feat: support checkout field in importable shared workflows#26292
feat: support checkout field in importable shared workflows#26292
Conversation
Allow the `checkout` field to be defined in shared/importable workflows so it gets merged into the importing workflow, similar to how `github-app` and `tools.github` fields are already handled. This enables SideRepoOps workflows that all target the same repository to centralize the checkout block in their shared import, reducing duplication and ensuring consistency across all workflows in the pattern. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/344b0d32-2b76-466b-9597-115d6ff92823 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
🧪 Test Quality Sentinel ReportTest Quality Score: 75/100
Test Classification Details
Flagged Tests — Requires Review
|
| Component | Raw | Score |
|---|---|---|
| Behavioral Coverage (40 pts) | 4/4 design tests = 100% | 40/40 |
| Error/Edge Case Coverage (30 pts) | 2/4 tests cover edge cases (precedence, checkout:false) = 50% |
15/30 |
| Low Duplication (20 pts) | No duplicate clusters detected | 20/20 |
| Proportional Growth (10 pts) | Inflation: 239 test lines / 35 production lines = 6.8:1 (> 2:1 threshold) | 0/10 |
| Total | 75/100 |
i️ The inflation ratio is high because the new feature is tested with four distinct scenario files each requiring substantial setup. This reflects thorough scenario coverage rather than padding, but the ratio still exceeds the 2:1 mechanical threshold.
Language Support
Tests analyzed:
- 🐹 Go (
*_test.go): 4 tests — unit (//go:build !integration) - 🟨 JavaScript (
*.test.cjs,*.test.js): 0 tests
Verdict
✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). No coding-guideline violations detected. One behavioral gap noted in
TestCheckoutImportMainWorkflowTakesPrecedence— the precedence contract (whichrefwins) is not actually asserted.
📖 Understanding Test Classifications
Design Tests (High Value) verify what the system does:
- Assert on observable outputs, return values, or state changes
- Cover error paths and boundary conditions
- Would catch a behavioral regression if deleted
- Remain valid even after internal refactoring
Implementation Tests (Low Value) verify how the system does it:
- Assert on internal function calls (mocking internals)
- Only test the happy path with typical inputs
- Break during legitimate refactoring even when behavior is correct
- Give false assurance: they pass even when the system is wrong
Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.
🧪 Test quality analysis by Test Quality Sentinel · ● 451.9K · ◷
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Test Quality Sentinel: 75/100. Test quality is acceptable — 0% of new tests are implementation tests (threshold: 30%). One behavioral gap noted: TestCheckoutImportMainWorkflowTakesPrecedence never asserts found.Ref == "feature-branch", so the core precedence contract (main workflow's ref overrides shared workflow's ref) is not actually verified. See the full report in the comment above.
There was a problem hiding this comment.
Pull request overview
This PR enables shared/importable workflows to define checkout: in frontmatter so importing workflows can inherit checkout configuration without repeating it.
Changes:
- Added import-time extraction/accumulation of
checkoutfrontmatter from imported workflows and surfaced it viaImportsResult. - Merged imported checkout configs into
WorkflowData.CheckoutConfigs(respectingcheckout: falsein the main workflow). - Added unit tests and updated documentation to describe
checkoutimport/merge semantics.
Show a summary per file
| File | Description |
|---|---|
| pkg/parser/import_processor.go | Extends ImportsResult to carry merged imported checkout JSON. |
| pkg/parser/import_field_extractor.go | Extracts checkout from imported frontmatter and accumulates values for later compilation. |
| pkg/workflow/compiler_orchestrator_workflow.go | Appends imported checkout configs into workflowData.CheckoutConfigs (skips when checkout: false). |
| pkg/workflow/checkout_import_test.go | Adds tests for checkout import/merge scenarios. |
| docs/src/content/docs/reference/imports.md | Documents checkout: as an allowed shared-workflow import field and its merge rules. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 5/5 changed files
- Comments generated: 4
| // Merge checkout configs from imported shared workflows. | ||
| // Imported configs are appended after the main workflow's configs so that the main | ||
| // workflow's entries take precedence when CheckoutManager deduplicates by (repository, path). | ||
| // checkout: false in the main workflow disables all checkout (including imports). | ||
| if !workflowData.CheckoutDisabled && importsResult.MergedCheckout != "" { | ||
| for line := range strings.SplitSeq(strings.TrimSpace(importsResult.MergedCheckout), "\n") { |
There was a problem hiding this comment.
