mirrors/z3
3
0
Fork 0
mirror of https://github.com/Z3Prover/z3 synced 2026-01-28 04:48:42 +00:00
Code Activity

Recompile agentic workflows to gh-aw v0.37.19 (#8323)

Browse source 
* Initial plan

* Initial plan: Recompile agentic workflows to latest gh-aw version

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>

* Update gh-aw instruction files with latest features

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>
This commit is contained in:
Copilot 2026-01-24 12:08:16 -08:00 committed by GitHub
parent c88c781f3b
commit d87aa87ae4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 168 additions and 431 deletions
Download patch file Download diff file Expand all files Collapse all files

95
.github/workflows/code-conventions-analyzer.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.15). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.19). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.15
uses: githubnext/gh-aw/actions/setup@v0.37.19
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,11 +82,11 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.15
uses: githubnext/gh-aw/actions/setup@v0.37.19
with:
destination: /opt/gh-aw/actions
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Create gh-aw temp directory
@ -146,7 +146,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.76 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.78 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -449,7 +449,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.76'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.78'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -493,7 +493,7 @@ jobs:
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.389",
cli_version: "v0.37.15",
cli_version: "v0.37.19",
workflow_name: "Code Conventions Analyzer",
experimental: false,
supports_tools_allowlist: true,
@ -507,11 +507,10 @@ jobs:
actor: context.actor,
event_name: context.eventName,
staged: false,
network_mode: "defaults",
allowed_domains: [],
allowed_domains: ["defaults"],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.76",
awmg_version: "v0.0.78",
steps: {
firewall: "squid"
},
@ -653,15 +652,22 @@ jobs:
- Iterator dereferences accessing pair members (e.g., map iterators)
- Code that would be clearer with meaningful variable names instead of `.first`/`.second`
**Naming Convention for Structured Bindings:**
When introducing structured bindings, use names that are representative of the types or field semantics:
- For `enode_pair`: use `[n1, n2]` instead of `[first, second]` or `[a, b]`
- For map iterators: use `[key, value]` or `[k, v]` instead of `[first, second]`
- For domain-specific pairs: use names reflecting the semantics (e.g., `[var, offset]`, `[expr, count]`)
- **Avoid generic names** like `first`, `second`, `third`, `a`, `b` unless the pair truly represents generic values
**Example refactoring:**
```cpp
// Before: Using .first and .second
auto x = f(y);
return g(x.first, x.second);
// Before: Using .first and .second on enode_pair
enode_pair p = get_pair(y);
return merge(p.first, p.second);
// After: Using structured bindings
auto [a, b] = f(y);
return g(a, b);
// After: Using structured bindings with meaningful names
auto [n1, n2] = get_pair(y);
return merge(n1, n2);
```
**TERTIARY FOCUS: Create Issues for initializer_list Refactoring**
@ -1056,6 +1062,8 @@ jobs:
- Constructors with member initializers (may still be candidates for improvement)
- Constructors that only initialize members to default values
- **Empty destructors**: Trivial destructors that can be removed or use `= default`
PROMPT_EOF
cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT"
- Destructors with empty body `~Class() {}`
- Non-virtual destructors that don't need to be explicitly defined
- Virtual destructors (keep explicit even if empty for polymorphic classes),
@ -1064,8 +1072,6 @@ jobs:
- Classes with virtual functions but non-virtual destructors (potential issue)
- Base classes without virtual destructors (check if inheritance is intended)
- Non-virtual destructors missing `noexcept` (should be added)
PROMPT_EOF
cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT"
- Leaf classes with unnecessary virtual destructors (minor overhead)
- Missing `noexcept` on non-default constructors and destructors
- Opportunities to use compiler-generated special members (`= default`, `= delete`)
@ -1128,15 +1134,16 @@ jobs:
- **SECONDARY TASK**: Code accessing `.first` and `.second` on pairs/tuples
- **ACTION**: Replace with C++17 structured bindings for cleaner, more readable code
- **RESULT**: Create an issue with the actual code changes
- **NAMING**: Use descriptive names based on types/semantics (e.g., `[n1, n2]` for `enode_pair`, `[k, v]` for maps)
- **Example**:
```cpp
// Before
auto x = f(y);
return g(x.first, x.second);
enode_pair p = get_pair(y);
return merge(p.first, p.second);
// After
auto [a, b] = f(y);
return g(a, b);
// After: Use meaningful names, not generic [a, b]
auto [n1, n2] = get_pair(y);
return merge(n1, n2);
```
**Exception String Construction:**
@ -1448,6 +1455,8 @@ jobs:
- **Simplification**: [Code that would be cleaner with auto cleanup]
### 4.7 Move Semantics Analysis
PROMPT_EOF
cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT"
- **Missing std::move**: [Returns/assignments that should use move]
- **Incorrect std::move**: [Move from const, unnecessary moves]
