diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index c4f5a73d1a..a8ebc39069 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -185,7 +185,7 @@ jobs: cat > /opt/gh-aw/safeoutputs/tools.json << 'EOF' [ { - "description": "Create a new GitHub pull request to propose code changes. Use this after making file edits to submit them for review and merging. The PR will be created from the current branch with your committed changes. For code review comments on an existing PR, use create_pull_request_review_comment instead. CONSTRAINTS: Maximum 1 pull request(s) can be created. Reviewers [copilot] will be assigned.", + "description": "Create a new GitHub pull request to propose code changes. Use this after making file edits to submit them for review and merging. The PR will be created from the current branch with your committed changes. For code review comments on an existing PR, use create_pull_request_review_comment instead. CONSTRAINTS: Maximum 1 pull request(s) can be created. Title will be prefixed with \"[code-scanning-fix] \". Labels [security automated-fix agentic-campaign z_campaign_security-alert-burndown] will be automatically added. Reviewers [copilot] will be assigned.", "inputSchema": { "additionalProperties": false, "properties": { @@ -1445,7 +1445,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"${{ github.ref_name }}\",\"max\":1,\"max_patch_size\":1024},\"missing_data\":{},\"missing_tool\":{}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"${{ github.ref_name }}\",\"labels\":[\"security\",\"automated-fix\",\"agentic-campaign\",\"z_campaign_security-alert-burndown\"],\"max\":1,\"max_patch_size\":1024,\"title_prefix\":\"[code-scanning-fix] \"},\"missing_data\":{},\"missing_tool\":{}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/code-scanning-fixer.md b/.github/workflows/code-scanning-fixer.md index 9d62a33318..3fe9ef51fc 100644 --- a/.github/workflows/code-scanning-fixer.md +++ b/.github/workflows/code-scanning-fixer.md @@ -24,8 +24,8 @@ tools: safe-outputs: create-pull-request: title-prefix: "[code-scanning-fix] " - labels: [security, automated-fix] - reviewers: copilot + labels: [security, automated-fix, agentic-campaign, z_campaign_security-alert-burndown] + reviewers: [copilot] timeout-minutes: 20 --- diff --git a/.github/workflows/dependabot-bundler.lock.yml b/.github/workflows/dependabot-bundler.lock.yml index 6288bc3f7d..35ccc2622b 100644 --- a/.github/workflows/dependabot-bundler.lock.yml +++ b/.github/workflows/dependabot-bundler.lock.yml @@ -185,7 +185,7 @@ jobs: cat > /opt/gh-aw/safeoutputs/tools.json << 'EOF' [ { - "description": "Create a new GitHub pull request to propose code changes. Use this after making file edits to submit them for review and merging. The PR will be created from the current branch with your committed changes. For code review comments on an existing PR, use create_pull_request_review_comment instead. CONSTRAINTS: Maximum 1 pull request(s) can be created. Reviewers [copilot] will be assigned.", + "description": "Create a new GitHub pull request to propose code changes. Use this after making file edits to submit them for review and merging. The PR will be created from the current branch with your committed changes. For code review comments on an existing PR, use create_pull_request_review_comment instead. CONSTRAINTS: Maximum 1 pull request(s) can be created. Title will be prefixed with \"[dependabot-bundle] \". Labels [security dependencies dependabot automated-fix agentic-campaign z_campaign_security-alert-burndown] will be automatically added. Reviewers [copilot] will be assigned.", "inputSchema": { "additionalProperties": false, "properties": { @@ -1347,7 +1347,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"${{ github.ref_name }}\",\"max\":1,\"max_patch_size\":1024},\"missing_data\":{},\"missing_tool\":{}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"${{ github.ref_name }}\",\"labels\":[\"security\",\"dependencies\",\"dependabot\",\"automated-fix\",\"agentic-campaign\",\"z_campaign_security-alert-burndown\"],\"max\":1,\"max_patch_size\":1024,\"title_prefix\":\"[dependabot-bundle] \"},\"missing_data\":{},\"missing_tool\":{}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/dependabot-bundler.md b/.github/workflows/dependabot-bundler.md index d8966f6aa4..0b078aa2a9 100644 --- a/.github/workflows/dependabot-bundler.md +++ b/.github/workflows/dependabot-bundler.md @@ -24,8 +24,8 @@ tools: safe-outputs: create-pull-request: title-prefix: "[dependabot-bundle] " - labels: [security, dependencies, dependabot, automated-fix] - reviewers: copilot + labels: [security, dependencies, dependabot, automated-fix, agentic-campaign, z_campaign_security-alert-burndown] + reviewers: [copilot] timeout-minutes: 25 --- diff --git a/.github/workflows/secret-scanning-triage.lock.yml b/.github/workflows/secret-scanning-triage.lock.yml index 032f4567d4..1b98295776 100644 --- a/.github/workflows/secret-scanning-triage.lock.yml +++ b/.github/workflows/secret-scanning-triage.lock.yml @@ -183,7 +183,7 @@ jobs: cat > /opt/gh-aw/safeoutputs/tools.json << 'EOF' [ { - "description": "Create a new GitHub issue for tracking bugs, feature requests, or tasks. Use this for actionable work items that need assignment, labeling, and status tracking. For reports, announcements, or status updates that don't require task tracking, use create_discussion instead. CONSTRAINTS: Maximum 1 issue(s) can be created. Title will be prefixed with \"[secret-triage] \". Labels [security secret-scanning triage] will be automatically added.", + "description": "Create a new GitHub issue for tracking bugs, feature requests, or tasks. Use this for actionable work items that need assignment, labeling, and status tracking. For reports, announcements, or status updates that don't require task tracking, use create_discussion instead. CONSTRAINTS: Maximum 1 issue(s) can be created. Title will be prefixed with \"[secret-triage] \". Labels [security secret-scanning triage agentic-campaign z_campaign_security-alert-burndown] will be automatically added.", "inputSchema": { "additionalProperties": false, "properties": { @@ -223,7 +223,7 @@ jobs: "name": "create_issue" }, { - "description": "Create a new GitHub pull request to propose code changes. Use this after making file edits to submit them for review and merging. The PR will be created from the current branch with your committed changes. For code review comments on an existing PR, use create_pull_request_review_comment instead. CONSTRAINTS: Maximum 1 pull request(s) can be created. Reviewers [copilot] will be assigned.", + "description": "Create a new GitHub pull request to propose code changes. Use this after making file edits to submit them for review and merging. The PR will be created from the current branch with your committed changes. For code review comments on an existing PR, use create_pull_request_review_comment instead. CONSTRAINTS: Maximum 1 pull request(s) can be created. Title will be prefixed with \"[secret-removal] \". Labels [security secret-scanning automated-fix agentic-campaign z_campaign_security-alert-burndown] will be automatically added. Reviewers [copilot] will be assigned.", "inputSchema": { "additionalProperties": false, "properties": { @@ -1368,7 +1368,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_issue\":{\"labels\":[\"security\",\"secret-scanning\",\"triage\"],\"max\":1,\"title_prefix\":\"[secret-triage] \"},\"create_pull_request\":{\"base_branch\":\"${{ github.ref_name }}\",\"max\":1,\"max_patch_size\":1024},\"missing_data\":{},\"missing_tool\":{}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_issue\":{\"labels\":[\"security\",\"secret-scanning\",\"triage\",\"agentic-campaign\",\"z_campaign_security-alert-burndown\"],\"max\":1,\"title_prefix\":\"[secret-triage] \"},\"create_pull_request\":{\"base_branch\":\"${{ github.ref_name }}\",\"labels\":[\"security\",\"secret-scanning\",\"automated-fix\",\"agentic-campaign\",\"z_campaign_security-alert-burndown\"],\"max\":1,\"max_patch_size\":1024,\"title_prefix\":\"[secret-removal] \"},\"missing_data\":{},\"missing_tool\":{}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/secret-scanning-triage.md b/.github/workflows/secret-scanning-triage.md index aac8dd66e5..ae0c148785 100644 --- a/.github/workflows/secret-scanning-triage.md +++ b/.github/workflows/secret-scanning-triage.md @@ -24,12 +24,12 @@ tools: safe-outputs: create-issue: title-prefix: "[secret-triage] " - labels: [security, secret-scanning, triage] + labels: [security, secret-scanning, triage, agentic-campaign, z_campaign_security-alert-burndown] max: 1 create-pull-request: title-prefix: "[secret-removal] " - labels: [security, secret-scanning, automated-fix] - reviewers: copilot + labels: [security, secret-scanning, automated-fix, agentic-campaign, z_campaign_security-alert-burndown] + reviewers: [copilot] timeout-minutes: 25 --- diff --git a/specs/artifacts.md b/specs/artifacts.md index af07146435..f6dd95ef77 100644 --- a/specs/artifacts.md +++ b/specs/artifacts.md @@ -46,6 +46,9 @@ This section provides an overview of artifacts organized by job name, with dupli - `python-source-and-data` - **Paths**: `/tmp/gh-aw/python/*.py`, `/tmp/gh-aw/python/data/*` - **Used in**: 9 workflow(s) - copilot-pr-nlp-analysis.md, daily-copilot-token-report.md, daily-issues-report.md, daily-news.md, daily-repo-chronicle.md, github-mcp-structural-analysis.md, python-data-charts.md, stale-repo-identifier.md, weekly-issue-summary.md +- `repo-memory-campaigns` + - **Paths**: `/tmp/gh-aw/repo-memory/campaigns` + - **Used in**: 1 workflow(s) - code-scanning-fixer.md - `repo-memory-default` - **Paths**: `/tmp/gh-aw/repo-memory/default` - **Used in**: 8 workflow(s) - agent-performance-analyzer.md, copilot-pr-nlp-analysis.md, daily-copilot-token-report.md, daily-news.md, deep-report.md, metrics-collector.md, security-compliance.md, workflow-health-manager.md @@ -105,6 +108,9 @@ This section provides an overview of artifacts organized by job name, with dupli **Artifacts Downloaded:** +- `repo-memory-campaigns` + - **Download paths**: `/tmp/gh-aw/repo-memory/campaigns` + - **Used in**: 1 workflow(s) - code-scanning-fixer.md - `repo-memory-default` - **Download paths**: `/tmp/gh-aw/repo-memory/default` - **Used in**: 8 workflow(s) - agent-performance-analyzer.md, copilot-pr-nlp-analysis.md, daily-copilot-token-report.md, daily-news.md, deep-report.md, metrics-collector.md, security-compliance.md, workflow-health-manager.md @@ -969,6 +975,10 @@ This section provides an overview of artifacts organized by job name, with dupli - `/tmp/gh-aw/sandbox/agent/logs/` - `/tmp/gh-aw/redacted-urls.log` +- **Artifact**: `repo-memory-campaigns` + - **Upload paths**: + - `/tmp/gh-aw/repo-memory/campaigns` + - **Artifact**: `cache-memory` - **Upload paths**: - `/tmp/gh-aw/cache-memory` @@ -988,7 +998,7 @@ This section provides an overview of artifacts organized by job name, with dupli - **Artifact**: `agent-output` (by name) - **Download path**: `/tmp/gh-aw/safeoutputs/` - - **Depends on jobs**: [activation agent detection safe_outputs update_cache_memory] + - **Depends on jobs**: [activation agent detection push_repo_memory safe_outputs update_cache_memory] #### Job: `detection` @@ -1008,6 +1018,14 @@ This section provides an overview of artifacts organized by job name, with dupli - **Download path**: `/tmp/gh-aw/threat-detection/` - **Depends on jobs**: [agent] +#### Job: `push_repo_memory` + +**Downloads:** + +- **Artifact**: `repo-memory-campaigns` (by name) + - **Download path**: `/tmp/gh-aw/repo-memory/campaigns` + - **Depends on jobs**: [agent detection] + #### Job: `safe_outputs` **Downloads:**