The merge strategy here assumes that placing imported checkout configs after the main workflow guarantees main-workflow precedence, but CheckoutManager merges auth fields independently and the checkout step generator prefers github-app over github-token. If the main checkout has a github-token and an imported duplicate (same repository/path) has a github-app (or receives a top-level github-app fallback), the imported github-app will be merged in and will effectively override the main token at render time. Consider enforcing mutual exclusivity/precedence during merging (e.g., once a token is set for a key, ignore later github-app for that key, and vice versa), or merging/deduping checkouts before applying top-level github-app fallbacks so imports cannot change the chosen auth method for an existing main checkout target.
| if err := json.Unmarshal([]byte(line), &raw); err != nil { | ||
| orchestratorWorkflowLog.Printf("Failed to unmarshal imported checkout JSON from line %q: %v", line, err) | ||
| continue | ||
| } | ||
| importedConfigs, err := ParseCheckoutConfigs(raw) | ||
| if err != nil { | ||
| orchestratorWorkflowLog.Printf("Failed to parse imported checkout configs from JSON %q: %v", line, err) | ||
| continue |
There was a problem hiding this comment.
These error logs include the full imported checkout JSON payload (line %q / JSON %q). Checkout configs can contain sensitive values (e.g., an accidentally inlined PAT or private key), so logging the full JSON risks credential exposure in logs. Prefer logging only the import source path and a short/truncated snippet or a hash, and avoid printing raw auth fields.
| | `runtimes:` | Main overrides imports; imported values fill in unspecified fields. | | ||
| | `services:` | All services merged; duplicate names fail compilation. | | ||
| | `github-app:` | Main workflow's `github-app` takes precedence; first imported value fills in if main does not define one. | | ||
| | `checkout:` | Imported checkout entries are appended after the main workflow's entries. For duplicate (repository, path) pairs, the main workflow's entry takes precedence. `checkout: false` in the main workflow disables all checkout including imported entries. | |
There was a problem hiding this comment.
The documented precedence for duplicate (repository, path) pairs implies the main workflow always wins, but with current CheckoutManager merge behavior an imported duplicate that has (or receives a top-level fallback) github-app can effectively override a main checkout's github-token because app-auth takes precedence when generating checkout steps. Either adjust the implementation to preserve main precedence for auth selection, or clarify this caveat explicitly in the merge semantics.
| | `checkout:` | Imported checkout entries are appended after the main workflow's entries. For duplicate (repository, path) pairs, the main workflow's entry takes precedence. `checkout: false` in the main workflow disables all checkout including imported entries. | | |
| | `checkout:` | Imported checkout entries are appended after the main workflow's entries. For duplicate (repository, path) pairs, the main workflow's entry remains the primary merged entry, but authentication has an important caveat: if an imported duplicate defines `github-app` (or inherits it from top-level `github-app` fallback), that app auth can still be selected ahead of a main entry's `github-token` when checkout steps are generated. `checkout: false` in the main workflow disables all checkout including imported entries. | |
pkg/workflow/checkout_import_test.go
Outdated
| // Find the entry for target-repo path | ||
| var found *CheckoutConfig | ||
| for _, cfg := range data.CheckoutConfigs { | ||
| if cfg.Path == "target-repo" { | ||
| found = cfg | ||
| break | ||
| } | ||
| } | ||
| require.NotNil(t, found, "Should find checkout config for target-repo path") | ||
| assert.Equal(t, "org/target-repo", found.Repository, "Repository should be org/target-repo") |
There was a problem hiding this comment.
