Skip to content

fix: gate push_repo_memory on agent success#28894

Merged
pelikhan merged 3 commits intomainfrom
copilot/fix-only-push-repo-memory-on-success
Apr 28, 2026
Merged

fix: gate push_repo_memory on agent success#28894
pelikhan merged 3 commits intomainfrom
copilot/fix-only-push-repo-memory-on-success

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 28, 2026
edited
Loading

push_repo_memory ran even when the agent failed or timed out, writing incomplete/corrupt state to the memory branch. The condition needs.agent.result != 'skipped' is true for failure as well as success.

Changes

  • pkg/workflow/repo_memory.go: Replace agentNotSkipped (!= 'skipped') with agentSucceeded (== 'success') in the push_repo_memory job condition — both with and without threat detection enabled. Aligns with how update_cache_memory already gates on agent success in cache.go.
# Before
always() && (!cancelled()) && needs.agent.result != 'skipped'

# After
always() && (!cancelled()) && needs.agent.result == 'success'
  • pkg/workflow/repo_memory_test.go: Update condition assertions to match.
  • *.lock.yml: Recompiled all affected workflows.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env ortcfg GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-buildmode=exe GOINSECURE fips140deps/cpu GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
    • Triggering command: /usr/bin/gh gh repo view owner/repo 3736�� 2418668673/.github/workflows DFryr79XR ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-buildtags env t4234964626/.github/workflows GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh repo view owner/repo env 2418668673 CHrYwEuIi ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath env t4234964626 GO111MODULE .yml GOINSECURE (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git ithub/workflows GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linuTest User /usr/bin/git 77/001/test-fronnode om/segmentio/asm/opt/hostedtoolcache/node/24.14.1/x64/bin/npm .cfg git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv 5520-33462/test-3575641347 --jq /usr/bin/git -json GO111MODULE x_amd64/compile git add /tmp/file-tracker-test1959105936/existing.md x_amd64/compile /usr/bin/git -json 1.5.0/internal/mrev-parse x_amd64/compile git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 5520-33462/test-3837506809/.github/workflows TE68/Ns65yq8CR2ZxCmVfTE68 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linu/tmp/go-build3373603451/b444/_testmain.go /usr/bin/git 5540/001/stabilitr nTLC/e3WDbj-6Hz_\n ache/go/1.25.8/x: git rev-�� --show-toplevel ortcfg /usr/bin/git g/repoutil/repougit g/repoutil/repourev-parse /opt/hostedtoolc--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git sistency_WithImpgit remote.origin.urrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git s/test.md s/3/artifacts /tmp/go-build337--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv tutil.test '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmaster_branch3971628732/001' ortcfg.link -p math/rand -lang=go1.25 X4908EimRzvG1AHIFr/vLW-tx2f42dcm-MlvCPy/t6M8s7Cm2xpu7MOJIw7R 3603�� g/stats/statvar.go g/stats/spec_test.go g_.a -p golang.org/x/modrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x-buildtags (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv runs/20260428-095520-33462/test-2512482749 -trimpath 1/x64/bin/node -p main -lang=go1.25 git -has�� ithub/workflows/architecture-guardian.md -dwarf=false /usr/bin/git go1.25.8 -c=4 -nolocalimports git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv . go e/git ntent.md GO111MODULE 64/bin/go e/git rev-�� --show-toplevel go clusion,workflowName,createdAt,startedAt,updated/tmp/gh-aw-git-clone-3197432571 -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcconfig /usr/bin/git 4972636/b114/impgit RS1g/SSt3JQqVRjkrev-parse /opt/hostedtoolcHEAD git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git '/tmp/TestParseDgit '/tmp/TestParseDrev-parse /opt/hostedtoolc--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build2604972636/b244/importcfg -pack /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.36.0/internal/number/common.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build2604972636/b131/importcfg -pack /home/REDACTED/go/pkg/mod/github.com/modelcontextprotocol/go-sdk@v1.5.0/mcp/client.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linu--jq 3603451/b471/vet.cfg g_.a /semver/semver.grev-parse 64/pkg/tool/linu--show-toplevel infocmp -1 xterm-color 64/pkg/tool/linuremote.origin.url /tmp/go-build3373603451/b469/workflow.test y_with_repos_arrgit bbyq8rTOi 64/pkg/tool/linu--show-toplevel /tmp/go-build3373603451/b469/workflow.test (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyTrustedUsersRequiresMinIntegrity441087073/001 remote /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go r,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,disp--show-toplevel -json GO111MODULE x_amd64/compile git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ry=1 64/pkg/tool/linuremote che/go-build/2e/2ee12cfdbf66b75025a91d701dad020100141c8877aee9bc3040871e1753ce44-d g_.a