart" GH_AW_WORKFLOW_NAME: "Smoke Claude" @@ -616,7 +616,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2165,36 +2165,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2209,57 +2209,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2388,7 +2377,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2431,7 +2420,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2614,7 +2603,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2798,7 +2787,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2849,7 +2838,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3153,7 +3142,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3277,7 +3266,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4524,7 +4513,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5597,7 +5586,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5761,7 +5750,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6039,7 +6028,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6132,7 +6121,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Claude" @@ -6240,7 +6229,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6536,7 +6525,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Claude" WORKFLOW_DESCRIPTION: "Smoke test workflow that validates Claude engine functionality by reviewing recent PRs every 6 hours" @@ -6722,7 +6711,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6777,7 +6766,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -8495,7 +8484,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_EXPIRES: "1" @@ -8794,7 +8783,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_HIDE_OLDER_COMMENTS: "true" @@ -9205,7 +9194,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "smoke-claude" diff --git a/.github/workflows/smoke-codex-firewall.lock.yml b/.github/workflows/smoke-codex-firewall.lock.yml index d36e30dd21..480fa76231 100644 --- a/.github/workflows/smoke-codex-firewall.lock.yml +++ b/.github/workflows/smoke-codex-firewall.lock.yml @@ -59,7 +59,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-codex-firewall.lock.yml" with: @@ -146,7 +146,7 @@ jobs: - name: Add rocket reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "rocket" GH_AW_WORKFLOW_NAME: "Smoke Codex Firewall" @@ -585,7 +585,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2161,36 +2161,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2205,57 +2205,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2345,7 +2334,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2388,7 +2377,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2462,7 +2451,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2595,7 +2584,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2646,7 +2635,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2853,7 +2842,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2977,7 +2966,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4232,7 +4221,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5522,7 +5511,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5681,7 +5670,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5839,7 +5828,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -6116,7 +6105,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6209,7 +6198,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Codex Firewall" @@ -6317,7 +6306,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6613,7 +6602,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Codex Firewall" WORKFLOW_DESCRIPTION: "Smoke test workflow that validates Codex engine functionality with AWF firewall enabled" @@ -6777,7 +6766,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6832,7 +6821,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -8550,7 +8539,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_EXPIRES: "1" @@ -8849,7 +8838,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_HIDE_OLDER_COMMENTS: "true" @@ -9260,7 +9249,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "smoke-codex-firewall" @@ -9381,7 +9370,7 @@ jobs: - name: Hide Comment id: hide_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'hide_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 9224bc8ff2..68af523d3c 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -59,7 +59,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-codex.lock.yml" with: @@ -146,7 +146,7 @@ jobs: - name: Add hooray reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "hooray" GH_AW_WORKFLOW_NAME: "Smoke Codex" @@ -612,7 +612,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2189,36 +2189,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2233,57 +2233,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2404,7 +2393,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2447,7 +2436,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2519,7 +2508,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2703,7 +2692,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2754,7 +2743,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2961,7 +2950,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3085,7 +3074,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4340,7 +4329,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5630,7 +5619,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5789,7 +5778,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5953,7 +5942,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(ERROR)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex ERROR messages with timestamp\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T[\\\\d:.]+Z)\\\\s+(WARN|WARNING)\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Codex warning messages with timestamp\"}]" @@ -6231,7 +6220,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6324,7 +6313,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Codex" @@ -6432,7 +6421,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6728,7 +6717,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Codex" WORKFLOW_DESCRIPTION: "Smoke test workflow that validates Codex engine functionality by reviewing recent PRs every 6 hours" @@ -6892,7 +6881,7 @@ jobs: RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6947,7 +6936,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -8665,7 +8654,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_EXPIRES: "1" @@ -8964,7 +8953,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_HIDE_OLDER_COMMENTS: "true" @@ -9375,7 +9364,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "smoke-codex" @@ -9496,7 +9485,7 @@ jobs: - name: Hide Comment id: hide_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'hide_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/smoke-copilot-no-firewall.lock.yml b/.github/workflows/smoke-copilot-no-firewall.lock.yml index 31011bce6e..790c58ecc9 100644 --- a/.github/workflows/smoke-copilot-no-firewall.lock.yml +++ b/.github/workflows/smoke-copilot-no-firewall.lock.yml @@ -63,7 +63,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-copilot-no-firewall.lock.yml" with: @@ -150,7 +150,7 @@ jobs: - name: Add +1 reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "+1" GH_AW_WORKFLOW_NAME: "Smoke Copilot No Firewall" @@ -601,7 +601,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2074,36 +2074,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2118,57 +2118,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -3510,7 +3499,7 @@ jobs: - name: Generate Safe Inputs MCP Server Config id: safe-inputs-config - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function generateSafeInputsConfig({ core, crypto }) { @@ -3693,7 +3682,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3736,7 +3725,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3824,7 +3813,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3983,7 +3972,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -4034,7 +4023,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -4248,7 +4237,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -4371,7 +4360,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -5633,7 +5622,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -7117,7 +7106,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -7394,7 +7383,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -7487,7 +7476,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Copilot No Firewall" @@ -7595,7 +7584,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7891,7 +7880,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Copilot No Firewall" WORKFLOW_DESCRIPTION: "Smoke test workflow that validates Copilot