This test doesn't currently assert the precedence behavior it describes (e.g., that the main workflow's ref/token/app settings are the ones that end up being used after checkout dedup/merge). As written it only checks that a config for the path exists, so a regression where the imported entry overrides the main entry (especially around github-token vs github-app / top-level github-app fallback) would still pass. Consider asserting the ref (feature-branch) and adding a case that validates auth precedence for a duplicate (repository, path) during final checkout step generation.
| // Find the entry for target-repo path | |
| var found *CheckoutConfig | |
| for _, cfg := range data.CheckoutConfigs { | |
| if cfg.Path == "target-repo" { | |
| found = cfg | |
| break | |
| } | |
| } | |
| require.NotNil(t, found, "Should find checkout config for target-repo path") | |
| assert.Equal(t, "org/target-repo", found.Repository, "Repository should be org/target-repo") | |
| // Find the deduplicated entry for target-repo path. | |
| var found *CheckoutConfig | |
| matchingCount := 0 | |
| for i := range data.CheckoutConfigs { | |
| cfg := &data.CheckoutConfigs[i] | |
| if cfg.Path == "target-repo" { | |
| matchingCount++ | |
| found = cfg | |
| } | |
| } | |
| require.NotNil(t, found, "Should find checkout config for target-repo path") | |
| assert.Equal(t, 1, matchingCount, "Duplicate checkout entries for the same repository/path should be merged") | |
| assert.Equal(t, "org/target-repo", found.Repository, "Repository should be org/target-repo") | |
| assert.Equal(t, "feature-branch", found.Ref, "Main workflow checkout should take precedence for ref after merge") |
…imports Generated by Design Decision Gate workflow run 24424945242. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Commit pushed:
|
🏗️ Design Decision Gate — ADR RequiredThis PR makes significant changes to core business logic (>100 new lines in AI has analyzed the PR diff and generated a draft ADR to help you get started: 📄 Draft ADR: The draft captures:
What to do next
Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision. Why ADRs Matter
ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you. 📋 Michael Nygard ADR Format ReferenceAn ADR must contain these four sections to be considered complete:
All ADRs are stored in
Note 🔒 Integrity filter blocked 1 itemThe following item were blocked because they don't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | none
|
|
@copilot review all comments |
…gging safety - checkout_manager.go: Once github-token or github-app is set for a (repository, path) entry, the other auth method from a later (imported) config is ignored. This preserves the main workflow's auth choice over imported defaults. - compiler_orchestrator_workflow.go: Remove raw JSON payload from debug log messages to avoid accidentally logging sensitive credential values. - checkout_import_test.go: Assert deduplication count and ref precedence via NewCheckoutManager; add TestCheckoutImportAuthPrecedence to verify that a main workflow github-token is not overridden by an imported github-app. - imports.md: Update checkout merge semantics to document auth mutual exclusivity. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/9efa9bc4-2a9e-40c4-8886-85d107f7c0f4 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Addressed all review comments in commit 31f689f:
|
The
checkoutfield couldn't be defined in shared/importable workflows, forcing every SideRepoOps workflow to redundantly declare the same target-repo checkout block.Changes
pkg/parser/import_processor.go: AddedMergedCheckout stringtoImportsResultpkg/parser/import_field_extractor.go: Extractscheckoutfrom each imported workflow's frontmatter and accumulates as JSON (one value per line)pkg/workflow/compiler_orchestrator_workflow.go: Merges imported checkout configs intoworkflowData.CheckoutConfigsafter the main workflow's entries — main workflow takes precedence viaCheckoutManagerdeduplication on(repository, path)key;checkout: falsesuppresses all importspkg/workflow/checkout_import_test.go: Tests covering basic import, main-workflow override,checkout: falsesuppression, and multi-import mergingdocs/src/content/docs/reference/imports.md: Addedcheckout:to allowed import fields and documented merge semanticsExample
A shared side-repo import can now centralize the checkout block:
Any workflow importing
