shared/apm.md: align with canonical microsoft/apm source (v1.5.0)#29002
shared/apm.md: align with canonical microsoft/apm source (v1.5.0)#29002
Conversation
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6a3cbe37-4f87-4226-96f3-60f64f1231f5 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
@daneilmeppiel |
|
💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...] |
|
🚀 Smoke OpenCode MISSION COMPLETE! OpenCode delivered. 🔥 |
|
|
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
🤖 *Beep boopecho BEGIN___COMMAND_OUTPUT_MARKER ; PS1= ; PS2= ; unset HISTFILE ; EC=0 ; echo ___BEGIN___COMMAND_DONE_MARKER___0 ; } The smoke test agent was here, running tests and checking vibes. All systems nominal! The lockfile stats look impressively thorough — 204 workflows analyzed with 100% concurrency adoption? That's some serious engineering discipline. 🎉
|
|
Smoke Test Results for run §25084493569 1 GitHub MCP ✅ | 2 MCP Scripts GH ✅ | 3 Serena ✅ | 4 Playwright ✅ | 5 Web Fetch ✅ | 6 File Write ✅ | 7 Bash ✅ | 8 Discussion ✅ | 9 Build ✅ | 10 Artifact ✅ | 11 Discussion Create ✅ | 12 Haiku ✅ | 13 PR Review ✅ | 14 Comment Memory ✅ Overall: ✅ PASS —
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Note 🔒 Integrity filter blocked 1 itemThe following item was blocked because it doesn't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | none
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Smoke test review: The APM shared workflow update looks clean. The updated comments improve documentation clarity. No blocking issues found.
📰 BREAKING: Report filed by Smoke Copilot · ● 1.3M
|
Commit pushed:
|
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
Hey
If you'd like a hand, you can assign this prompt to your coding agent:
|
… directory Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6b0c5ef5-4cf9-4e3c-a421-d0136c96cc8a Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Fixed in 7d59310. Two changes:
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
🚀 Smoke OpenCode MISSION COMPLETE! OpenCode delivered. 🔥 |
|
|
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
|
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
|
Smoke Codex 25087942768: FAIL Warning Firewall blocked 2 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "ab.chatgpt.com"
- "chatgpt.com"See Network Configuration for more information.
|
|
Smoke Test Results for PR #29002 (
Overall: PASS ✅ | cc
|
|
🤖 BEEP BOOP — The smoke test agent swooped in, ran 13 tests, built some Go binaries, dispatched haikus into the void, and left no test unturned! If you are reading this, it means everything went swimmingly. 🏊♂️✨ The robots are (mostly) in charge now.
|
There was a problem hiding this comment.
Smoke test review: PR looks good. Upgrades APM action to v1.5.0 with multi-bundle restore support. Two minor suggestions left inline.
📰 BREAKING: Report filed by Smoke Copilot · ● 1.4M
| "gh-aw": patch | ||
| --- | ||
|
|
||
| Updated the shared APM workflow to use `microsoft/apm-action` v1.5.0 with multi-bundle restore and optional GitHub App credential groups. |
There was a problem hiding this comment.
✅ Good changeset entry — clearly describes the APM action upgrade and the new features it enables.
| @@ -2,162 +2,342 @@ | |||
| # APM (Agent Package Manager) - Shared Workflow | |||
| # Install Microsoft APM packages in your agentic workflow. | |||
There was a problem hiding this comment.
Consider adding an inline comment explaining the v1.4.2 to v1.5.0 upgrade rationale for future maintainers.
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
💥 Smoke Test Run 25087942760 — ResultsCore Tests (#1–12): ✅✅✅✅✅✅✅✅✅❌✅✅ Overall: PARTIAL (test #10 Agentic Workflows MCP failed; #16 and #19 skipped — no threads/safe PR)
Note 🔒 Integrity filter blocked 1 itemThe following item was blocked because it doesn't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | none
|
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Aligns the vendored shared/apm.md workflow with the canonical microsoft/apm version (v1.5.0), adding multi-bundle restore and support for GitHub App credential groups, and updates docs/locks accordingly.
