Skip to content

Recompile workflows to sync lock files with source#11985

Merged
pelikhan merged 2 commits intomainfrom
copilot/recompile-workflows-lock-files-one-more-time
Jan 27, 2026
Merged

Recompile workflows to sync lock files with source#11985
pelikhan merged 2 commits intomainfrom
copilot/recompile-workflows-lock-files-one-more-time

Conversation

Copy link
Contributor

Copilot AI commented Jan 27, 2026
edited
Loading

Workflow lock files were out of sync with their markdown sources, causing GitHub Actions to run with outdated configurations.

Changes

Recompiled all workflows, updating 4 lock files with expanded domain allowlists:

  • jsweep.lock.yml: Added Node.js ecosystem domains (npmjs.org, registry.npmjs.com, yarnpkg.com, bun.sh, deno.land, etc.)
  • smoke-claude.lock.yml: Added Go ecosystem domains (go.dev, golang.org, proxy.golang.org, pkg.go.dev, sum.golang.org)
  • smoke-codex.lock.yml, smoke-copilot.lock.yml: Similar domain allowlist updates

These domains enable workflows to access package registries and dependency sources for their runtime environments.

Original prompt

This section details on the original issue you should resolve

<issue_title>[agentics] agentic workflows out of sync</issue_title>
<issue_description>## Problem

The workflow lock files (.lock.yml) are out of sync with their source markdown files (.md). This means the workflows that run in GitHub Actions are not using the latest configuration.

What needs to be done

The workflows need to be recompiled to regenerate the lock files from the markdown sources.

Instructions

Recompile all workflows using one of the following methods:

Using gh aw CLI

gh aw compile --validate --verbose

Using gh-aw MCP Server

If you have the gh-aw MCP server configured, use the compile tool:

{
  "tool": "compile",
  "arguments": {
    "validate": true,
    "verbose": true
  }
}

This will:

  1. Build the latest version of gh-aw
  2. Compile all workflow markdown files to YAML lock files
  3. Ensure all workflows are up to date

After recompiling, commit the changes with a message like:

Recompile workflows to update lock files

Detected Changes

The following workflow lock files have changes:

View diff 
diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml
index c3f993e..a8c35f9 100644
--- a/.github/workflows/agent-performance-analyzer.lock.yml
+++ b/.github/workflows/agent-performance-analyzer.lock.yml
@@ -51,7 +51,7 @@ jobs:
       comment_repo: ""
     steps:
       - name: Checkout actions folder
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           sparse-checkout: |
             actions
@@ -99,7 +99,7 @@ jobs:
       secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
     steps:
       - name: Checkout actions folder
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           sparse-checkout: |
             actions
@@ -109,7 +109,7 @@ jobs:
         with:
           destination: /opt/gh-aw/actions
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           persist-credentials: false
       - name: Create gh-aw temp directory
@@ -1607,7 +1607,7 @@ jobs:
       total_count: ${{ steps.missing_tool.outputs.total_count }}
     steps:
       - name: Checkout actions folder
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           sparse-checkout: |
             actions
@@ -1629,7 +1629,7 @@ jobs:
           echo "Agent Conclusion: $AGENT_CONCLUSION"
       - name: Download agent output artifact
         continue-on-error: true
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: agent-output
           path: /tmp/gh-aw/safeoutputs/
@@ -1712,7 +1712,7 @@ jobs:
       success: ${{ steps.parse_results.outputs.success }}
     steps:
       - name: Checkout actions folder
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           sparse-checkout: |
             actions
@@ -1723,13 +1723,13 @@ jobs:
           destination: /opt/gh-aw/actions
       - name: Download agent artifacts
         continue-on-error: true
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: agent-artifacts
           path: /tmp/gh-aw/threat-detection/
       - name: Download agent output artifact
         continue-on-error: true
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: agent-output
           path: /tmp/gh-aw/threat-detection/
@@ -1857,7 +1857,7 @@ jobs:
       activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }}
     steps:
       - name: Checkout actions folder
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           sparse-checkout: |
             actions
@@ -1889,7 +1889,7 @@ jobs:
       contents: write
     steps:
       - name: Check...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes githubnext/gh-aw#11922

<!-- START COPILOT CODING AGENT TIPS -->
---

✨ Let Copilot coding agent [set things up for you](https://github.com/githubnext/gh-aw/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan
Recompile workflows to update lock files
27e60fd 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Recompile workflows to update lock files Recompile workflows to sync lock files with source Jan 27, 2026
Copilot AI requested a review from pelikhan January 27, 2026 01:41
@pelikhan pelikhan marked this pull request as ready for review January 27, 2026 01:42
@pelikhan pelikhan merged commit c3417e4 into main Jan 27, 2026
@pelikhan pelikhan deleted the copilot/recompile-workflows-lock-files-one-more-time branch January 27, 2026 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan