Conversation
… to ensure deterministic heredoc delimiters Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c77a5934-202c-4ab8-b7fc-5445dadf1e35 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
pelikhan
deleted the
copilot/fix-github-actions-workflow-74b6749a-19fc-4e7e-a5bb-65bedeb1047b
branch
There was a problem hiding this comment.
Pull request overview
Fixes flakiness in TestMCPScriptsStepCodeGenerationStability by ensuring heredoc delimiters are generated deterministically during repeated MCP setup generation.
Changes:
- Sets a non-empty
WorkflowData.FrontmatterHashin the stability test soGenerateHeredocDelimiterFromSeeduses the deterministic HMAC-based path instead ofcrypto/rand.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Tools: make(map[string]any), | ||
| MCPScripts: mcpScriptsConfig, | ||
| Tools: make(map[string]any), | ||
| FrontmatterHash: "stabletesthash1234567890abcdef", |
There was a problem hiding this comment.
WorkflowData.FrontmatterHash is documented as a hex-encoded SHA-256 hash of the frontmatter. This test uses an arbitrary non-hex string; it works today because the delimiter generator treats any non-empty seed as a key, but it’s slightly misleading and could break if validation is added later. Consider using a realistic 64-hex-character value (like those used in pkg/workflow/strings_test.go) to match the field’s intended semantics.
| FrontmatterHash: "stabletesthash1234567890abcdef", | |
| FrontmatterHash: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", |
TestMCPScriptsStepCodeGenerationStabilitywas failing becauseGenerateHeredocDelimiterFromSeedfalls back tocrypto/randwhen its seed is empty, producing a differentGH_AW_MCP_SCRIPTS_TOOLS_<16hexchars>_EOFtoken on every call.Change
Set a non-empty
FrontmatterHashon the test'sWorkflowDataso the HMAC-SHA256 path is taken, making heredoc delimiters stable across iterations:Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE tions/node_modul--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name "prettier" --cheGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go git cat-�� h ../../../.prettierignore 4447d3d3b06759cdaa460687359d196aGOMOD modules/@npmcli/run-script/lib/node-gyp-bin/sh "prettier" --wrinode x_amd64/vet 64/bin/go go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --git-dir go /usr/bin/git json' --ignore-pgit GO111MODULE 64/bin/go git init�� GOMODCACHE e9tz4e_/ThKvzodBlPIPkS6j74YO /usr/bin/gh th .prettierignogit GO111MODULE es/.bin/node gh(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha "prettier" --write '../../../**/*.json' '!../../../pkg/workflow/-p go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile rror GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build1632609501/b421/_pkg_.a -trimpath /usr/bin/git -p main -lang=go1.25 git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env *.json' '!../../../pkg/workflow/js/**/*.json' ---p GO111MODULE rgo/bin/bash GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha list --json /usr/bin/git --workflow nonexistent-workrev-parse --limit git rev-�� --show-toplevel x_amd64/link /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git te 'scripts/**/*git GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git rev-�� --show-toplevel go /usr/bin/git blog-auditor.md on ache/go/1.25.0/x--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/TestHashStability_SameInputSameOutput4195047097/001/stability-test.md go /usr/bin/git with-tools.md GO111MODULE 64/bin/go git chec�� .github/workflows/test.md go /usr/bin/git -json GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha uts.branch -importcfg /usr/bin/git -s -w -buildmode=exe git rev-�� --git-dir -extld=gcc /usr/bin/git -json GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE p/bin/sh git rev-�� --show-toplevel go /usr/bin/git 0607-29303/test-git GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.prettiprettier node /hom�� --check scripts/**/*.js 64/bin/go .prettierignore x_amd64/vet 64/bin/go go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ath ../../../.pr**/*.json sh 64/bin/go tierignore x_amd64/vet 64/bin/go go env re --log-level=error GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --check scripts/**/*.js 64/bin/go -d x_amd64/vet 64/bin/go go er -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha ue.number go /usr/bin/git js/**/*.json' --git GO111MODULE 64/bin/go git -C /tmp/gh-aw-test-runs/20260326-050607-29303/test-2510313122 status /usr/bin/git .github/workflowgit GO111MODULE _modules/.bin/no--show-toplevel git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/TestHashStability_SameInputSameOutput4195047097/001/stability-test.md -tests /usr/bin/git js/**/*.json' --git GO111MODULE 64/bin/go git rev-�� --git-dir go /usr/bin/git -json GO111MODULE odules/npm/node_--show-toplevel git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha prettier --write /home/REDACTED/.local/bin/node **/*.ts **/*.json --ignore-path node /hom�� runs/20260326-050607-29303/test-352781327/custom/workflows scripts/**/*.js ache/node/24.14.0/x64/bin/node .prettierignore --log-level=errorev-parse 64/bin/go make(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --get remote.origin.url(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha ithub/workflows/ace-editor.md GOPROXY 2609501/b378/vet.cfg GOSUMDB GOWORK 64/bin/go sh -c npx prettier --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ache/go/1.25.0/xGO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link 7304886/b428/_pkgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linuf() { test "$1" = get && echo "******"; }; f get(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 0607-29303/test-2510313122 --write 0/x64/bin/node l **/*.json --ignore-path sh -has�� ithub/workflows/archie.md ache/go/1.25.0/xGO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet 7304886/b426/_pkgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linuREDACTED(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/sh GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-pgo1.25.0 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env '**/*.ts' '**/*.json' --ignore-premote.origin.url GO111MODULE de/node/bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 0/x64/bin/sh GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE de/node/bin/sh GOINSECURE GOMOD GOMODCACHE go estl�� '**/*.ts' '**/*.json' --ignore-premote.origin.url GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE 8d519d9/node_modules/.bin/prettier GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path k/gh-aw/gh-aw/tmGOSUMDB GOPROXY(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 github.com/githu-atomic -lang=go1.25 go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE rk/cnjHJRsC75-1TI1_m0Vn/uTsMpJMIC8zTipfMwGSL(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE At,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE go env */*.ts' '**/*.json' --ignore-path ../../../.prettierignore GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json GO111MODULE de GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE sh GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha re --log-level=error GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE odules/npm/node_-lang=go1.25 GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha re --log-level=e!../../../pkg/workflow/js/**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env js/**/*.json' ---errorsas GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithout_min-integrity1884405270/001 GO111MODULE n-dir/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go 0/x6�� 3019920118/.github/workflows GO111MODULE 0/x64/bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK run-script/lib/n--write /opt/hostedtoolcscripts/**/*.js -V=f�� h ../../../.pret.prettierignore node 64/bin/go -d **/*.cjs 64/bin/go go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcscripts/**/*.js -o h ../../../.pret.prettierignore -trimpath 64/bin/go -p github.com/ayman/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier -lang=go1.24 go(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build1632609501/b403/cli.test /tmp/go-build1632609501/b403/cli.test -test.testlogfile=/tmp/go-build1632609501/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOSUMDB GOWORK 64/bin/go sh -c ath ../../../.pr**/*.json node 64/bin/go tierignore --write 64/bin/go go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name prettier --check 64/bin/go **/*.ts **/*.json --ignore-path go env -json GOMOD 64/bin/go tierignore x_amd64/vet 64/bin/go go(http block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.