engine functionality without firewall by reviewing recent PRs every 6 hours" @@ -8070,7 +8059,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8125,7 +8114,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -9577,7 +9566,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_HIDE_OLDER_COMMENTS: "true" @@ -9985,7 +9974,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "smoke-copilot-no-firewall" diff --git a/.github/workflows/smoke-copilot-playwright.lock.yml b/.github/workflows/smoke-copilot-playwright.lock.yml index 9e4948c85a..eec59eb687 100644 --- a/.github/workflows/smoke-copilot-playwright.lock.yml +++ b/.github/workflows/smoke-copilot-playwright.lock.yml @@ -63,7 +63,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-copilot-playwright.lock.yml" with: @@ -150,7 +150,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_WORKFLOW_NAME: "Smoke Copilot Playwright" @@ -619,7 +619,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2171,36 +2171,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2215,57 +2215,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -3607,7 +3596,7 @@ jobs: - name: Generate Safe Inputs MCP Server Config id: safe-inputs-config - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function generateSafeInputsConfig({ core, crypto }) { @@ -3790,7 +3779,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3833,7 +3822,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3918,7 +3907,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} @@ -4100,7 +4089,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -4151,7 +4140,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} @@ -4362,7 +4351,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -4485,7 +4474,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,accounts.google.com,android.clients.google.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,cdn.playwright.dev,clients2.google.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.google.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -5747,7 +5736,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -7232,7 +7221,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -7396,7 +7385,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -7635,7 +7624,7 @@ jobs: run: "echo \"📋 Collecting Playwright MCP logs...\"\n\n# Create logs directory\nmkdir -p /tmp/gh-aw/playwright-debug-logs\n\n# Copy any playwright logs from the MCP logs directory\nif [ -d \"/tmp/gh-aw/mcp-logs/playwright\" ]; then\n echo \"Found Playwright MCP logs directory\"\n cp -r /tmp/gh-aw/mcp-logs/playwright/* /tmp/gh-aw/playwright-debug-logs/ 2>/dev/null || true\n ls -la /tmp/gh-aw/playwright-debug-logs/\nelse\n echo \"No Playwright MCP logs directory found at /tmp/gh-aw/mcp-logs/playwright\"\nfi\n\n# List all trace files if any\necho \"Looking for trace files...\"\nfind /tmp -name \"*.zip\" -o -name \"trace*\" 2>/dev/null | head -20 || true\n\n# Show docker container logs if any containers are still running\necho \"Checking for running Docker containers...\"\ndocker ps -a --format \"table {{.Names}}\\t{{.Status}}\\t{{.Image}}\" 2>/dev/null || true\n" - if: always() name: Upload Playwright Debug Logs - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: ignore name: playwright-debug-logs-${{ github.run_id }} @@ -7686,7 +7675,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -7779,7 +7768,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Copilot Playwright" @@ -7887,7 +7876,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -8183,7 +8172,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Copilot Playwright" WORKFLOW_DESCRIPTION: "Smoke test workflow that validates Copilot engine functionality by reviewing recent PRs every 6 hours" @@ -8363,7 +8352,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8418,7 +8407,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -10136,7 +10125,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_EXPIRES: "1" @@ -10435,7 +10424,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_HIDE_OLDER_COMMENTS: "true" @@ -10846,7 +10835,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "smoke-copilot" diff --git a/.github/workflows/smoke-copilot-safe-inputs.lock.yml b/.github/workflows/smoke-copilot-safe-inputs.lock.yml index 698b90c5a9..44145c3e6f 100644 --- a/.github/workflows/smoke-copilot-safe-inputs.lock.yml +++ b/.github/workflows/smoke-copilot-safe-inputs.lock.yml @@ -63,7 +63,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-copilot-safe-inputs.lock.yml" with: @@ -150,7 +150,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_WORKFLOW_NAME: "Smoke Copilot Safe Inputs" @@ -588,7 +588,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2036,36 +2036,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2080,57 +2080,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -3472,7 +3461,7 @@ jobs: - name: Generate Safe Inputs MCP Server Config id: safe-inputs-config - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function generateSafeInputsConfig({ core, crypto }) { @@ -3622,7 +3611,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3665,7 +3654,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3751,7 +3740,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} @@ -3855,7 +3844,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} @@ -4064,7 +4053,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -4187,7 +4176,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -5449,7 +5438,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6934,7 +6923,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -7092,7 +7081,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -7369,7 +7358,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -7462,7 +7451,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Copilot Safe Inputs" @@ -7570,7 +7559,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7865,7 +7854,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Copilot Safe Inputs" WORKFLOW_DESCRIPTION: "Smoke Copilot Safe Inputs" @@ -8044,7 +8033,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -8099,7 +8088,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -9550,7 +9539,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_HIDE_OLDER_COMMENTS: "true" @@ -9958,7 +9947,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "smoke-copilot" diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index c0de7f787a..89d7d2cb1c 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -59,7 +59,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-copilot.lock.yml" with: @@ -146,7 +146,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_WORKFLOW_NAME: "Smoke Copilot" @@ -600,7 +600,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2151,36 +2151,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2195,57 +2195,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2355,7 +2344,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2398,7 +2387,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2471,7 +2460,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2644,7 +2633,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2695,7 +2684,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2904,7 +2893,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3027,7 +3016,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4282,7 +4271,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5767,7 +5756,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5931,7 +5920,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6209,7 +6198,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6302,7 +6291,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Copilot" @@ -6410,7 +6399,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6706,7 +6695,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Copilot" WORKFLOW_DESCRIPTION: "Smoke Copilot" @@ -6885,7 +6874,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6940,7 +6929,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -8658,7 +8647,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_EXPIRES: "1" @@ -8957,7 +8946,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_HIDE_OLDER_COMMENTS: "true" @@ -9368,7 +9357,7 @@ jobs: - name: Add Labels id: add_labels if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_labels')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_LABELS_ALLOWED: "smoke-copilot" diff --git a/.github/workflows/smoke-detector.lock.yml b/.github/workflows/smoke-detector.lock.yml index 599b02c984..4cfccf299c 100644 --- a/.github/workflows/smoke-detector.lock.yml +++ b/.github/workflows/smoke-detector.lock.yml @@ -79,7 +79,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-detector.lock.yml" with: @@ -166,7 +166,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_WORKFLOW_NAME: "Smoke Detector - Smoke Test Failure Investigator" @@ -595,7 +595,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -639,7 +639,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2148,36 +2148,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2192,57 +2192,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2344,7 +2333,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2387,7 +2376,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2700,7 +2689,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2868,7 +2857,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2919,7 +2908,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -3200,7 +3189,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3324,7 +3313,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4571,7 +4560,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5644,7 +5633,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5808,7 +5797,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6086,7 +6075,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6179,7 +6168,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke Detector - Smoke Test Failure Investigator" @@ -6287,7 +6276,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6585,7 +6574,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke Detector - Smoke Test Failure Investigator" WORKFLOW_DESCRIPTION: "Reusable workflow that analyzes failed workflow runs and provides diagnostic information" @@ -6770,7 +6759,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6822,7 +6811,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7940,7 +7929,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[smoke-detector] " @@ -8241,7 +8230,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_TARGET: "*" diff --git a/.github/workflows/smoke-srt-custom-config.lock.yml b/.github/workflows/smoke-srt-custom-config.lock.yml index fb7e3f6ad0..ee602dbe56 100644 --- a/.github/workflows/smoke-srt-custom-config.lock.yml +++ b/.github/workflows/smoke-srt-custom-config.lock.yml @@ -42,7 +42,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-srt-custom-config.lock.yml" with: @@ -162,7 +162,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -321,7 +321,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -364,7 +364,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -496,7 +496,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -547,7 +547,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -1017,7 +1017,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -1148,7 +1148,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -2632,7 +2632,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" diff --git a/.github/workflows/smoke-srt.lock.yml b/.github/workflows/smoke-srt.lock.yml index b6eb6b966b..a2b173ff6a 100644 --- a/.github/workflows/smoke-srt.lock.yml +++ b/.github/workflows/smoke-srt.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "smoke-srt.lock.yml" with: @@ -178,7 +178,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1589,36 +1589,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1633,57 +1633,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1793,7 +1782,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1836,7 +1825,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1988,7 +1977,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2039,7 +2028,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2461,7 +2450,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2584,7 +2573,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubcopilot.com,*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,example.com,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -3839,7 +3828,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5323,7 +5312,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5599,7 +5588,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5692,7 +5681,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Smoke SRT" @@ -5800,7 +5789,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6096,7 +6085,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Smoke SRT" WORKFLOW_DESCRIPTION: "Smoke test workflow for Sandbox Runtime (SRT) - validates SRT functionality with Copilot" @@ -6275,7 +6264,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6330,7 +6319,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: diff --git a/.github/workflows/spec-kit-execute.lock.yml b/.github/workflows/spec-kit-execute.lock.yml index 2986dd9ac4..4ef6b26c6e 100644 --- a/.github/workflows/spec-kit-execute.lock.yml +++ b/.github/workflows/spec-kit-execute.lock.yml @@ -44,7 +44,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "spec-kit-execute.lock.yml" with: @@ -216,7 +216,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1651,36 +1651,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1695,57 +1695,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1848,7 +1837,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1891,7 +1880,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2477,7 +2466,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2528,7 +2517,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2771,7 +2760,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2894,7 +2883,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4149,7 +4138,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5634,7 +5623,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5807,7 +5796,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6093,7 +6082,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6187,7 +6176,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Spec-Kit Execute" @@ -6296,7 +6285,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6594,7 +6583,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Spec-Kit Execute" WORKFLOW_DESCRIPTION: "Execute pending spec-kit specifications" @@ -6773,7 +6762,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6851,7 +6840,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -7340,7 +7329,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/spec-kit-executor.lock.yml b/.github/workflows/spec-kit-executor.lock.yml index 990d4a6477..0fecab5ba3 100644 --- a/.github/workflows/spec-kit-executor.lock.yml +++ b/.github/workflows/spec-kit-executor.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "spec-kit-executor.lock.yml" with: @@ -217,7 +217,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1682,36 +1682,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1726,57 +1726,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1886,7 +1875,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1929,7 +1918,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2352,7 +2341,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2403,7 +2392,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2646,7 +2635,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2769,7 +2758,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4024,7 +4013,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5509,7 +5498,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5682,7 +5671,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5968,7 +5957,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6062,7 +6051,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Spec Kit Executor" @@ -6171,7 +6160,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6469,7 +6458,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Spec Kit Executor" WORKFLOW_DESCRIPTION: "Automatically executes pending spec-kit tasks on a schedule" @@ -6648,7 +6637,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6726,7 +6715,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -7215,7 +7204,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} diff --git a/.github/workflows/speckit-dispatcher.lock.yml b/.github/workflows/speckit-dispatcher.lock.yml index 5c3f1613ac..9831b6c5d6 100644 --- a/.github/workflows/speckit-dispatcher.lock.yml +++ b/.github/workflows/speckit-dispatcher.lock.yml @@ -82,7 +82,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "speckit-dispatcher.lock.yml" with: @@ -168,7 +168,7 @@ jobs: }); - name: Compute current body text id: compute-text - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const redactedDomains = []; @@ -499,7 +499,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: speckit @@ -939,7 +939,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2493,36 +2493,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2537,57 +2537,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2697,7 +2686,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2740,7 +2729,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -3141,7 +3130,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3278,7 +3267,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3347,7 +3336,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3581,7 +3570,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3704,7 +3693,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4960,7 +4949,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6445,7 +6434,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6603,7 +6592,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6880,7 +6869,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6973,7 +6962,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Spec-Kit Command Dispatcher" @@ -7081,7 +7070,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7377,7 +7366,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Spec-Kit Command Dispatcher" WORKFLOW_DESCRIPTION: "Dispatches user requests to appropriate spec-kit commands for spec-driven development" @@ -7556,7 +7545,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7618,7 +7607,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7761,7 +7750,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: speckit with: @@ -8791,7 +8780,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -9089,7 +9078,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_URL: ${{ steps.create_issue.outputs.issue_url }} @@ -9499,7 +9488,7 @@ jobs: - name: Link Sub Issue id: link_sub_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'link_sub_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_NUMBER: ${{ steps.create_issue.outputs.issue_number }} diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 9826f0b420..cab26c7974 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -60,7 +60,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "stale-repo-identifier.lock.yml" with: @@ -184,7 +184,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -192,7 +192,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -208,7 +208,7 @@ jobs: pip install --user --quiet numpy pandas matplotlib seaborn scipy - if: always() name: Upload charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-charts @@ -216,7 +216,7 @@ jobs: retention-days: 30 - if: always() name: Upload source and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: trending-source-and-data @@ -231,7 +231,7 @@ jobs: ORGANIZATION: ${{ env.ORGANIZATION }} id: stale-repos name: Run stale_repos tool - uses: github/stale-repos@3477b6488008d9411aaf22a0924ec7c1f6a69980 # v3 + uses: github/stale-repos@a21e55567b83cf3c3f3f9085d3038dc6cee02598 # v3 - env: INACTIVE_REPOS: ${{ steps.stale-repos.outputs.inactiveRepos }} name: Save stale repos output @@ -267,7 +267,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1769,36 +1769,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1813,57 +1813,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1978,7 +1967,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2021,7 +2010,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2594,7 +2583,7 @@ jobs: - **Already Archived**: If a repository is already archived, skip it (no issue needed) PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_ENV_ORGANIZATION: ${{ env.ORGANIZATION }} @@ -2770,7 +2759,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_ENV_ORGANIZATION: ${{ env.ORGANIZATION }} @@ -2945,7 +2934,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2996,7 +2985,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_ENV_ORGANIZATION: ${{ env.ORGANIZATION }} @@ -3209,7 +3198,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3332,7 +3321,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,codeload.github.com,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.npmjs.org,repo.anaconda.com,repo.continuum.io,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4587,7 +4576,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -6072,7 +6061,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6243,7 +6232,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6521,7 +6510,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6614,7 +6603,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Stale Repository Identifier" @@ -6722,7 +6711,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -7020,7 +7009,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Stale Repository Identifier" WORKFLOW_DESCRIPTION: "Monthly workflow that identifies stale repositories in an organization and creates detailed activity reports" @@ -7199,7 +7188,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7919,7 +7908,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[Stale Repository] " @@ -8219,7 +8208,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index bc200661d9..4ece510b61 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "static-analysis-report.lock.yml" with: @@ -166,7 +166,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -210,7 +210,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1662,36 +1662,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1706,57 +1706,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1858,7 +1847,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1901,7 +1890,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2305,7 +2294,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2461,7 +2450,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2512,7 +2501,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2788,7 +2777,7 @@ jobs: MCP_TOOL_TIMEOUT: 300000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2912,7 +2901,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4159,7 +4148,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5232,7 +5221,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5396,7 +5385,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5674,7 +5663,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5767,7 +5756,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Static Analysis Report" @@ -5875,7 +5864,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6172,7 +6161,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Static Analysis Report" WORKFLOW_DESCRIPTION: "Scans agentic workflows daily for security vulnerabilities using zizmor, poutine, and actionlint" @@ -6357,7 +6346,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7315,7 +7304,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 18e2f02b71..bec399eb0f 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -45,7 +45,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "sub-issue-closer.lock.yml" with: @@ -172,7 +172,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1670,36 +1670,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1714,57 +1714,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1874,7 +1863,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1917,7 +1906,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2082,7 +2071,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2213,7 +2202,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2264,7 +2253,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2474,7 +2463,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2597,7 +2586,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -3852,7 +3841,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5337,7 +5326,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5495,7 +5484,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5772,7 +5761,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5865,7 +5854,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Sub-Issue Closer" @@ -5973,7 +5962,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6270,7 +6259,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Sub-Issue Closer" WORKFLOW_DESCRIPTION: "Scheduled workflow that recursively closes parent issues when all sub-issues are 100% complete" @@ -6449,7 +6438,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7747,7 +7736,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_TARGET: "*" @@ -8155,7 +8144,7 @@ jobs: - name: Update Issue id: update_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 0dd7aa278a..8e56941658 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "super-linter.lock.yml" with: @@ -166,7 +166,7 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Download super-linter log - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 with: name: super-linter-log path: /tmp/gh-aw/ @@ -200,7 +200,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1676,36 +1676,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1720,57 +1720,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1880,7 +1869,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1923,7 +1912,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2102,7 +2091,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2279,7 +2268,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2330,7 +2319,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2541,7 +2530,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2664,7 +2653,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3919,7 +3908,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5404,7 +5393,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5568,7 +5557,7 @@ jobs: path: /tmp/gh-aw/cache-memory - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5846,7 +5835,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5939,7 +5928,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Super Linter Report" @@ -6047,7 +6036,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6344,7 +6333,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Super Linter Report" WORKFLOW_DESCRIPTION: "Runs comprehensive code quality checks using Super Linter and creates issues for violations" @@ -6523,7 +6512,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7239,7 +7228,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[linter] " @@ -7547,13 +7536,13 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 persist-credentials: false - name: Super-linter id: super-linter - uses: super-linter/super-linter@47984f49b4e87383eed97890fe2dca6063bbd9c3 # v8.3.1 + uses: super-linter/super-linter@47984f49b4e87383eed97890fe2dca6063bbd9c3 # v8.2.1 env: CREATE_LOG_FILE: "true" DEFAULT_BRANCH: main @@ -7575,7 +7564,7 @@ jobs: fi - name: Upload super-linter log if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: super-linter-log path: super-linter.log diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 4f8066910d..7bbfc732b8 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "technical-doc-writer.lock.yml" with: @@ -215,7 +215,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1742,36 +1742,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1786,57 +1786,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1949,7 +1938,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1992,7 +1981,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2435,7 +2424,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_TOPIC: ${{ github.event.inputs.topic }} @@ -2606,7 +2595,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2657,7 +2646,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_INPUTS_TOPIC: ${{ github.event.inputs.topic }} @@ -2872,7 +2861,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2995,7 +2984,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4250,7 +4239,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5735,7 +5724,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5906,7 +5895,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6191,7 +6180,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6284,7 +6273,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Technical Doc Writer" @@ -6392,7 +6381,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6690,7 +6679,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Technical Doc Writer" WORKFLOW_DESCRIPTION: "Reviews and improves technical documentation based on provided topics" @@ -6869,7 +6858,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7826,7 +7815,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -8332,7 +8321,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_PULL_REQUEST_URL: ${{ steps.create_pull_request.outputs.pull_request_url }} @@ -8741,7 +8730,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 840170e2de..09887cdcb0 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -64,7 +64,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "tidy.lock.yml" with: @@ -151,7 +151,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: tidy @@ -577,13 +577,13 @@ jobs: mkdir -p /tmp/gh-aw/sandbox/agent/logs echo "Created /tmp/gh-aw/agent directory for agentic workflow temporary files" - name: Set up Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: cache: npm cache-dependency-path: pkg/workflow/js/package-lock.json node-version: "24" - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: cache: true go-version-file: go.mod @@ -604,7 +604,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2117,36 +2117,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2161,57 +2161,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2321,7 +2310,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2364,7 +2353,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2598,7 +2587,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2667,7 +2656,7 @@ jobs: PROMPT_EOF - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2899,7 +2888,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3022,7 +3011,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4278,7 +4267,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5763,7 +5752,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5921,7 +5910,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6205,7 +6194,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6298,7 +6287,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Tidy" @@ -6406,7 +6395,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6701,7 +6690,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Tidy" WORKFLOW_DESCRIPTION: "Automatically formats and tidies code files (Go, JS, TypeScript) when code changes are pushed or on command" @@ -6880,7 +6869,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6935,7 +6924,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7078,7 +7067,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: tidy with: @@ -7499,7 +7488,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -8026,7 +8015,7 @@ jobs: - name: Push To Pull Request Branch id: push_to_pull_request_branch if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'push_to_pull_request_branch')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_PUSH_IF_NO_CHANGES: "warn" diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index c2c0da5ab7..bbfe78b13b 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -48,7 +48,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "typist.lock.yml" with: @@ -188,7 +188,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1640,36 +1640,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1684,57 +1684,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1845,7 +1834,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1888,7 +1877,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2413,7 +2402,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2561,7 +2550,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2612,7 +2601,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2909,7 +2898,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3033,7 +3022,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4280,7 +4269,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5353,7 +5342,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5511,7 +5500,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -5788,7 +5777,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5881,7 +5870,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Typist - Go Type Analysis" @@ -5989,7 +5978,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6286,7 +6275,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Typist - Go Type Analysis" WORKFLOW_DESCRIPTION: "Analyzes Go type usage patterns and identifies opportunities for better type safety and code improvements" @@ -6471,7 +6460,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7429,7 +7418,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index b53cbf6e99..6068fce356 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -62,7 +62,7 @@ jobs: reaction_id: ${{ steps.react.outputs.reaction-id }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "unbloat-docs.lock.yml" with: @@ -149,7 +149,7 @@ jobs: - name: Add eyes reaction to the triggering item id: react if: github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment' || (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.id == github.repository_id) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REACTION: "eyes" GH_AW_COMMAND: unbloat @@ -623,7 +623,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -2148,36 +2148,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -2192,57 +2192,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -2363,7 +2352,7 @@ jobs: EOF - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2406,7 +2395,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2704,7 +2693,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2890,7 +2879,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2941,7 +2930,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -3283,7 +3272,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3407,7 +3396,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,anthropic.com,api.anthropic.com,api.github.