fix: don't exclude COPILOT_GITHUB_TOKEN from AWF container when copilot-requests feature is enabled#25479
Closed
fix: don't exclude COPILOT_GITHUB_TOKEN from AWF container when copilot-requests feature is enabled#25479
Conversation
…ot-requests feature is enabled Agent-Logs-Url: https://github.com/github/gh-aw/sessions/1f3b047d-4ae8-4d35-8943-8a29aace3438 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
pelikhan
April 9, 2026 13:28
View session
Contributor
|
❌ Tool validation failed! Agent Container Smoke Test detected missing tools: failed |
Contributor
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Contributor
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
Contributor
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
Contributor
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes Copilot CLI startup failures in AWF-containerized runs when features: copilot-requests: true by ensuring COPILOT_GITHUB_TOKEN is available inside the container (it is set to ${{ github.token }} in that mode) while preserving the existing exclusion behavior for PAT-based workflows.
Changes:
- Update Copilot engine AWF invocation to conditionally exclude
COPILOT_GITHUB_TOKENonly when it contains a secret PAT (not when using${{ github.token }}viacopilot-requests). - Add/adjust unit tests asserting
COPILOT_GITHUB_TOKENexclusion behavior for both modes. - Regenerate workflow lock files so AWF command lines omit
--exclude-env COPILOT_GITHUB_TOKENfor workflows usingcopilot-requests.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/copilot_engine_execution.go | Conditionally excludes COPILOT_GITHUB_TOKEN from AWF only for PAT-based mode; keeps it in-container for copilot-requests. |
| pkg/workflow/gh_cli_mount_test.go | Adds test to ensure COPILOT_GITHUB_TOKEN is not excluded when copilot-requests is enabled; updates existing assertion text. |
| .github/workflows/test-quality-sentinel.lock.yml | Regenerated AWF command in lock output to drop --exclude-env COPILOT_GITHUB_TOKEN for copilot-requests workflows. |
| .github/workflows/smoke-update-cross-repo-pr.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/smoke-create-cross-repo-pr.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/security-review.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/refactoring-cadence.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/firewall-escape.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/draft-pr-cleanup.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/docs-noob-tester.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/discussion-task-miner.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/dictation-prompt.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/dev.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/dev-hawk.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/delight.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/dead-code-remover.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-workflow-updater.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-testify-uber-super-expert.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-syntax-error-quality.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-semgrep-scan.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-secrets-analysis.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-safe-output-integrator.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-repo-chronicle.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-news.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-mcp-concurrency-analysis.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-malicious-code-scan.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-file-diet.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-compiler-quality.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-cli-performance.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-assign-issue-to-user.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/daily-architecture-diagram.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/copilot-token-optimizer.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/copilot-token-audit.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/copilot-pr-prompt-analysis.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/copilot-pr-nlp-analysis.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/copilot-pr-merged-report.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/copilot-cli-deep-research.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/code-scanning-fixer.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/cli-consistency-checker.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/ci-coach.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/breaking-change-checker.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/brave.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/auto-triage-issues.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/artifacts-summary.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/architecture-guardian.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/archie.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/agent-performance-analyzer.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
| .github/workflows/craft.lock.yml | Same lock regeneration to reflect conditional exclusion behavior. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 48/48 changed files
- Comments generated: 1
Comment on lines
+228
to
+236
| // When copilot-requests feature is enabled, COPILOT_GITHUB_TOKEN is set to | ||
| // ${{ github.token }} — a scoped Actions token, not a long-lived secret. The | ||
| // Copilot CLI v1.0.20+ validates this token at startup before making API calls, | ||
| // so it must be present inside the AWF container. We therefore only add it to | ||
| // the exclude list when it holds a PAT (${{ secrets.COPILOT_GITHUB_TOKEN }}), | ||
| // where leakage would be higher risk. | ||
| var coreExcludeVarNames []string | ||
| if !useCopilotRequests { | ||
| coreExcludeVarNames = []string{"COPILOT_GITHUB_TOKEN"} |
There was a problem hiding this comment.
In copilot-requests mode, this change intentionally stops excluding COPILOT_GITHUB_TOKEN, which makes the scoped ${{ github.token }} readable inside the AWF container via env/printenv (and usable for direct API calls). If that exposure is acceptable, consider adding a brief note (either here or in the workflow docs) that workflows enabling copilot-requests should keep permissions: as least-privilege, since the token is now available to in-container shell tools as well as the Copilot CLI.
Contributor
|
Commit pushed:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Copilot CLI v1.0.20+ validates
COPILOT_GITHUB_TOKENat startup before making any API calls. Withfeatures: copilot-requests: true, this token is${{ github.token }}— not a secret — but was unconditionally added to AWF's--exclude-envlist, causing the binary to silently exit with code 1 (~1.75s after spawn, no output).Changes
copilot_engine_execution.go: MoveuseCopilotRequestscomputation before theBuildAWFCommandcall. Only includeCOPILOT_GITHUB_TOKENincoreExcludeVarNameswhen the token is a PAT (${{ secrets.COPILOT_GITHUB_TOKEN }}); omit it when the copilot-requests feature is active.gh_cli_mount_test.go: Add test assertingCOPILOT_GITHUB_TOKENis not excluded whenfeatures: copilot-requests: true; update existing test comment to reflect the conditional nature.Lock files: Recompiled 46 workflows. Workflows with
copilot-requests: truenow drop--exclude-env COPILOT_GITHUB_TOKENfrom the AWF command. Workflows using a PAT are unchanged.Security rationale
${{ github.token }}in copilot-requests mode carries only the scoped permissions declared in the workflow — equivalent to what the agent already accesses via GitHub MCP tools. Long-lived PATs remain excluded as before.Changeset
features: copilot-requests: trueno longer excludeCOPILOT_GITHUB_TOKENfrom the AWF container, while PAT-based tokens continue to be excluded.