ZW5eqtFbR ache/go/1.25.8/x--show-toplevel infocmp -1 xterm-color echo "��� Actionorigin /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet y_with_repos=pubgit 3GMM57Ps3 x_amd64/compile /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv mplied -trimpath 3603451/b419/vet.cfg -p set -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-buildtags -o licyMinIntegrityOnlymin-integrity_with_repos_arr-errorsas -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-nilfunc l 01' -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x-test.v=true (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv runs/20260428-095520-33462/test-2512482749 -buildtags /usr/bin/git l -ifaceassert -nilfunc git conf�� user.email test@example.com ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -json GO111MODULE 64/bin/go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv run l /usr/bin/git --detach GO111MODULE 64/bin/go git -C /tmp/TestGuardPolicyTrustedUsersRequiresMinIntegrity441087073/001 config /usr/bin/git remote.origin.urgit GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260428-095520-33462/test-485337276/.githu.github/workflows/test.md (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv user.email ings.cjs n-dir/git user.name st/suppress-warnrun tions/node_modul/tmp/go-handler-test-4ZD4Yx/slow.go forks.js rev-�� HEAD st/suppress-warnings.cjs (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv . tions/setup/js/nmain $name) { hasDiscussionsEnabled } } git-upload-pack git git-upload-pack checkout bin/git git init�� -q (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv . tions/setup/js/node_modules/vite--stdout ndor/bin/git user.email test@test.com ache/node/24.14.--require git init�� -q st/suppress-warn--conditions ache/node/24.14.development 6f2047b063b33d2b/usr/bin/gh 4e2c5970..HEAD /git st/dist/workers/-f (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch -output.go git r: $owner, name: $name) { hasDiscussionsEnabled } } -m 0d41834a849299f4-C k/node_modules/./home/REDACTED/work/gh-aw/gh-aw 1/x64/bin/node ve . tions/setup/js/node_modules/vitest/suppress-warnings.cjs r: $owner, name: $name) { hasDiscussionsEnabled } } -exist mp odules/npm/node_/home/REDACTED/work/gh-aw/gh-aw tions/setup/js/nshow (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch -M main ock.yml ules/.bin/git git /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows go run ithub/workflows git repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } featurewhoami ings.cjs 86_64/git /opt/hostedtoolcshow (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --git-dir 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a rotocol/go-sdk@vrev-parse 64/pkg/tool/linu--show-toplevel /usr/bin/git remo�� -v 64/pkg/tool/linux_amd64/compile /usr/bin/git y_only_defaults_git 5-yTJqrnP util.test git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/pkg/cli config ache/node/24.14.1/x64/bin/node l GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-importcfg t-11�� k/gh-aw/gh-aw/.github/workflows/agentic-optimiza-s -trimpath /usr/bin/git -p github.com/githurev-parse -lang=go1.25 git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyMinIntegrityOnlymin-integrittest-logs/run-5 l /tmp/go-build3373603451/b438/semverutil.test -json GO111MODULE 64/bin/go /tmp/go-build3373603451/b438/semverutil.test -tes�� -test.paniconexit0 l /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-21 GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/asm env -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE NKQxPfr/feDwSjXStImIOC-NY5wN (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-03-29 GOMOD GOMODCACHE 64/pkg/tool/linuTest User env add-source-path-2096195164 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-01-28 GOMOD GOMODCACHE 64/pkg/tool/linuremote.origin.url env ned-imports-enabled-with-env-template-expressions-in-body.md GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE eutil GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name 06SIChxms 64/pkg/tool/linux_amd64/link GOINSECURE rm GOMODCACHE 64/pkg/tool/linux_amd64/link env util.test BIoY6_isA ortcfg.link GOINSECURE GOMOD GOMODCACHE -4GmfpWzsnidAKUU7I/p67f43WHEJUTs4-oiIa1/9KqfPfOC-dwarf=false (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 k1Ubnk-ff ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm estl�� iCGQRg9lJ GO111MODULE x_amd64/vet GOINSECURE 4972636/b013/ GOMODCACHE x_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/link ns-l�� plorer.md 0kiaYELPw ortcfg.link GOINSECURE GOMOD GOMODCACHE FYD7TXdX-i1ql3kuorigin (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 z-hV-eFae 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2418668673 CHrYwEuIi ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name Cy4PJHJpH 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet ns-l�� ortcfg qrk06zUvD ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/xTest User (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 Zf4ikgLhb ionpins.test GOINSECURE GOMOD GOMODCACHE ionpins.test 3736�� ility-kit.md ASggpb24G x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE a20poly1305 abis 64/pkg/tool/linux_amd64/compile env g_.a R30X4Bcts ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 InX8DV7o_ ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE age GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile estl�� YnTZR3KAf GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linurev-parse (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/link env 3668791300/.github/workflows pKmvAbdZx ortcfg.link GOINSECURE GOMOD GOMODCACHE vQ6WXYRl159TxgeZit/Yrt675lWeJEdZBruoUCB/a4dK_HJd-extld=gcc (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 LamLkoYmy ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile env ortcfg cjNZiRS1g ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name hOYFQ3cxW 64/pkg/tool/linux_amd64/vet GOINSECURE /bidi GOMODCACHE 64/pkg/tool/linux_amd64/vet env 3668791300/.github/workflows JmzP4TwGo k GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-goversion (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE til GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm ortc�� 77/001/test-empty-frontmatter.md 64/src/internal/poll/fd.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE 4972636/b007/ GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name m0O72i2Jk 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 3668791300/.github/workflows Y9sJvruy0 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linurev-parse (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 KjIdi_zAe ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE gset GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile estl�� xH4IQXLy2 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE e/rtcov GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuconfig (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 s.o 64/src/runtime/i--show-toplevel 64/pkg/tool/linux_amd64/vet env e-analyzer.md .cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
  • https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
    • Triggering command: /tmp/go-build3373603451/b404/cli.test /tmp/go-build3373603451/b404/cli.test -test.testlogfile=/tmp/go-build3373603451/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build2604972636/b226/importcfg -pack env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url /usr/bin/git ApprovalLabelsCogit stmain.go 4972636/b254=> git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git FieldEnforcementdu -trimpath e/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv 5520-33462/test-source-field-var-test.timeout=10m0s GO111MODULE tartedAt,updatedAt,event,headBranch,headSha,displayTitle GOINSECURE 4972636/b029/ GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile ortc�� 5540/001/stability-test.md rg/x/oauth2@v0.35.0/internal/doc.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE /cpu ache/go/1.25.8/x--show-toplevel ache/go/1.25.8/x64/pkg/tool/linumyorg (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env 9335915/001 9335915/002/work x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json 1.5.0/internal/mcpgodebug/mcpgodebug.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile -Oz --enable-bugit GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE Zr/m4nyWBFxVEmNArev-parse GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 77/001/test-simple-frontmatter.m-test.timeout=10m0s GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE racev2 GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath ortc�� efaultBranchFromLsRemoteWithReal-p efaultBranchFromLsRemoteWithRealgithub.com/github/gh-aw/scripts ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-goversion (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE go-sdk/oauthex GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-test.v=true env 77/001/test-simple-frontmatter.m-test.timeout=10m0s GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE racev2 GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state ortcfg.link GOINSECURE GOMOD GOMODCACHE FYD7TXdX-i1ql3kuorigin env ortcfg GO111MODULE g_.a GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/xrepos/{owner}/{repo}/actions/runs/12346/artifacts (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test/repo
    • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch xH4IQXLy2 GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE e/rtcov GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuconfig ortc�� 4972636/b079/_pkg_.a rg/x/text@v0.36.0/internal/stringset/set.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu4 (http block)
  • invalid.example.invalid
    • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git e/git init�� e/git-receive-pa-b git ode_modules/.bin/git =receive test@example.com--git-dir=/tmp/bare-incremental-9M5BuM tnet/tools/git (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 28, 2026 that may be closed by this pull request
Only push repo memory on success #28867
Closed
Copilot AI and others added 2 commits April 28, 2026 09:51
@pelikhan
chore: initial plan for push_repo_memory success gate
80b5185 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c76a2ecd-7911-47d5-ac70-28e827e6da9f