Changes:
- Updates the shared APM workflow to
microsoft/apm-action@v1.5.0, introducing anapm-prepmatrix fan-out and multi-bundle restore (bundles-file). - Updates the
smoke-claude.lock.ymlmanifest to reflect the new action pin and additional action usage. - Expands dependency documentation to clarify vendoring, canonical source, and deprecations.
Show a summary per file
| File | Description |
|---|---|
docs/src/content/docs/reference/dependencies.md |
Documents shared/apm.md provenance and clarifies deprecations/canonical source. |
.github/workflows/smoke-claude.lock.yml |
Updates pinned action SHAs/versions and reflects new APM prep + multi-bundle restore flow. |
.github/workflows/shared/apm.md |
Replaces the shared APM workflow with the v1.5.0 canonical structure (prep + matrix pack + bundles-file restore). |
.changeset/patch-align-shared-apm.md |
Adds a patch changeset describing the APM workflow alignment. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (1)
.github/workflows/shared/apm.md:1
- The
apm-prepjob is emittingmatrix={\"group\":$groups}as a job output, andgroupsincludesprivate-keyvalues (either from top-levelprivate-keyorapps[].private-key). Job outputs/matrix data are not a safe channel for secrets and can be inadvertently exposed (e.g., later echoed, included in debug output, or surfaced via workflow metadata). Fix by ensuring the computed matrix output contains only non-secret fields (e.g.,id,owner,repositories,packages) and retrieve the private key in theapmjob directly from the original import inputs at runtime (or restructure to avoid passing secret material through outputs/matrix).
---
- Files reviewed: 4/4 changed files
- Comments generated: 3
| # SAFE: emit only id + package-count to logs. Never $groups in full. | ||
| { | ||
| echo "matrix={\"group\":$groups}" | ||
| } >> "$GITHUB_OUTPUT" |
There was a problem hiding this comment.
The apm-prep job is emitting matrix={\"group\":$groups} as a job output, and groups includes private-key values (either from top-level private-key or apps[].private-key). Job outputs/matrix data are not a safe channel for secrets and can be inadvertently exposed (e.g., later echoed, included in debug output, or surfaced via workflow metadata). Fix by ensuring the computed matrix output contains only non-secret fields (e.g., id, owner, repositories, packages) and retrieve the private key in the apm job directly from the original import inputs at runtime (or restructure to avoid passing secret material through outputs/matrix).
| - name: Pack APM packages | ||
| id: apm_pack | ||
| if: steps.apm_cache.outputs.cache-hit != 'true' | ||
| uses: microsoft/apm-action@v1.4.2 | ||
| id: pack | ||
| uses: microsoft/apm-action@v1.5.0 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GH_AW_PLUGINS_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| GITHUB_TOKEN: ${{ steps.token.outputs.token || secrets.GH_AW_PLUGINS_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| with: | ||
| dependencies: ${{ steps.apm_prep.outputs.deps }} | ||
| dependencies: ${{ steps.list.outputs.deps }} | ||
| isolated: 'true' | ||
| pack: 'true' | ||
| archive: 'true' | ||
| target: all | ||
| working-directory: /tmp/gh-aw/apm-workspace |
There was a problem hiding this comment.
This workflow still passes the deprecated dependencies: input into microsoft/apm-action@v1.5.0, which conflicts with the PR description and the updated docs stating the action-level dependencies: input is deprecated in favor of packages:/apps:. To align behavior and reduce future breakage if dependencies: is removed, update the pack invocation to use the supported inputs (ideally passing matrix.group.packages via the action’s packages: input) and drop the YAML-list rendering step if it’s no longer needed.
| echo "::error::shared/apm.md import provided no packages. Add packages: <list>, single-app inputs (app-id + private-key), or apps: <list> in the with: block." | ||
| exit 1 | ||
| fi | ||
|
|
There was a problem hiding this comment.