- **Return Value Optimization**: [Places where RVO is blocked]
@ -1463,8 +1472,6 @@ jobs:
2. Refactor using the `edit` tool
3. Create an issue with your changes
- **API Improvements**: Specific function signatures to update
PROMPT_EOF
cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT"
- **Examples**: File:line references with before/after code
- **Output**: Issue (not just discussion)
@ -1482,17 +1489,17 @@ jobs:
- **Action**: Find and refactor tuple/pair access patterns:
1. Search for patterns using `.first` and `.second`
2. Identify cases where intermediate variable can be eliminated
3. Refactor to use structured bindings
3. Refactor to use structured bindings with **meaningful names** (not generic `a`, `b`, `first`, `second`)
4. Create an issue with changes
- **Example Pattern**:
```cpp
// Before: Using .first and .second
auto x = f(y);
return g(x.first, x.second);
// Before: Using .first and .second on enode_pair
enode_pair p = get_pair(y);
return merge(p.first, p.second);
// After: Using structured bindings
auto [a, b] = f(y);
return g(a, b);
// After: Using structured bindings with descriptive names
auto [n1, n2] = get_pair(y);
return merge(n1, n2);
```
- **Another Example**:
```cpp
@ -1907,6 +1914,8 @@ jobs:
- Never execute untrusted code
- Use `bash` only for safe operations (git, grep patterns)
PROMPT_EOF
cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT"
- **For std::optional refactoring**: Use the `edit` tool to modify files directly
- **For other findings**: Create discussions only (no code modifications)
- All code changes for std::optional will be reviewed through the issue process
@ -2002,7 +2011,7 @@ jobs:
timeout-minutes: 20
run: |
set -o pipefail
sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount /tmp:/tmp:rw --mount "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw" --mount /usr/bin/date:/usr/bin/date:ro --mount /usr/bin/gh:/usr/bin/gh:ro --mount /usr/bin/yq:/usr/bin/yq:ro --mount /usr/local/bin/copilot:/usr/local/bin/copilot:ro --mount /home/runner/.copilot:/home/runner/.copilot:rw --mount /opt/gh-aw:/opt/gh-aw:ro --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.10.0 \
sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount /tmp:/tmp:rw --mount "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw" --mount /usr/bin/date:/usr/bin/date:ro --mount /usr/bin/gh:/usr/bin/gh:ro --mount /usr/bin/yq:/usr/bin/yq:ro --mount /usr/local/bin/copilot:/usr/local/bin/copilot:ro --mount /home/runner/.copilot:/home/runner/.copilot:rw --mount /opt/gh-aw:/opt/gh-aw:ro --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.10.0 \
-- /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-tool github --allow-tool safeoutputs --allow-tool 'shell(cat)' --allow-tool 'shell(clang-format --version)' --allow-tool 'shell(date)' --allow-tool 'shell(echo)' --allow-tool 'shell(git diff:*)' --allow-tool 'shell(git log:*)' --allow-tool 'shell(git show:*)' --allow-tool 'shell(grep)' --allow-tool 'shell(head)' --allow-tool 'shell(ls)' --allow-tool 'shell(pwd)' --allow-tool 'shell(sort)' --allow-tool 'shell(tail)' --allow-tool 'shell(uniq)' --allow-tool 'shell(wc)' --allow-tool 'shell(yq)' --allow-tool write --add-dir /tmp/gh-aw/cache-memory/ --allow-all-paths --share /tmp/gh-aw/sandbox/agent/logs/conversation.md --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"} \
2>&1 | tee /tmp/gh-aw/agent-stdio.log
env:
@ -2070,7 +2079,7 @@ jobs:
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
env:
GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}
GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,github.com,host.docker.internal,raw.githubusercontent.com,registry.npmjs.org"
GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com"
GITHUB_SERVER_URL: ${{ github.server_url }}
GITHUB_API_URL: ${{ github.api_url }}
with:
@ -2164,7 +2173,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.15
uses: githubnext/gh-aw/actions/setup@v0.37.19
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -2180,7 +2189,7 @@ jobs:
echo "Agent Conclusion: $AGENT_CONCLUSION"
- name: Download agent output artifact
continue-on-error: true
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: agent-output
path: /tmp/gh-aw/safeoutputs/
@ -2265,18 +2274,18 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.15
uses: githubnext/gh-aw/actions/setup@v0.37.19
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
continue-on-error: true
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: agent-artifacts
path: /tmp/gh-aw/threat-detection/
- name: Download agent output artifact
continue-on-error: true
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: agent-output
path: /tmp/gh-aw/threat-detection/
@ -2416,12 +2425,12 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.15
uses: githubnext/gh-aw/actions/setup@v0.37.19
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact
continue-on-error: true
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: agent-output
path: /tmp/gh-aw/safeoutputs/
@ -2453,11 +2462,11 @@ jobs:
permissions: {}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.15
uses: githubnext/gh-aw/actions/setup@v0.37.19
with:
destination: /opt/gh-aw/actions
- name: Download cache-memory artifact (default)
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
continue-on-error: true
with:
name: cache-memory