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
fix: gate push_repo_memory on agent success instead of agent not-skipped
3918f9a 
Previously push_repo_memory would run whenever the agent result was
not 'skipped', including when the agent failed or timed out. This
caused repo memory to be updated with incomplete state.

Change the job condition to check needs.agent.result == 'success'
so that repo memory is only pushed on a successful agent run,
matching the behaviour of update_cache_memory.

Recompile all affected lock files.

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c76a2ecd-7911-47d5-ac70-28e827e6da9f

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix repo memory push to occur only on successful workflow fix: gate push_repo_memory on agent success Apr 28, 2026
Copilot AI requested a review from pelikhan April 28, 2026 10:04
@pelikhan pelikhan marked this pull request as ready for review April 28, 2026 10:06
Copilot AI review requested due to automatic review settings April 28, 2026 10:06
@github-actions github-actions Bot mentioned this pull request Apr 28, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 28, 2026

🧪 Test Quality Sentinel Report

Test Quality Score: 88/100

Excellent test quality

Metric Value
New/modified tests analyzed 1
✅ Design tests (behavioral contracts) 1 (100%)
⚠️ Implementation tests (low value) 0 (0%)
Tests with error/edge cases 1 (100%)
Duplicate test clusters 0
Test inflation detected No (0.55:1 ratio)
🚨 Coding-guideline violations None

Test Classification Details

Test File Classification Issues Detected
TestPushRepoMemoryJobConditionGatesOnAgentNotSkipped pkg/workflow/repo_memory_test.go:1303 ✅ Design None

Analysis

This PR updates existing test assertions in TestPushRepoMemoryJobConditionGatesOnAgentNotSkipped to match the behavioral change: the push-repo-memory job condition was tightened from needs.agent.result != 'skipped' to needs.agent.result == 'success'.

The test verifies a behavioral contract — the exact GitHub Actions condition string emitted for the push job. It uses:

  • assert.Equal with a descriptive message to pin the exact condition string
  • assert.Contains / assert.NotContains to check presence/absence of specific sub-expressions (including confirming the old incorrect expression is no longer present)

This is high-value test coverage: deleting this test would allow a regression in the generated condition (e.g., reverting to != 'skipped') to go undetected.

Mock libraries: ✅ None used
Assertion messages: ✅ All assertions include descriptive messages
Test inflation: ✅ No (test: 6 lines changed, production: 11 lines changed — ratio 0.55:1)

Language Support

Tests analyzed:

Verdict

Check passed. 0% of modified tests are implementation tests (threshold: 30%). The test update accurately reflects the behavioral contract change and provides strong protection against regression.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

  • Assert on observable outputs, return values, or state changes
  • Cover error paths and boundary conditions
  • Would catch a behavioral regression if deleted
  • Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

  • Assert on internal function calls (mocking internals)
  • Only test the happy path with typical inputs
  • Break during legitimate refactoring even when behavior is correct
  • Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References: §25046757874

🧪 Test quality analysis by Test Quality Sentinel · ● 409.6K ·

github-actions[bot]
github-actions Bot approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 88/100. Test quality is excellent — 0% of modified tests are implementation tests (threshold: 30%). The test accurately enforces the behavioral contract for the push-repo-memory job condition gate.

@pelikhan pelikhan merged commit bc55a71 into main Apr 28, 2026
41 checks passed
@pelikhan pelikhan deleted the copilot/fix-only-push-repo-memory-on-success branch April 28, 2026 10:13
Copilot AI reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates workflow compilation logic to ensure the push_repo_memory job only runs when the agent job succeeds, preventing incomplete/corrupt repo memory state from being pushed after failures/timeouts.

Changes:

  • Gate push_repo_memory on needs.agent.result == 'success' (instead of != 'skipped') in the compiler.
  • Update unit tests to assert the new condition.
  • Recompile affected workflow lock files to reflect the new gating (plus additional lockfile deltas).
Show a summary per file
File Description
pkg/workflow/repo_memory.go Updates generated push_repo_memory job if: condition to require agent success (with/without threat detection).
pkg/workflow/repo_memory_test.go Updates assertions for the new if: condition.
.github/workflows/workflow-health-manager.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/weekly-blog-post-writer.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/technical-doc-writer.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/security-compliance.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/pr-triage-agent.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/glossary-maintainer.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/firewall-escape.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/discussion-task-miner.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/developer-docs-consolidator.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/delight.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/deep-report.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/daily-testify-uber-super-expert.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/daily-news.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/daily-community-attribution.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/daily-code-metrics.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/daily-cli-performance.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/copilot-token-optimizer.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/copilot-token-audit.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/copilot-session-insights.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/copilot-pr-prompt-analysis.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/copilot-pr-nlp-analysis.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/copilot-cli-deep-research.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/copilot-agent-analysis.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/code-scanning-fixer.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/audit-workflows.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/agentic-optimization-kit.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/agent-performance-analyzer.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/metrics-collector.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/smoke-ci.lock.yml Lockfile regen: push_repo_memory now requires agent success.
.github/workflows/unbloat-docs.lock.yml Lockfile regen plus additional unrelated workflow changes (permissions + MCP CLI mounting).
.github/workflows/tidy.lock.yml Lockfile regen plus additional unrelated workflow changes (permissions + MCP CLI mounting).
.github/workflows/plan.lock.yml Lockfile regen includes permission scope change (adds PR write to activation).
.github/workflows/pdf-summary.lock.yml Lockfile regen includes permission scope change (adds PR write to activation).
.github/workflows/mergefest.lock.yml Lockfile regen includes permission scope change (adds PR write to activation).
.github/workflows/brave.lock.yml Lockfile regen includes permission scope change (adds PR write to activation).
.github/workflows/ace-editor.lock.yml Lockfile regen includes permission scope change (adds PR write to activation).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 38/38 changed files
  • Comments generated: 10

Comment thread .github/workflows/ace-editor.lock.yml
Comment on lines 65 to 70
permissions:
actions: read
contents: read
issues: write
pull-requests: write
outputs:
Comment thread .github/workflows/tidy.lock.yml
Comment on lines +779 to +792
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
env:
MCP_GATEWAY_API_KEY: ${{ steps.start-mcp-gateway.outputs.gateway-api-key }}
MCP_GATEWAY_DOMAIN: ${{ steps.start-mcp-gateway.outputs.gateway-domain }}
MCP_GATEWAY_PORT: ${{ steps.start-mcp-gateway.outputs.gateway-port }}
uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9
with:
script: |
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
setupGlobals(core, github, context, exec, io);
const { main } = require('${{ runner.temp }}/gh-aw/actions/mount_mcp_as_cli.cjs');
await main();
Comment thread .github/workflows/unbloat-docs.lock.yml
Comment on lines 88 to 93
permissions:
actions: read
contents: read
issues: write
pull-requests: write
outputs:
Comment thread .github/workflows/mergefest.lock.yml
actions: read
contents: read
issues: write
pull-requests: write
Comment thread .github/workflows/pdf-summary.lock.yml
actions: read
contents: read
issues: write
pull-requests: write
Comment thread .github/workflows/brave.lock.yml
actions: read
contents: read
issues: write
pull-requests: write
Comment thread pkg/workflow/repo_memory_test.go
Comment on lines 1305 to 1309
assert.Equal(t,
"always() && (!cancelled()) && needs.agent.result != 'skipped'",
"always() && (!cancelled()) && needs.agent.result == 'success'",
pushJob.If,
"Condition should use always() && (!cancelled()) && agent != skipped",
"Condition should use always() && (!cancelled()) && agent == 'success'",
)
Comment thread .github/workflows/tidy.lock.yml
Comment on lines 91 to 96
permissions:
actions: read
contents: read
issues: write
pull-requests: write
outputs:
Comment thread .github/workflows/unbloat-docs.lock.yml
Comment on lines +842 to +855
- name: Mount MCP servers as CLIs
id: mount-mcp-clis
continue-on-error: true
env:
MCP_GATEWAY_API_KEY: ${{ steps.start-mcp-gateway.outputs.gateway-api-key }}
MCP_GATEWAY_DOMAIN: ${{ steps.start-mcp-gateway.outputs.gateway-domain }}
MCP_GATEWAY_PORT: ${{ steps.start-mcp-gateway.outputs.gateway-port }}
uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9
with:
script: |
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
setupGlobals(core, github, context, exec, io);
const { main } = require('${{ runner.temp }}/gh-aw/actions/mount_mcp_as_cli.cjs');
await main();
Comment thread .github/workflows/plan.lock.yml
contents: read
discussions: write
issues: write
pull-requests: write
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Only push repo memory on success

3 participants

@pelikhan