shared/side-repository.mdautomatically inherits the checkout config without repeating it.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw rg/x/text@v0.36.rev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 3116-48049/test-git _cnJ/4Be12s2Y-Oerev-parse 602902/b169=> git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/node/24.14.--show-toplevel git rev-�� --show-toplevel sh /usr/bin/git bility_SameInputgit GOPROXY t git(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name npx prettier --c-p GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh -c "prettier" --che-p sh 64/bin/go tierignore go e_wasm.s go(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha vars.MY_VAR go /usr/bin/git tmatter-with-nesgit c1d13037760af41crev-parse 64/pkg/tool/linu--show-toplevel /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git _.a GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --noprofile go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel 60af41cd /usr/bin/git -json GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel -goversion /usr/bin/git -c=4 -nolocalimports -importcfg git -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /usr/bin/git -json GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha GOMODCACHE go git -json flow-test-12345 64/bin/go git remo�� add remote2 tnet/tools/bash json' --ignore-pgit GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha report.md GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm rtcf�� -json om/yosida95/uritemplate/v3@v3.0.2/compile.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE 602902/b092/ GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuTest User(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linutest@example.com /usr/bin/git b/workflows GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git 96/001/test-emptgit GFI5vTWRl ache/go/1.25.8/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linumyorg /usr/bin/git licyBlockedUsersgit -trimpath /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linuTest User /usr/bin/git -bool -buildtags 1/x64/bin/node git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linu/tmp/file-tracker-test3220413173/test2.lock.yml /usr/bin/git Z_8Baherd rg/x/sys@v0.43.0^From [0-9a-f]\{40\} ache/go/1.25.8/x/tmp/gh-aw/aw-master.patch git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 602902/b155/_pkggit rg/x/oauth2@v0.3rev-parse ache/go/1.25.8/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ub.actor }} go /usr/bin/git ithub/workflows/grep GO111MODULE ache/node/24.14./tmp/gh-aw/aw-master.patch git rev-�� --show-toplevel go /opt/hostedtoolcache/node/24.14.1/x64/bin/node sistency_GoAndJagit GO111MODULE /usr/sbin/sh /opt/hostedtoolcache/node/24.14.1/x64/bin/node(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build981602902/b254/importcfg -pack /home/REDACTED/go/pkg/mod/golang.org/x/mod@v0.35.0/semver/semver.go /opt�� prettier --check 64/bin/go **/*.ts **/*.json --ignore-path git(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha "prettier" --che-p sh 64/bin/go tierignore go 64/bin/go ha8_stub.s env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha --check .go 64/bin/go .prettierignore go 64/bin/go go env -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha remove remote1 /usr/bin/git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha sistency_GoAndJavaScript322355221/001/test-inlined-imports-enabled-with-body-content.md security /usr/local/sbin/bash -nxv GO111MODULE 8d519d9/node_mod--show-toplevel bash --no�� --noprofile go ache/node/24.14.1/x64/bin/node 3531215125 GO111MODULE ache/go/1.25.8/x--show-toplevel gcc(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha t0 x_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -t security /usr/local/.ghcup/bin/bash OUTPUT -d 168.63.129.16 bash --no�� --noprofile conntrack /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm INVALID,NEW -j DROP /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha SeTZ/Eew8SN7YLWlm_XrSSeTZ -buildtags ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert -nilfunc ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet 7397�� --symref 7397072/b422/_testmain.go 7397072/b431/vet.cfg npx prettier --cgh(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha GOMODCACHE go 1/x64/bin/bash -json GO111MODULE 64/bin/go git conf�� user.email test@example.com(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 3116-48049/test-3040999259/.github/workflows rg/x/text@v0.36.0/message/catalog.