The validation only checks that there is at least one credential group, but it does not verify that each group has a non-empty packages list. This allows configurations like app-id set with no packages, or apps: [...] entries with empty packages, which will later produce an empty dependency list and can lead to no-op/failed pack runs and confusing downstream restore errors. Add a validation step after groups is computed to fail fast if any group has packages missing/empty (and ideally report the offending group id).
| invalid_package_groups=$(echo "$groups" | jq -r '[.[] | select((.packages | type) != "array" or (.packages | length) == 0) | (.id // "<unknown>")] | join(", ")') | |
| if [ -n "$invalid_package_groups" ]; then | |
| echo "::error::apm credential group(s) missing packages or with an empty packages list: $invalid_package_groups. Ensure each group defines at least one package." | |
| exit 1 | |
| fi |
Picks up the AW_APM_PACKAGES JSON-array fix from gh-aw v0.71.2 (shared/apm.md realignment in github/gh-aw#29002), which caused the PR Review Panel run on PR #1042 to fail at the 'Validate downloaded bundles match matrix manifest' step. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…loses #722) (#1042) * fix(marketplace): address PR #1038 review comments + docs refresh Twelve findings from the copilot-pull-request-reviewer pass on PR #1038. Code fixes (in src/): - Remove unused DEPRECATION_MESSAGE import in commands/marketplace.py - Remove unused LOCAL_SOURCE_RE import in marketplace/yml_editor.py - _has_marketplace_block() now raises MarketplaceYmlError on YAML parse errors and OS read errors instead of swallowing them as 'no config' -- fixes a misleading message on malformed apm.yml. - migrate_marketplace_yml() validates that apm.yml round-trips to a mapping; empty apm.yml now treated as an empty mapping (CommentedMap) so the marketplace block can still be inserted. - _is_apm_yml_with_marketplace() now requires the marketplace value itself to be a mapping; previously a non-dict value would crash _get_marketplace_container() callers on .get() access. - 'apm marketplace init' applies the same empty-vs-non-mapping guard on apm.yml round-trip; non-mapping top level is a hard error, empty file is treated as an empty mapping. - 'apm init --marketplace' no longer derives marketplace owner from the project name (which produced misleading github.com/<project> URLs); the template's acme-org placeholder is used instead. - _check_gitignore_for_marketplace_json warning text refreshed: 'Both apm.yml and the generated marketplace.json must be tracked'. - Renamed test_source_dot_traversal to test_local_source_accepted (the behavior changed at fold time). - init_template.py module docstring now describes both renderers. - test_apm_yml_marketplace_loader.py docstring corrected: strict-key enforcement is inside the marketplace block only. Regression tests (tests/unit/marketplace/test_review_fixes.py, +12): - malformed apm.yml surfaces a clear MarketplaceYmlError - migrate rejects list/scalar top level, accepts empty file - _is_apm_yml_with_marketplace rejects non-mapping marketplace values - 'apm marketplace init' rejects non-mapping apm.yml, accepts empty Docs (delivered by doc-writer agent): - Full rewrite of docs/src/content/docs/guides/marketplace-authoring.md around the apm.yml block; cites microsoft/azure-skills as the byte-for-byte build proof. Adds local-path packages section and a migration section. - One-line fix in guides/marketplaces.md (marketplace.yml -> apm.yml). - reference/cli-commands.md: rewrote init/build/outdated/check/doctor blurbs, added 'apm marketplace migrate' reference, added '--marketplace' flag to 'apm init' options/examples. - reference/manifest-schema.md: added optional 'marketplace:' to the top-level shape with a pointer to the authoring guide. - packages/apm-guide/.apm/skills/apm-usage/commands.md and package-authoring.md: refreshed authoring tables and shape; called out experimental gate and deprecation. - CHANGELOG.md: Added/Changed/Deprecated entries under [Unreleased] citing #1038. Validation: - 6757 unit tests pass (6745 prior + 12 new regression). - Real-world build proof: cloned microsoft/azure-skills, appended a marketplace: block to its apm.yml derived from the hand-authored marketplace.json, ran 'apm marketplace build', and diffed -- byte- for-byte identical (sha256 02f76bfc...). Closes review of #1038. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: recompile gh-aw workflows to v0.71.2 Picks up the AW_APM_PACKAGES JSON-array fix from gh-aw v0.71.2 (shared/apm.md realignment in github/gh-aw#29002), which caused the PR Review Panel run on PR #1042 to fail at the 'Validate downloaded bundles match matrix manifest' step. