Add debug step to echo agent outputs in add_comment job

[Copilot]

Overview

This PR adds a debug step to the add_comment job that echoes the values of needs.agent.outputs.output and needs.agent.outputs.output_types. This helps with debugging and monitoring the flow of data between the agent job and the add_comment job in agentic workflows.

Changes

Modified: pkg/workflow/add_comment.go

Added a new "Debug agent outputs" step before the "Add Issue Comment" step in the buildCreateOutputAddCommentJob function. The debug step outputs:

• The full agent output content from needs.agent.outputs.output
• The output types from needs.agent.outputs.output_types

Security: The debug step uses environment variables to safely echo the values, preventing potential shell injection attacks. The GitHub Actions expressions are assigned to environment variables (AGENT_OUTPUT and AGENT_OUTPUT_TYPES) which are then referenced using shell variable syntax.

Example Output in Compiled Workflows

The change generates the following YAML in all workflows using the add-comment safe output configuration:

steps:
  - name: Debug agent outputs
    env:
      AGENT_OUTPUT: ${{ needs.agent.outputs.output }}
      AGENT_OUTPUT_TYPES: ${{ needs.agent.outputs.output_types }}
    run: |
      echo "Output: $AGENT_OUTPUT"
      echo "Output types: $AGENT_OUTPUT_TYPES"
  - name: Add Issue Comment
    id: add_comment
    uses: actions/github-script@v8
    # ... rest of the step

Updated Workflows

All compiled .lock.yml workflows that use add-comment have been regenerated with the new debug step:

• brave.lock.yml
• poem-bot.lock.yml
• scout.lock.yml
• ci-doctor.lock.yml
• technical-doc-writer.lock.yml
• tidy.lock.yml
• artifacts-summary.lock.yml
• dev.lock.yml

Testing

• ✅ All unit tests pass
• ✅ Successfully compiled all workflows
• ✅ Verified debug step appears correctly in generated YAML
• ✅ Code formatting and linting validated

Benefits

This debug step will help:

• Troubleshoot issues with agent output processing
• Verify that output types are correctly passed between jobs
• Monitor the data flow in production workflows
• Aid in debugging add-comment job failures

Security Considerations

The implementation uses environment variables to prevent shell injection vulnerabilities that could occur if the output values contain special shell characters.

Original prompt

Add a step in the add_comment job that echos the value of the needs.agent.outputs.output and needs.agent.outputs.output-types

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot make sure the echo command is not subject to shell injection. Use env vars.

[Copilot]

@copilot make sure the echo command is not subject to shell injection. Use env vars.

Fixed in commit 7f6f4ee. The debug step now uses environment variables (AGENT_OUTPUT and AGENT_OUTPUT_TYPES) to safely echo the values, preventing any potential shell injection issues.