chore: update repo-assist MCPG container image to v0.1.26#2346
Conversation
Switch from local container build to published image v0.1.26 which includes the backend enrichment tool name fix (PR #2340) and all prior DIFC integrity filtering improvements. Changes: - Comment out local container build step - Update proxy image tag: :local → :v0.1.26 - Update MCP gateway image tag: :local → :v0.1.26 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the repo-assist locked workflow to use the published ghcr.io/github/gh-aw-mcpg:v0.1.26 image instead of building/running a local :local tag, aligning repo-assist with the validated MCPG release that contains DIFC integrity filtering fixes.
Changes:
- Commented out the local MCPG container build step (kept for debugging).
- Updated the DIFC proxy container invocation to
ghcr.io/github/gh-aw-mcpg:v0.1.26. - Updated the MCP gateway container command to run
ghcr.io/github/gh-aw-mcpg:v0.1.26.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| docker run -d --name awmg-proxy --network host \ | ||
| -e GH_TOKEN \ | ||
| -e DEBUG='*' \ | ||
| -v "$PROXY_LOG_DIR:$PROXY_LOG_DIR" \ | ||
| ghcr.io/github/gh-aw-mcpg:local proxy \ | ||
| ghcr.io/github/gh-aw-mcpg:v0.1.26 proxy \ |
There was a problem hiding this comment.
This change switches the proxy container to ghcr.io/github/gh-aw-mcpg:v0.1.26, but the workflow’s earlier "Download container images" step doesn’t pre-pull this image (unlike other *.lock.yml workflows that include gh-aw-mcpg in download_docker_images.sh). That means this step will do an on-demand pull at runtime, which can add latency and can fail in restricted network environments. Consider adding ghcr.io/github/gh-aw-mcpg:v0.1.26 to the image pre-pull list (or doing an explicit docker pull) to keep startup deterministic.
| # NOTE: Local container build kept for debugging. Uncomment to test unpublished changes. | ||
| - name: Build local MCPG container (debugging only) | ||
| run: | | ||
| rustup target add wasm32-wasip1 | ||
| cd guards/github-guard/rust-guard && ./build.sh && cd ../../.. | ||
| docker build . -t ghcr.io/github/gh-aw-mcpg:local | ||
| # - name: Build local MCPG container (debugging only) | ||
| # run: | | ||
| # rustup target add wasm32-wasip1 | ||
| # cd guards/github-guard/rust-guard && ./build.sh && cd ../../.. | ||
| # docker build . -t ghcr.io/github/gh-aw-mcpg:local |
There was a problem hiding this comment.
The note suggests uncommenting this step is sufficient to test unpublished MCPG changes, but the rest of the workflow now runs ghcr.io/github/gh-aw-mcpg:v0.1.26 (not :local). If someone uncommented just this step, it would build :local and then never use it. Consider updating the comment to mention the other image references that must be switched, or parameterize the image tag so the debug flow is a simple toggle.
Summary
Switch repo-assist from local container build to published image
v0.1.26, which includes all DIFC integrity filtering fixes:get_pull_request→pull_request_readand added missingmethod: "get"parametersget_check_runs/get_commentssub-method responsessearch_issues/search_pull_requestsChanges
:local→:v0.1.26:local→:v0.1.26Validation
v0.1.26 was validated with 0 DIFC-FILTERED events in run 23412918230.