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(marketplace): address remaining 4 review-bot comments on PR #1038 - migration.py: wrap ruamel apm.yml load; raise typed MarketplaceYmlError("apm.yml is malformed: ...") instead of leaking ruamel.yaml.YAMLError to the caller. Mirrors the existing legacy marketplace.yml error path. - init.py: when 'apm init --marketplace' is invoked but the marketplace_authoring experimental flag is disabled, append the block (option b -- lower friction, harmless if unused) and emit a CommandLogger.warning() pointing at the flag name and enablement command. - yml_editor.py: add 'data: object' type hint to _is_apm_yml_with_marketplace() to satisfy the project-wide type-hint requirement. - CHANGELOG.md: condense Unreleased marketplace entries to one line per entry per Keep a Changelog convention; strip nested bullets and prose. Tests: - test_migrate_with_malformed_apm_yml_raises_typed_error - TestInitMarketplaceFlagWarnsWhenExperimentalDisabled ::test_warns_with_experimental_flag_name Full unit suite: 6759 passed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(marketplace): teach unified 'apm pack' workflow - Rewrite marketplace authoring guide to use 'apm pack' and the apm.yml marketplace: block as the single source of truth. - Update CLI command reference: remove 'apm marketplace build' entry, refresh 'apm pack' flag table, refresh 'apm marketplace init'. - Update apm-usage skill (commands.md) to match. - Remove all references to the marketplace_authoring experimental flag. Closes part of #722. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(pack): unify apm pack to produce bundle and marketplace.json Reads apm.yml and detects which artifacts to produce based on the presence of 'dependencies:' (bundle) and 'marketplace:' (marketplace.json) blocks. A single 'apm pack' invocation now replaces the legacy 'apm marketplace build' subcommand. Changes: - New BuildOrchestrator (src/apm_cli/core/build_orchestrator.py) with pluggable ArtifactProducer protocol and BundleProducer + MarketplaceProducer implementations. - pack command gains --offline, --include-prerelease, and --marketplace-output flags. Help text documents exit codes. - 'apm marketplace build' is hard-removed: invoking it exits 2 with a one-line migration message. - 'marketplace_authoring' experimental flag deleted (GA). - 'apm marketplace init' and 'apm init --marketplace' next-step hints now point at 'apm pack'. - 'apm marketplace publish' error wording updated. - New tests: 14 orchestrator unit tests, 9 pack integration tests, and one byte-for-byte snapshot test against microsoft/azure-skills@bef1f05 (sha256 02f76bfc0e5bbf7fdf1de1dda1f84c4da6e986913b6647973c0ffe39c1d5003b). - Stale tests removed: test_marketplace_build.py, test_marketplace_gating.py, and the marketplace_authoring experimental-flag class. - CHANGELOG updated under Added / Changed / Removed. Validation: - 6706 unit + console tests pass (uv run pytest tests/unit tests/test_console.py) - 10 new integration tests pass - azure-skills snapshot proof matches byte-for-byte Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(changelog): condense apm pack entry to one line Per copilot-pull-request-reviewer comment on PR #1042: Keep a Changelog entries should be one concise line per PR. The previous entry (418 chars, multi-clause) is condensed to 165 chars matching the convention. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The vendored
shared/apm.mdwas pinned toapm-action@v1.4.2and used the deprecateddependencies:input, silently missing multi-org GitHub App auth and the modern multi-bundle restore path introduced in v1.5.0..github/workflows/shared/apm.md(Option A — canonical replacement)microsoft/apm-action@v1.4.2→v1.5.0apm-prepjob normalisespackages:, single-app shorthand, andapps:[]into a credential-group matrix; theapmjob fans out one replica per group, each minting its own installation token whenapp-idis setimport-schemainputs:app-id,private-key,owner,repositories(single-app shorthand) andapps:[](cross-org); all optional and additive — existing consumers that only passpackages:are unaffectedbundles-file:replaces the singlebundle:path; includes a manifest-validation step that defends against same-run artifact-name collisionSource of truth:/apm-action pin:) added for drift detectionpre-agent-steps:(notsteps:) to execute after the base-branch folder restore in PR workflows, preventing clobbering of APM-installed skillsAll 204 workflows recompiled cleanly;
