mirrors/z3
3
0
Fork 0
mirror of https://github.com/Z3Prover/z3 synced 2026-01-24 02:54:00 +00:00
Code Activity

Add agentic workflow for automated soundness bug detection and reproduction (#8275)

Browse source 
* Initial plan

* Add soundness bug detector and reproducer agentic workflow

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>

* Complete soundness bug detector workflow implementation

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>
This commit is contained in:
Copilot 2026-01-21 15:29:20 -08:00 committed by GitHub
parent 8eae44e226
commit 083e4a4169
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 1546 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/agentics-maintenance.yml vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.37.1). DO NOT EDIT.
# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.37.2). DO NOT EDIT.
#
# To regenerate this workflow, run:
# gh aw compile
@ -39,13 +39,14 @@ on:
permissions: {}
jobs:
close-expired-discussions:
close-expired-entities:
runs-on: ubuntu-slim
permissions:
discussions: write
issues: write
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
@ -58,16 +59,6 @@ jobs:
const { main } = require('/opt/gh-aw/actions/close_expired_discussions.cjs');
await main();
close-expired-issues:
runs-on: ubuntu-slim
permissions:
issues: write
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
with:
destination: /opt/gh-aw/actions
- name: Close expired issues
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:

50
.github/workflows/api-coherence-checker.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Create gh-aw temp directory
@ -137,7 +137,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -157,7 +157,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -348,7 +348,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -369,7 +369,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -382,7 +382,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
},
"serena": {
@ -413,8 +431,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "API Coherence Checker",
experimental: false,
supports_tools_allowlist: true,
@ -432,7 +450,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -937,7 +955,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -1036,7 +1054,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1126,7 +1144,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1198,7 +1216,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact
@ -1235,7 +1253,7 @@ jobs:
permissions: {}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download cache-memory artifact (default)

48
.github/workflows/build-warning-fixer.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Checkout repository
@ -127,7 +127,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -147,7 +147,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -348,7 +348,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -369,7 +369,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -382,7 +382,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
}
},
@ -405,8 +423,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Build Warning Fixer",
experimental: false,
supports_tools_allowlist: true,
@ -424,7 +442,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -853,7 +871,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -954,7 +972,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1044,7 +1062,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1118,7 +1136,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact

50
.github/workflows/code-conventions-analyzer.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Checkout repository
@ -138,7 +138,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -158,7 +158,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -349,7 +349,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -370,7 +370,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -383,7 +383,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
}
},
@ -406,8 +424,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Code Conventions Analyzer",
experimental: false,
supports_tools_allowlist: true,
@ -425,7 +443,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -1548,7 +1566,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -1649,7 +1667,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1739,7 +1757,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1811,7 +1829,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact
@ -1848,7 +1866,7 @@ jobs:
permissions: {}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download cache-memory artifact (default)

48
.github/workflows/release-notes-updater.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Create gh-aw temp directory
@ -128,7 +128,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -148,7 +148,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -339,7 +339,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -360,7 +360,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -373,7 +373,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
}
},
@ -396,8 +414,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Release Notes Updater",
experimental: false,
supports_tools_allowlist: true,
@ -415,7 +433,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -900,7 +918,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -999,7 +1017,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1089,7 +1107,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1161,7 +1179,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact

1123
.github/workflows/soundness-bug-detector.lock.yml generated vendored Normal file
View file

File diff suppressed because it is too large Load diff

41
.github/workflows/soundness-bug-detector.md vendored Normal file
View file

@ -0,0 +1,41 @@
---
description: Automatically validate and reproduce reported soundness bugs
on:
issues:
types: [opened, labeled]
schedule: daily
roles: all
permissions: read-all
network: defaults
tools:
cache-memory: true
github:
toolsets: [default]
bash: [":*"]
web-fetch: {}
safe-outputs:
add-comment:
max: 2
create-discussion:
title-prefix: "[Soundness] "
category: "Agentic Workflows"
close-older-discussions: true
missing-tool:
create-issue: true
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v5
---
<!-- Edit the file linked below to modify the agent without recompilation. Feel free to move the entire markdown body to that file. -->
@./agentics/soundness-bug-detector.md

50
.github/workflows/workflow-suggestion-agent.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Create gh-aw temp directory
@ -137,7 +137,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -157,7 +157,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -348,7 +348,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -369,7 +369,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -382,7 +382,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
},
"serena": {
@ -413,8 +431,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Workflow Suggestion Agent",
experimental: false,
supports_tools_allowlist: true,
@ -432,7 +450,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -1110,7 +1128,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -1209,7 +1227,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1299,7 +1317,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1371,7 +1389,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact
@ -1408,7 +1426,7 @@ jobs:
permissions: {}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download cache-memory artifact (default)