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE entropy ache/go/1.25.8/x--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile env 3116-48049/test-1745497842 h5RJ/fhSiz4P0ozPJ9_2Hh5RJ res.lock.yml GOINSECURE osh-tekuri/jsonsrev-parse GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 83221838 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE fips140/mlkem 602902/b078/syma--show-toplevel 64/pkg/tool/linux_amd64/compile -c g_.a EuIi/QLX65JRSUvpCHrYwEuIi 1/x64/bin/node GOSUMDB eutil 64/bin/go e/git(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 3116-48049/test-1114667484 rTOi/gKjgtBqA_nQbbyq8rTOi 602902/b254=> GOINSECURE /semver GOMODCACHE /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-goversion -o ithub-script/git/ref/tags/v9 -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-importcfg -p internal/profilerev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linurev-parse(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha = get && echo "******"; }; f get = get && echo "******"; }; f get /opt/hostedtoolcache/node/24.14.1/x64/bin/node lic_1059060648/0git GO111MODULE x_amd64/vet node /tmp�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/artifacts-summary.md x_amd64/vet /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha sistency_GoAndJavaScript322355221/001/test-inlined-imports-enabled-with-body-content.md go /home/REDACTED/.local/bin/bash 1219202835/.githgit GO111MODULE 86_64/node bash --no�� --noprofile go /home/REDACTED/.config/composer/vendor/bin/bash 1061966211 GO111MODULE 64/pkg/tool/linu--show-toplevel bash(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha sistency_GoAndJavaScript3612014096/001/test-frontmatter-with-nested-objects.md SSt3JQqVRjkcjNZiRS1g/SSt3JQqVRjkcjNZiRS1g /usr/bin/git -goversion go1.25.8 -c=4 git conf�� --get remote.origin.url /usr/bin/git --check **/*.cjs 64/bin/go git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha /repos/actions/github-script/git/ref/tags/v9 --jq 64/pkg/tool/linux_amd64/link h ../../../.pretgit GO111MODULE 64/bin/go 64/pkg/tool/linux_amd64/link conf�� kflow.test remote.origin.url ortcfg.link -json GO111MODULE 64/bin/go oYN2grmAyDyEoNT8xb/rZqyXgxJ0o7btUSVPYgU/qwgBud4FORLtyc4EYutA(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows/approach-validator.md Test User 64/pkg/tool/linux_amd64/vet -goversion go1.25.8 -c=4 64/pkg/tool/linux_amd64/vet -1 xterm-color -pack /usr/bin/git 85069929/001' 85069929/001' 64/bin/go git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha /tmp/gh-aw-test-runs/20260414-214125-62861/test-786185974/.github/workflows rev-parse /usr/bin/git h ../../../.pretgit GO111MODULE 64/bin/go git conf�� user.email test@example.com(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name til.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1114667484 k1Ubnk-ff ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 glpNKSOQr 64/pkg/tool/linux_amd64/compile GOINSECURE tants GOMODCACHE 64/pkg/tool/linux_amd64/compile env _.a GO111MODULE ck GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE ode GOINSECURE GOMOD GOMODCACHE go 1/x6�� -json GO111MODULE t GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name rotocol/go-sdk@v1.5.0/internal/mcpgodebug/mcpgodebug.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env ithub/workflows B-Au8vNkW ache/go/1.25.8/x64/bin/go GOINSECURE go-sdk/internal//tmp/test-expr-726851995.js GOMODCACHE go(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 0/internal/language/common.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1001521622 JytyNgNV_ x_amd64/compile GOINSECURE gset GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name itcustom_branch3645381464/002/work ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_only_defaults_repo2660193029/001 GO111MODULE de_modules/.bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env ithub/workflows xpQFH7LFx /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE go-sdk/internal//tmp/test-expr-1024498172.js GOMODCACHE go(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 0/internal/tag/tag.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1001521622 5-yTJqrnP /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE age GOMODCACHE go(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name LsRemoteWithRealGitcustom_branch3645381464/001' ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_only_defaults_repo2660193029/001 GO111MODULE ules/.bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name ohNRO1y8b 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com env 1286754225 go x_amd64/compile GOINSECURE pguts GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 OkGlq_83D 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env _.a Y_7BzNNuM ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuconfig(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 1/x6�� ithout_min-integrity2768539396/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name 0/internal/language/compact/compact.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD bis ylQP4Z8/vCNYLdc7D8RXanEmFBss env _.a 3GMM57Ps3 ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE util GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 ri/jsonschema/v6@v6.0.2/kind/kind.