[WIP] Fix create-pull-request failure due to missing GITHUB_TOKEN

[Copilot]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

---

This section details on the original issue you should resolve

<issue_title>Cross-repo create-pull-request fails: GITHUB_TOKEN not available for dynamic checkout</issue_title>
<issue_description>## Bug description

When a workflow uses create-pull-request with allowed-repos targeting repositories other than the workflow's own repo, the "Process Safe Outputs" step fails to apply patches because it cannot dynamically checkout the target repository.

The handler logs:

##[warning] Multi-repo support disabled: GITHUB_TOKEN not available for dynamic checkout

It then fetches origin main from the workflow's own repo instead of the target repo, and attempts to apply the patch there. This causes:

error: sha1 information is lacking or useless (src/toke_util/__init__.py).
error: could not build fake ancestor

Because the patch was generated against the target repo's tree, not the workflow repo's tree.

Reproduction

Workflow frontmatter:

safe-outputs:
  github-token: ${{ secrets.CROSS_REPO_PAT }}
  create-pull-request:
    max: 10
    base-branch: main
    allowed-repos: ["Org/repo-a", "Org/repo-b"]

The agent produces valid create_pull_request safe output messages targeting Org/repo-a and Org/repo-b. The handler correctly identifies the target repos and patch files, but cannot clone them because the git CLI has no authentication token.

Observed behavior

The compiled .lock.yml passes safe-outputs.github-token to actions/github-script via with: github-token (Octokit API access), but does not set it as a GITHUB_TOKEN environment variable. The safe output handler's git CLI operations (fetch, checkout, push) rely on GITHUB_TOKEN in the environment for cross-repo access.

Expected behavior

When safe-outputs.github-token is configured, the token should be available to both the Octokit client (via with: github-token) and the git CLI (via env: GITHUB_TOKEN) so that cross-repo dynamic checkout and push operations succeed.

Environment

• gh-aw version: 0.51.8
• Engine: copilot / claude-sonnet-4
• Safe output type: create-pull-request with allowed-repos

Note

If I manually add the GITHUB_TOKENto the safe_outputs job in the compile yml file like this, it works.

      - name: Process Safe Outputs
        id: process_safe_outputs
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        env:
          GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }}
          GH_AW_ALLOWED_DOMAINS: ...
          GITHUB_SERVER_URL: ${{ github.server_url }}
          GITHUB_API_URL: ${{ github.api_url }}
          GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"max\":1,\"target\":\"${{ github.event.issue.number || github.event.inputs.issue_number }}\",\"target-repo\":\"Unumed/agentic-workflows\"},\"create_pull_request\":{\"allowed_repos\":[\"Unumed/toke-util\",\"Unumed/toke-api\"],\"base_branch\":\"main\",\"github-token\":\"${{ secrets.GH_AW_CROSS_REPO_PAT }}\",\"max\":10,\"max_patch_size\":1024},\"missing_data\":{},\"missing_tool\":{}}"
          GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GH_AW_CROSS_REPO_PAT }}
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.