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,files.pythonhosted.org,ghcr.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,pypi.org,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,sentry.io,statsig.anthropic.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" @@ -4655,7 +4644,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log with: @@ -5728,7 +5717,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5899,7 +5888,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/agent-stdio.log GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"}]" @@ -6184,7 +6173,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6277,7 +6266,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Documentation Unbloat" @@ -6385,7 +6374,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6681,7 +6670,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Documentation Unbloat" WORKFLOW_DESCRIPTION: "Reviews and simplifies documentation by reducing verbosity while maintaining clarity and completeness" @@ -6867,7 +6856,7 @@ jobs: MCP_TOOL_TIMEOUT: 60000 - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6922,7 +6911,7 @@ jobs: steps: - name: Check team membership for command workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7065,7 +7054,7 @@ jobs: await main(); - name: Check command position id: check_command_position - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_COMMAND: unbloat with: @@ -8031,7 +8020,7 @@ jobs: - name: Create Pull Request id: create_pull_request if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_BASE_BRANCH: ${{ github.ref_name }} @@ -8539,7 +8528,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_PULL_REQUEST_URL: ${{ steps.create_pull_request.outputs.pull_request_url }} @@ -8948,7 +8937,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 060698d4ad..f6837f00c2 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "video-analyzer.lock.yml" with: @@ -187,7 +187,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1663,36 +1663,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1707,57 +1707,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1867,7 +1856,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1910,7 +1899,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2226,7 +2215,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2361,7 +2350,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2412,7 +2401,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2638,7 +2627,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2761,7 +2750,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4016,7 +4005,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5501,7 +5490,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5659,7 +5648,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5936,7 +5925,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6029,7 +6018,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Video Analysis Agent" @@ -6137,7 +6126,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6434,7 +6423,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Video Analysis Agent" WORKFLOW_DESCRIPTION: "Analyzes video files using ffmpeg to extract metadata, frames, and other technical information" @@ -6613,7 +6602,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7329,7 +7318,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_ISSUE_TITLE_PREFIX: "[video-analysis] " diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 0551f3ad7c..debca14f01 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "weekly-issue-summary.lock.yml" with: @@ -167,7 +167,7 @@ jobs: run: "pip install --user --quiet numpy pandas matplotlib seaborn scipy\n\n# Verify installations\npython3 -c \"import numpy; print(f'NumPy {numpy.__version__} installed')\"\npython3 -c \"import pandas; print(f'Pandas {pandas.__version__} installed')\"\npython3 -c \"import matplotlib; print(f'Matplotlib {matplotlib.__version__} installed')\"\npython3 -c \"import seaborn; print(f'Seaborn {seaborn.__version__} installed')\"\npython3 -c \"import scipy; print(f'SciPy {scipy.__version__} installed')\"\n\necho \"All scientific libraries installed successfully\"\n" - if: always() name: Upload generated charts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: data-charts @@ -175,7 +175,7 @@ jobs: retention-days: 30 - if: always() name: Upload source files and data - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: if-no-files-found: warn name: python-source-and-data @@ -1656,36 +1656,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1700,57 +1700,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1863,7 +1852,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1906,7 +1895,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2476,7 +2465,7 @@ jobs: - Set appropriate date formatters for x-axis labels PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2544,7 +2533,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2715,7 +2704,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2766,7 +2755,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} @@ -2977,7 +2966,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -3100,7 +3089,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "*.pythonhosted.org,anaconda.org,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,binstar.org,bootstrap.pypa.io,bun.sh,conda.anaconda.org,conda.binstar.org,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,files.pythonhosted.org,get.pnpm.io,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pip.pypa.io,ppa.launchpad.net,pypi.org,pypi.python.org,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.anaconda.com,repo.continuum.io,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" @@ -4355,7 +4344,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5840,7 +5829,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -6011,7 +6000,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6289,7 +6278,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6383,7 +6372,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Weekly Issue Summary" @@ -6492,7 +6481,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6790,7 +6779,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Weekly Issue Summary" WORKFLOW_DESCRIPTION: "Creates weekly summary of issue activity including trends, charts, and insights every Monday" @@ -6969,7 +6958,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -7931,7 +7920,7 @@ jobs: - name: Create Discussion id: create_discussion if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_discussion')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8215,7 +8204,7 @@ jobs: - name: Upload Assets id: upload_assets if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'upload_asset')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index db3cb3afef..d8707afd88 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -50,7 +50,7 @@ jobs: issue_locked: ${{ steps.lock-issue.outputs.locked }} steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "workflow-generator.lock.yml" with: @@ -137,7 +137,7 @@ jobs: - name: Lock issue for agent workflow id: lock-issue if: (github.event_name == 'issues') || (github.event_name == 'issue_comment') - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | async function main() { @@ -225,7 +225,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1725,36 +1725,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1769,57 +1769,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1929,7 +1918,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1972,7 +1961,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2098,7 +2087,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -2229,7 +2218,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2280,7 +2269,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} @@ -2490,7 +2479,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2613,7 +2602,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -3868,7 +3857,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5353,7 +5342,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5511,7 +5500,7 @@ jobs: if-no-files-found: warn - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -5788,7 +5777,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -5881,7 +5870,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Workflow Generator" @@ -5989,7 +5978,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6252,7 +6241,7 @@ jobs: - name: Unlock issue after agent workflow id: unlock-issue if: (always()) && (((github.event_name == 'issues') || (github.event_name == 'issue_comment')) && (needs.activation.outputs.issue_locked == 'true')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | async function main() { @@ -6329,7 +6318,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Workflow Generator" WORKFLOW_DESCRIPTION: "Workflow generator that updates issue status and assigns to Copilot agent for workflow design" @@ -6508,7 +6497,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6561,7 +6550,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7868,7 +7857,7 @@ jobs: - name: Assign To Agent id: assign_to_agent if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'assign_to_agent')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8046,7 +8035,7 @@ jobs: - name: Update Issue id: update_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index 8886ce48af..73017e8463 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -47,7 +47,7 @@ jobs: comment_repo: "" steps: - name: Check workflow file timestamps - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_WORKFLOW_FILE: "workflow-health-manager.lock.yml" with: @@ -204,7 +204,7 @@ jobs: - name: Checkout PR branch if: | github.event.pull_request - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} with: @@ -1745,36 +1745,36 @@ jobs: const fs = require("fs"); function loadTools(server) { const toolsPath = process.env.GH_AW_SAFE_OUTPUTS_TOOLS_PATH || "/tmp/gh-aw/safeoutputs/tools.json"; - let ALL_TOOLS = []; server.debug(`Reading tools from file: ${toolsPath}`); + if (!fs.existsSync(toolsPath)) { + server.debug(`Tools file does not exist at: ${toolsPath}`); + server.debug(`Using empty tools array`); + return []; + } try { - if (fs.existsSync(toolsPath)) { - server.debug(`Tools file exists at: ${toolsPath}`); - const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); - server.debug(`Tools file content length: ${toolsFileContent.length} characters`); - server.debug(`Tools file read successfully, attempting to parse JSON`); - ALL_TOOLS = JSON.parse(toolsFileContent); - server.debug(`Successfully parsed ${ALL_TOOLS.length} tools from file`); - } else { - server.debug(`Tools file does not exist at: ${toolsPath}`); - server.debug(`Using empty tools array`); - ALL_TOOLS = []; - } + server.debug(`Tools file exists at: ${toolsPath}`); + const toolsFileContent = fs.readFileSync(toolsPath, "utf8"); + server.debug(`Tools file content length: ${toolsFileContent.length} characters`); + server.debug(`Tools file read successfully, attempting to parse JSON`); + const tools = JSON.parse(toolsFileContent); + server.debug(`Successfully parsed ${tools.length} tools from file`); + return tools; } catch (error) { server.debug(`Error reading tools file: ${error instanceof Error ? error.message : String(error)}`); server.debug(`Falling back to empty tools array`); - ALL_TOOLS = []; + return []; } - return ALL_TOOLS; } function attachHandlers(tools, handlers) { + const handlerMap = { + create_pull_request: handlers.createPullRequestHandler, + push_to_pull_request_branch: handlers.pushToPullRequestBranchHandler, + upload_asset: handlers.uploadAssetHandler, + }; tools.forEach(tool => { - if (tool.name === "create_pull_request") { - tool.handler = handlers.createPullRequestHandler; - } else if (tool.name === "push_to_pull_request_branch") { - tool.handler = handlers.pushToPullRequestBranchHandler; - } else if (tool.name === "upload_asset") { - tool.handler = handlers.uploadAssetHandler; + const handler = handlerMap[tool.name]; + if (handler) { + tool.handler = handler; } }); return tools; @@ -1789,57 +1789,46 @@ jobs: function registerDynamicTools(server, tools, config, outputFile, registerTool, normalizeTool) { Object.keys(config).forEach(configKey => { const normalizedKey = normalizeTool(configKey); - if (server.tools[normalizedKey]) { + if (server.tools[normalizedKey] || tools.find(t => t.name === normalizedKey)) { return; } - if (!tools.find(t => t.name === normalizedKey)) { - const jobConfig = config[configKey]; - const dynamicTool = { - name: normalizedKey, - description: jobConfig && jobConfig.description ? jobConfig.description : `Custom safe-job: ${configKey}`, - inputSchema: { - type: "object", - properties: {}, - additionalProperties: true, - }, - handler: args => { - const entry = { - type: normalizedKey, - ...args, - }; - const entryJSON = JSON.stringify(entry); - fs.appendFileSync(outputFile, entryJSON + "\n"); - const outputText = jobConfig && jobConfig.output ? jobConfig.output : `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; - return { - content: [ - { - type: "text", - text: JSON.stringify({ result: outputText }), - }, - ], - }; - }, - }; - if (jobConfig && jobConfig.inputs) { - dynamicTool.inputSchema.properties = {}; - dynamicTool.inputSchema.required = []; - Object.keys(jobConfig.inputs).forEach(inputName => { - const inputDef = jobConfig.inputs[inputName]; - const propSchema = { - type: inputDef.type || "string", - description: inputDef.description || `Input parameter: ${inputName}`, - }; - if (inputDef.options && Array.isArray(inputDef.options)) { - propSchema.enum = inputDef.options; - } - dynamicTool.inputSchema.properties[inputName] = propSchema; - if (inputDef.required) { - dynamicTool.inputSchema.required.push(inputName); - } - }); - } - registerTool(server, dynamicTool); + const jobConfig = config[configKey]; + const dynamicTool = { + name: normalizedKey, + description: jobConfig?.description ?? `Custom safe-job: ${configKey}`, + inputSchema: { + type: "object", + properties: {}, + additionalProperties: true, + }, + handler: args => { + const entry = { type: normalizedKey, ...args }; + fs.appendFileSync(outputFile, `${JSON.stringify(entry)}\n`); + const outputText = jobConfig?.output ?? `Safe-job '${configKey}' executed successfully with arguments: ${JSON.stringify(args)}`; + return { + content: [{ type: "text", text: JSON.stringify({ result: outputText }) }], + }; + }, + }; + if (jobConfig?.inputs) { + dynamicTool.inputSchema.properties = {}; + dynamicTool.inputSchema.required = []; + Object.keys(jobConfig.inputs).forEach(inputName => { + const inputDef = jobConfig.inputs[inputName]; + const propSchema = { + type: inputDef.type || "string", + description: inputDef.description || `Input parameter: ${inputName}`, + }; + if (Array.isArray(inputDef.options)) { + propSchema.enum = inputDef.options; + } + dynamicTool.inputSchema.properties[inputName] = propSchema; + if (inputDef.required) { + dynamicTool.inputSchema.required.push(inputName); + } + }); } + registerTool(server, dynamicTool); }); } module.exports = { @@ -1942,7 +1931,7 @@ jobs: echo "GITHUB_COPILOT_CLI_MODE: $GITHUB_COPILOT_CLI_MODE" - name: Generate agentic run info id: generate_aw_info - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -1985,7 +1974,7 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - name: Generate workflow overview - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -2555,7 +2544,7 @@ jobs: PROMPT_EOF - name: Substitute placeholders - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_GITHUB_ACTOR: ${{ github.actor }} @@ -2606,7 +2595,7 @@ jobs: } }); - name: Interpolate variables and render templates - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt with: @@ -2815,7 +2804,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Redact secrets in logs if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require("fs"); @@ -2938,7 +2927,7 @@ jobs: if-no-files-found: warn - name: Ingest agent output id: collect_output - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org" @@ -4193,7 +4182,7 @@ jobs: if-no-files-found: ignore - name: Parse agent logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ with: @@ -5678,7 +5667,7 @@ jobs: if-no-files-found: ignore - name: Parse firewall logs for step summary if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | function sanitizeWorkflowName(name) { @@ -5845,7 +5834,7 @@ jobs: if-no-files-found: ignore - name: Validate agent logs for errors if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: /tmp/gh-aw/sandbox/agent/logs/ GH_AW_ERROR_PATTERNS: "[{\"id\":\"\",\"pattern\":\"::(error)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - error\"},{\"id\":\"\",\"pattern\":\"::(warning)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - warning\"},{\"id\":\"\",\"pattern\":\"::(notice)(?:\\\\s+[^:]*)?::(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"GitHub Actions workflow command - notice\"},{\"id\":\"\",\"pattern\":\"(ERROR|Error):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic ERROR messages\"},{\"id\":\"\",\"pattern\":\"(WARNING|Warning):\\\\s+(.