Stabilize wasm golden comparison by normalizing AWF --image-tag digest suffixes

[Copilot]

make test-wasm was failing due to non-semantic diffs in generated workflow YAML. The wasm output included digest-qualified --image-tag fragments that were not normalized in the Node golden comparator, causing false mismatches.

• Root cause

  • wasm golden comparison normalized @sha256:... image refs, but not AWF CLI --image-tag suffixes like ,squid=sha256:....

• Change

  • Extended scripts/test-wasm-golden.mjs normalization pipeline with normalizeAWFImageTagDigests(...).
  • Updated normalize(...) to apply this new pass alongside existing heredoc and container digest normalization.

• Effect

  • Golden comparison now ignores environment-dependent AWF image-tag digest noise and compares semantic workflow output.

function normalizeAWFImageTagDigests(content) {
  return content.replace(/,[a-z-]+=sha256:[0-9a-f]{64}/g, "");
}

function normalize(content) {
  return normalizeAWFImageTagDigests(
    normalizeContainerPins(normalizeHeredocDelimiters(content))
  );
}

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Stabilizes make test-wasm golden comparisons by normalizing AWF CLI --image-tag digest suffix noise so semantically identical generated workflow YAML does not fail due to environment-dependent image digests.

Changes:

• Added a new normalization pass to strip ,name=sha256:<digest> fragments in AWF --image-tag values.
• Updated the normalize(...) pipeline to apply the new AWF-specific normalization in addition to existing delimiter and container digest normalizations.

Show a summary per file

File	Description
scripts/test-wasm-golden.mjs	Adds AWF --image-tag digest suffix normalization and wires it into the existing normalization pipeline.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 2

[Copilot]

The regex key pattern [,a-z-]+ may be too restrictive for AWF --image-tag keys (e.g., if they can include digits). If a key like foo2=sha256:... appears, it won’t be normalized and the original flakiness can persist. Consider broadening the key character class (e.g., include 0-9) to match all valid tag keys used by AWF.

Suggested change

	// Mirrors normalizeOutput() in pkg/workflow/wasm_golden_test.go.
	function normalizeAWFImageTagDigests(content) {
	return content.replace(/,[a-z-]+=sha256:[0-9a-f]{64}/g, "");
	// Accept lowercase letters, digits, and hyphens in tag keys so valid keys
	// like "foo2" are normalized consistently.
	// Mirrors normalizeOutput() in pkg/workflow/wasm_golden_test.go.
	function normalizeAWFImageTagDigests(content) {
	return content.replace(/,[a-z0-9-]+=sha256:[0-9a-f]{64}/g, "");

[Copilot]

This replacement will strip any ,name=sha256:<digest> pattern anywhere in the rendered output, not just within AWF --image-tag arguments. To reduce the risk of accidentally normalizing unrelated content that happens to match the pattern, consider scoping the replacement to contexts that clearly indicate an --image-tag value (e.g., only within --image-tag arguments or the specific YAML field/line formats emitted by the generator).

Suggested change

	return content.replace(/,[a-z-]+=sha256:[0-9a-f]{64}/g, "");
	const imageTagDigestSuffix = /,[a-z-]+=sha256:[0-9a-f]{64}/g;
	return content
	.split("\n")
	.map((line) => {
	if (line.includes("--image-tag") || line.includes("image-tag:")) {
	return line.replace(imageTagDigestSuffix, "");
	}
	return line;
	})
	.join("\n");