smoke-claude.lock.ymlnow pinsmicrosoft/apm-action@454b8a1(v1.5.0).docs/src/content/docs/reference/dependencies.mdshared/apm.mdcomes from" section clarifies that it is a local vendor file, not a remote import, and provides acurlone-liner to fetch the canonical copydependencies:field and theapm-action-leveldependencies:input (deprecated in favour ofpackages:/apps:)microsoft/apmWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw(http block)/usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name 64/pkg/tool/linux_amd64/compile ./../.prettieriggit b/gh-aw/actions/rev-parse nfig/composer/ve--show-toplevel 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh repo view owner/repo --no�� _.a git cfg l-apm(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name on' --ignore-path ../../../.prettierignore remote.origin.url k.yml(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --get remote.origin.url /usr/bin/git tdrain.test 510110/b021/vet.rev-parse x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git "prettier" --wrinode bash 64/pkg/tool/linuinstall git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv 1048-16996/test-3472171347 -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git rev-�� --show-toplevel -tests /usr/bin/git .js' --ignore-pagit show x_amd64/vet git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv "prettier" --wri--workflow tmain.go ache/go/1.25.8/x--limit rror(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel rtcfg /usr/bin/git 1048-16996/test-tr 510110/b241/vet.\n ache/go/1.25.8/x: git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git agent-persona-exgit 510110/b070/_tesrev-parse 1/x64/bin/node git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git /tmp/gh-aw-test-git remote 510110/b449/vet.--show-toplevel git rev-�� --show-toplevel git /usr/bin/git /tmp/gh-aw-test-git config /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --verify main repository(owner: $owner, name: $name) { hasDiscussionsEnabled } }(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --verify main repository(owner: $owner, name:-f(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 510110/b427/_pkggit /tmp/go-build287log 510110/b427=> git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git 618n/6K3JL8ddMPogit -buildtags /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.github/workflows(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ithub/workflows origin repository(owner: $owner, name: $name) { hasDiscussionsEnabled } }(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ithub/workflows --log-level ./gh-aw --log-target journal-or-kmsg(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv REDACTED.os 64/pkg/tool/linurev-parse 510110/b471/vet.cfg te 'scripts/**/*git cfg 64/pkg/tool/linu--show-toplevel /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /tmp/go-build287510110/b469/workflow.test edOutput27633422git on ache/go/1.25.8/x--show-toplevel /tmp/go-build287510110/b469/workflow.test(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv BHBh/Mm0ui0x2Iv4Z-LYbBHBh remote.origin.url clusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle ../pkg/workflow/git 90 x_amd64/compile git 5101�� --show-toplevel 510110/b459/_testmain.go /tmp/go-build287510110/b456/timeutil.test k/gh-aw/gh-aw(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv RaC4/5CI_wxKiMnB8mJ2ARaC4 64/pkg/tool/linux_amd64/vet /usr/bin/infocmp te 'scripts/**/*git cfg 64/pkg/tool/linu--show-toplevel infocmp 5101�� xterm-color 510110/b469/_testmain.go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link /home/REDACTED/worgit on ache/go/1.25.8/x--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --verify ithub/workflows/smoke-claude.lock.yml 1/x64/bin/bash(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv mplied -buildtags /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -errorsas set -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linuremote.origin.url -ato�� licyBlockedUsersExpressionCompiledOutput2763342210/001 -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_repos=pub@{u} rev-parse test graphql -f /usr/bin/git test Enve�� /tmp/TestHashConsistency_GoAndJavaScript53306925base (original) git /usr/bin/git k/gh-aw/gh-aw/.ggit config x_amd64/vet git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq [.object.sha, .object.type] | @tsv --local user.email r: $owner, name: $name) { hasDiscussionsEnabled } }(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv --show-toplevel git $name) { hasDiscussionsEnabled } } --show-toplevel 64/pkg/tool/linu--norc /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --git-dir 64/pkg/tool/linu-C /usr/bin/sh git(http block)/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcache/node/24.14.1/x64/bin/node /usr/bin/git github.repositorbash x_amd64/vet /usr/bin/git git runs�� --show-toplevel git /usr/bin/git bash 64/pkg/tool/linuapi /usr/lib/git-corgraphql git(http block)https://api.github.com/repos/github/gh-aw/usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch z|lzo))?