+)\",\"level_group\":1,\"message_group\":2,\"description\":\"Generic WARNING messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(ERROR)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped ERROR messages\"},{\"id\":\"\",\"pattern\":\"(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\s+\\\\[(WARN|WARNING)\\\\]\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI timestamped WARNING messages\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(CRITICAL|ERROR):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed critical/error messages with timestamp\"},{\"id\":\"\",\"pattern\":\"\\\\[(\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}:\\\\d{2}:\\\\d{2}\\\\.\\\\d{3}Z)\\\\]\\\\s+(WARNING):\\\\s+(.+)\",\"level_group\":2,\"message_group\":3,\"description\":\"Copilot CLI bracketed warning messages with timestamp\"},{\"id\":\"\",\"pattern\":\"✗\\\\s+(.+)\",\"level_group\":0,\"message_group\":1,\"description\":\"Copilot CLI failed command indicator\"},{\"id\":\"\",\"pattern\":\"(?:command not found|not found):\\\\s*(.+)|(.+):\\\\s*(?:command not found|not found)\",\"level_group\":0,\"message_group\":0,\"description\":\"Shell command not found error\"},{\"id\":\"\",\"pattern\":\"Cannot find module\\\\s+['\\\"](.+)['\\\"]\",\"level_group\":0,\"message_group\":1,\"description\":\"Node.js module not found error\"},{\"id\":\"\",\"pattern\":\"Permission denied and could not request permission from user\",\"level_group\":0,\"message_group\":0,\"description\":\"Copilot CLI permission denied warning (user interaction required)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*permission.*denied\",\"level_group\":0,\"message_group\":0,\"description\":\"Permission denied error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*unauthorized\",\"level_group\":0,\"message_group\":0,\"description\":\"Unauthorized access error (requires error context)\"},{\"id\":\"\",\"pattern\":\"\\\\berror\\\\b.*forbidden\",\"level_group\":0,\"message_group\":0,\"description\":\"Forbidden access error (requires error context)\"}]" @@ -6123,7 +6112,7 @@ jobs: echo "GH_AW_AGENT_OUTPUT=/tmp/gh-aw/safeoutputs/agent_output.json" >> "$GITHUB_ENV" - name: Process No-Op Messages id: noop - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: 1 @@ -6216,7 +6205,7 @@ jobs: await main(); - name: Record Missing Tool id: missing_tool - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Workflow Health Manager - Meta-Orchestrator" @@ -6324,7 +6313,7 @@ jobs: }); - name: Update reaction comment with completion status id: conclusion - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} @@ -6621,7 +6610,7 @@ jobs: run: | echo "Agent output-types: $AGENT_OUTPUT_TYPES" - name: Setup threat detection - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: WORKFLOW_NAME: "Workflow Health Manager - Meta-Orchestrator" WORKFLOW_DESCRIPTION: "Meta-orchestrator for monitoring and managing health of all agentic workflows in the repository" @@ -6800,7 +6789,7 @@ jobs: XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); @@ -6852,7 +6841,7 @@ jobs: steps: - name: Check team membership for workflow id: check_membership - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write with: @@ -7027,7 +7016,7 @@ jobs: path: /tmp/gh-aw/repo-memory-default - name: Push repo-memory changes (default) if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_TOKEN: ${{ github.token }} GITHUB_RUN_ID: ${{ github.run_id }} @@ -8686,7 +8675,7 @@ jobs: - name: Create Issue id: create_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: @@ -8984,7 +8973,7 @@ jobs: - name: Add Comment id: add_comment if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'add_comment')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} GH_AW_CREATED_ISSUE_URL: ${{ steps.create_issue.outputs.issue_url }} @@ -9394,7 +9383,7 @@ jobs: - name: Update Issue id: update_issue if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'update_issue')) - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} with: diff --git a/AGENTS.md b/AGENTS.md index 410ef14a59..d4eac2f5d9 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -376,6 +376,11 @@ make minor-release # Automated via GitHub Actions - Use conventional commits for commit messages - do NOT commit explanation markdown files about the fixes +## Operational Runbooks + +For investigating and resolving workflow issues: +- **[Workflow Health Monitoring](.github/aw/runbooks/workflow-health.md)** - Comprehensive runbook for diagnosing missing-tool errors, authentication failures, MCP configuration issues, and safe-input/output problems. Includes step-by-step investigation procedures, resolution examples, and case studies from real incidents. + ## Available Skills Reference Skills provide specialized, detailed knowledge on specific topics. **Use them only when needed** - don't load skills preemptively. diff --git a/docs/src/content/docs/troubleshooting/common-issues.md b/docs/src/content/docs/troubleshooting/common-issues.md index 7deabcd44f..32de785575 100644 --- a/docs/src/content/docs/troubleshooting/common-issues.md +++ b/docs/src/content/docs/troubleshooting/common-issues.md @@ -273,6 +273,14 @@ tools: Enable verbose compilation (`gh aw compile --verbose`), set `ACTIONS_STEP_DEBUG = true` for debug logging, inspect generated lock files (`cat .github/workflows/my-workflow.lock.yml`), check MCP configuration (`gh aw mcp inspect my-workflow`), and review logs (`gh aw logs my-workflow` or `gh aw audit RUN_ID`). +## Operational Runbooks + +For systematic investigation and resolution of workflow health issues, see: + +- [**Workflow Health Monitoring Runbook**](https://github.com/githubnext/gh-aw/blob/main/.github/aw/runbooks/workflow-health.md) - Comprehensive guide for diagnosing missing-tool errors, authentication failures, and configuration issues + +The runbook includes step-by-step procedures, case studies from real incidents, and quick reference commands for workflow troubleshooting. + ## Getting Help Review [reference docs](/gh-aw/reference/workflow-structure/), search [existing issues](https://github.com/githubnext/gh-aw/issues), enable debugging with verbose flags, or create a new issue with reproduction steps. See also: [Error Reference](/gh-aw/troubleshooting/errors/) and [Frontmatter Reference](/gh-aw/reference/frontmatter/). diff --git a/pkg/workflow/data/action_pins.json b/pkg/workflow/data/action_pins.json index 87849f4e0f..08bc5d2449 100644 --- a/pkg/workflow/data/action_pins.json +++ b/pkg/workflow/data/action_pins.json @@ -72,7 +72,7 @@ }, "actions/github-script@v8": { "repo": "actions/github-script", - "version": "v8", + "version": "v8.0.0", "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd" }, "actions/setup-dotnet@v4": { @@ -167,18 +167,18 @@ }, "github/codeql-action/upload-sarif@v3": { "repo": "github/codeql-action/upload-sarif", - "version": "v3", - "sha": "c37a8b7cd97e31de3fcbd9d84c401870edeb8d34" + "version": "v3.31.9", + "sha": "70c165ac82ca0e33a10e9741508dd0ccb4dcf080" }, "github/stale-repos@v3": { "repo": "github/stale-repos", - "version": "v3", - "sha": "3477b6488008d9411aaf22a0924ec7c1f6a69980" + "version": "v3.0.2", + "sha": "a21e55567b83cf3c3f3f9085d3038dc6cee02598" }, "haskell-actions/setup@v2": { "repo": "haskell-actions/setup", - "version": "v2.9.0", - "sha": "782a7c5aa54495c3d21d7c8d5f03a8a2113a1ff7" + "version": "v2.9.1", + "sha": "55073cbd0e96181a9abd6ff4e7d289867dffc98d" }, "oven-sh/setup-bun@v2": { "repo": "oven-sh/setup-bun",