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env _.a YfB4YDUdE ache/go/1.25.8/x64/pkg/tool/linu-buildmode=exe GOINSECURE chema/v6 GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linurev-parse(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name LsRemoteWithRealGitbranch_with_hyphen2744932291/001' 1/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node GOINSECURE GOMOD GOMODCACHE go 1/x6�� ithout_min-integrity2768539396/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD bis 64/pkg/tool/linux_amd64/compile 64/s�� _.a sNGC5r73k ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE pproxy GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 4LOc7tzcC 64/pkg/tool/linu-importcfg GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/scripts/lint_error_messages_test.go env _.a deRMpwyMD ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name itbranch_with_hyphen2744932291/002/work ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 1/x6�� ithout_min-integrity2768539396/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD bis 64/pkg/tool/linu/tmp/go-build3187397072/b444/_testmain.go env _.a rtcfg ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE age/compact GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE xbyte_wasm.o 64/src/internal/bytealg/indexbyt/repos/github/gh-aw/git/ref/tags/v3.0.0 64/pkg/tool/linux_amd64/compile env _.a 64jHUho52 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE n-dir/node GOINSECURE GOMOD GOMODCACHE go 1/x6�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build3187397072/b411/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go /hom�� --check scripts/**/*.js 64/bin/go .prettierignore go 64/bin/go y.s(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linuTest User env _.a Zf4ikgLhb 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel -extld=gcc /usr/bin/git aw.test GO111MODULE ortcfg.link git rev-�� --show-toplevel ktnCH5doF-5Im3wE4W/X2lamLNGwUyQxU_H_V1q/NFRcWG7Dconfig /usr/bin/git 602902/b106/_pkg/bin/sh g/typeutil/conve-c g_.a git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel go 1/x64/bin/node -json GO111MODULE e/git-upload-pac--show-toplevel 1/x64/bin/node rev-�� mber }}: ${{ github.event.issue.title }} go 1/x64/bin/node -json GO111MODULE 1/x64/bin/node 1/x64/bin/node(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha _.a DW6KATJ4J 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a FSSLThW2J ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE ole GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuconfig(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha DefaultBranchFromLsRemoteWithRealGitcustom_branch3645381464/001' DefaultBranchFromLsRemoteWithRealGitcustom_branch3645381464/001' /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env heck '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE k/_temp/uv-python-dir/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE iE8t3kR/vbNrLVZ2rev-parse(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json o x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE fg8y38H/0QMSY89Erev-parse GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 047906696/001 047906696/002/work _modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha rity1173101938/001 UHEwN-QbQ aw.test GOINSECURE GOMOD GOMODCACHE aw.test estl�� rtcfg CLJOlIPxV x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE k/gh-aw/gh-aw/actions/setup/node_modules/.bin/node GOINSECURE GOMOD GOMODCACHE go ache�� -json GO111MODULE ache/go/1.25.8/x64/bin/node GOINSECURE GOMOD GOMODCACHE erignore(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE l/format GOMODCACHE 64/pkg/tool/linux_amd64/cgo env t5smDhwOz GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env */*.ts' '**/*.json' --ignore-path ../../../.pret-- GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go node /hom�� --check go 64/bin/go .prettierignore go 64/bin/go go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK 64/bin/go node /hom�� --check scripts/**/*.js 64/bin/go .prettierignore go y.s go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build3187397072/b397/cli.test /tmp/go-build3187397072/b397/cli.test -test.testlogfile=/tmp/go-build3187397072/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build981602902/b175/importcfg -pack -c npx prettier --c-p GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)/tmp/go-build1357022149/b397/cli.test /tmp/go-build1357022149/b397/cli.test -test.testlogfile=/tmp/go-build1357022149/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true ch git run-script/lib/n-json go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name npx prettier --c-p GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh -c "prettier" --che-p d.go 64/bin/go tierignore go 64/bin/go go(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE de GOINSECURE GOMOD GOMODCACHE go(http block)If you need me to access, download, or install something from one of these locations, you can either: