chore: sync actions from gh-aw@v0.81.0#167
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR syncs the setup action scripts from github/gh-aw@v0.81.0, updating the runtime harness, safe-outputs utilities, and telemetry/log parsing behavior used by gh-aw Actions runs.
Changes:
- Add new shared helpers for runtime feature flags (
runtime_features.cjs) and centralized symlink rejection (symlink_guard.cjs), and wire them into setup + safe-outputs tooling. - Extend engine/runtime support and observability (Pi agent-core driver, normalized result-entry enrichment for OTEL, richer firewall domain aggregation).
- Improve workflow run attribution and comment reuse behavior (workflow run URL fallback logic; updating reusable status comments with current run metadata).
Show a summary per file
| File | Description |
|---|---|
| setup/sh/conclude_threat_detection.sh | Adds a concluding step for threat-detection runs, handling missing result files with optional continue-on-error behavior. |
| setup/setup.sh | Updates the setup copier lists to include new shared JS helpers used by mcp-scripts and safe-outputs. |
| setup/js/workflow_metadata_helpers.cjs | Makes workflow run URL construction more robust when context objects are spread and lose prototype getters. |
| setup/js/validate_memory_files.cjs | Small cleanup and typing improvements in memory directory validation. |
| setup/js/validate_lockdown_requirements_templates.cjs | Adds explicit render helper functions with clearer JSDoc return typing. |
| setup/js/upload_artifact.cjs | Centralizes symlink detection via lstatGuard for staging and artifact upload paths. |
| setup/js/update_pull_request.cjs | Adds safe-outputs exemption annotation for PR body sanitization pathway. |
| setup/js/symlink_guard.cjs | New helper exporting lstatGuard() to standardize symlink rejection checks. |
| setup/js/start_mcp_gateway.cjs | Reuses lstatGuard() to harden the “not a symlink” assertion. |
| setup/js/setup_globals.cjs | Adds global runtime feature parsing helpers to make feature gates available across scripts. |
| setup/js/safe_outputs_handlers.cjs | Uses lstatGuard() when validating upload paths for safe-outputs upload_artifact handler. |
| setup/js/runtime_features.cjs | New parser/helpers for GH_AW_RUNTIME_FEATURES feature-flag configuration. |
| setup/js/replace_label.cjs | Adds a new safe-output handler that replaces one label with another under allow/block/transition constraints. |
| setup/js/pi_agent_core_driver.cjs | Adds a Node-based Pi agent-core driver that emits JSONL compatible with existing log parsing. |
| setup/js/parse_pi_log.cjs | Ensures Pi logs produce a normalized result entry to support downstream telemetry enrichment. |
| setup/js/merge_pull_request.cjs | Adds branch→open-PR lookup helper and an additional gate for non-default/non-protected target branches. |
| setup/js/log_parser_bootstrap.cjs | Adds result-entry enrichment into agent-stdio.log to support OTEL turns/token usage for more engines. |
| setup/js/generate_usage_activity_summary.cjs | Enhances firewall log parsing to aggregate allowed/blocked domains and per-domain counts; expands log globbing. |
| setup/js/create_pull_request.cjs | Includes sanitized push-failure error text in fallback issue bodies when PR creation fails. |
| setup/js/copilot_harness.cjs | Adds GH_AW_LLM_PROVIDER support when resolving Copilot SDK custom provider from reflect data. |
| setup/js/awf_reflect.cjs | Extends provider resolution logic to consider an explicit provider override in addition to model matching. |
| setup/js/assign_agent_helpers.cjs | Adds safe-outputs exemption annotation for read-only body fields. |
| setup/js/allowed_issue_fields.cjs | Minor naming clarity improvement (field instead of f). |
| setup/js/ai_credits_context.cjs | Extracts unknown-model AI credits detection into a reusable helper function. |
| setup/js/add_workflow_run_comment.cjs | Updates reusable status comments (issue/discussion) with current run metadata; improves workflow name fallback. |
| setup/js/add_reaction_and_edit_comment.cjs | Uses GITHUB_WORKFLOW as a fallback workflow name when GH_AW_WORKFLOW_NAME is unset. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 26/26 changed files
- Comments generated: 1
| const stdioContent = fs.readFileSync(stdioLogPath, "utf8"); | ||
| alreadyHasResult = stdioContent.split("\n").some(line => { | ||
| const objectStart = line.indexOf("{"); | ||
| const arrayStart = line.indexOf("["); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated sync of actions from gh-aw at
v0.81.0.