fix: canary_go gracefully handles missing test-result artifacts and runs on main only#23612
Closed
fix: canary_go gracefully handles missing test-result artifacts and runs on main only#23612
Conversation
Implements the trusted-users feature for the GitHub MCP server guard policy: - Add TrustedUsers/TrustedUsersExpr fields to GitHubToolConfig - Add parsing for trusted-users in tools_parser.go (same pattern as blocked-users) - Add validation for trusted-users in tools_validation.go (requires min-integrity) - Add EnvVarGitHubTrustedUsers constant in pkg/constants/constants.go - Update getGitHubGuardPolicies() to include trusted-users in allow-only policy - Update generateParseGuardVarsStep to pass GH_AW_TRUSTED_USERS_* env vars - Update parse_guard_list.sh to process trusted-users alongside blocked-users - Update cache_integrity.go to properly include trusted-users in cache key - Update main_workflow_schema.json to add trusted-users schema definition - Add tests in compile_guard_policy_test.go and tools_validation_test.go - Update frontmatter-full.md and access control specification docs Agent-Logs-Url: https://github.com/github/gh-aw/sessions/cd194832-da7e-4ca5-8540-1e7fb73bbdb2 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
…ng and comments Agent-Logs-Url: https://github.com/github/gh-aw/sessions/cd194832-da7e-4ca5-8540-1e7fb73bbdb2 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
…acts downloaded When all test jobs are cancelled (e.g., due to an earlier CI failure), the `actions/download-artifact` action downloads 0 artifacts and never creates the `test-results` directory. The subsequent `find test-results` command fails with "No such file or directory". Fix by: 1. Creating `test-results` dir explicitly before running `find` 2. Handling the case where no JSON artifacts exist: create empty executed-tests.txt 3. Skipping coverage comparison when no test data is available, with a clear message Agent-Logs-Url: https://github.com/github/gh-aw/sessions/0c4bcdc3-11f9-4f7d-8e37-f9ae067c9647 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix the failing GitHub Actions workflow canary_go
fix: canary_go gracefully handles missing test-result artifacts
Mar 31, 2026
Collaborator
|
@copilot only execute canary-go for the main branch |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
💥 [THE END] — Illustrated by Smoke Claude
| - name: List downloaded artifacts | ||
| run: | | ||
| set -euo pipefail | ||
| mkdir -p test-results |
Contributor
There was a problem hiding this comment.
Good defensive fix — ensuring test-results/ always exists prevents the find command from failing when no artifacts were downloaded. This is a pattern worth documenting in the CI README for future contributors.
| fi | ||
| ./scripts/compare-test-coverage.sh all-tests.txt executed-tests.txt | ||
|
|
||
| - name: Upload test coverage report |
Contributor
There was a problem hiding this comment.
The empty-file guard with [ ! -s executed-tests.txt ] is a clean way to handle the no-artifacts case. The warning messages are informative and actionable.
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/8f58a511-ef49-46a9-a631-b95b810d2e64 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Copilot
AI
changed the title
fix: canary_go gracefully handles missing test-result artifacts
fix: canary_go gracefully handles missing test-result artifacts and runs on main only
Mar 31, 2026
Base automatically changed from
copilot/feat-add-trusted-users-config-schema
to
main
March 31, 2026 01:39
Collaborator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
canary_gocrashes withfind: 'test-results': No such file or directorywhen upstream test jobs are cancelled —actions/download-artifactonly creates the destination directory when it actually downloads files, so zero matches leaves nothing on disk.Changes
mkdir -p test-resultsso the directory always exists regardless of download outcomeexecuted-tests.txtwith a warning when no artifacts are presentexecuted-tests.txtis empty, emitting a clear message instead of a misleading failuregithub.ref == 'refs/heads/main'to theifcondition socanary_goonly runs on pushes tomain, not on pull requests or other branchesOriginal prompt
✨ PR Review Safe Output Test - Run 23775212172