$(http block)/usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch --show-toplevel git r: $owner, name: $name) { hasDiscussionsEnabled } } --show-toplevel git /usr/bin/git git show�� 5f8c66299d6a6fee8c8d46b81a0624ceff260d2a:.github/workflows/smokeremote.origin.url :latest r: $owner, name: $name) { hasDiscussionsEnabled } } --show-toplevel ache/node/24.14.-C /usr/bin/git head(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel xf9qL--/YcBrNqCW-tests /usr/bin/git te 'scripts/**/*git config 64/pkg/tool/linu--show-toplevel /usr/bin/git remo�� -v 64/pkg/tool/linuremote.origin.url /usr/bin/git ithout_min-integgit go cfg git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyBlockedUsersApprovalLabelsCompiledOutput3355478700/001 remote /usr/bin/git ted/golang/pkg/fgit show x_amd64/vet git -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /usr/bin/git ithub/workflows config x_amd64/vet git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyBlockedUsersApprovalLabelsCotest-logs/run-4 rev-parse /usr/bin/git ./../pkg/workflogit rev-parse x_amd64/vet git -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse ache/node/24.14.1/x64/bin/node ithub/workflows(http block)https://api.github.com/repos/github/gh-aw/actions/runs/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-22 --local DiscussionsEnabluser.name 22/xQe5f0wJO56wlTest User imag�� ed-imports-enabled-with-body-content.md mcp/arxiv-mcp-server 64/pkg/tool/linux_amd64/vet get --local r: $owner, name:user.name 64/pkg/tool/linuTest User(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-03-30 --local tnet/tools/bash x_amd64/link -1 te '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pret.prettierignore cfg 64/pkg/tool/linux_amd64/vet get --local 64/bin/bash 7z/4P7r8Nx30lqcg-1(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-01-29 --local(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name rev-parse cfg --local core.hooksPath $name) { has--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/pkg/parser/import_cycle_test.go(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 on 64/pkg/tool/linux_amd64/compile /../../.prettiergit erignore cal/bin/bash 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name om/davecgh/go-spew@v1.1.1/spew/common.go 64/pkg/tool/linux_amd64/link --local commit.gpgsign ode-gyp-bin/nodeuser.name 64/pkg/tool/linuTest User --no�� tants.test git rtcfg.link FETCH_HEAD^{commgit rd/go-difflib/direv-parse repository(owne--show-toplevel D1vb8bV6YvrCyz0kYU/UimiJ_lt2omPM-trimpath(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 config test remote.origin.urgit core.hooksPath $name) { has--show-toplevel test stlo�� se 510110/b175/vet.cfg cfg l-apm(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name -f 64/pkg/tool/linu-importcfg -f owner=github -f 64/pkg/tool/linutest@example.com -30 510110/b081/_pkg_.a git cfg FETCH_HEAD^{commgit /testdeps /usr/bin/head ache/go/1.25.8/x64/pkg/tool/linu-dwarf=false(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 cfg 64/pkg/tool/linux_amd64/vet --local commit.gpgsign rgo/bin/bash 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name rev-parse ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --local core.hooksPath /home/REDACTED/.do--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --no�� --noprofile git cfg l-apm(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 on ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /../../.prettiergit erignore /home/REDACTED/wor--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name config cfg remote.origin.urgit core.hooksPath repository(owner: $owner, name:xterm-color ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 on ache/go/1.25.8/x64/pkg/tool/linu-nolocalimports /../../.prettiergit erignore r: $owner, name:--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu/tmp/go-build287510110/b431/_testmain.go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name config cfg remote.origin.urgit core.hooksPath /usr/local/sbin/--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu--jq --no�� --noprofile git k l-apm k/gh-aw/gh-aw/pk/tmp/test-expr-2121545787.js repository(owneinputs.version ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 on 64/pkg/tool/linux_amd64/link /../../.prettiergit erignore n-dir/git 64/pkg/tool/linux_amd64/link(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name cfg cfg --local core.hooksPath k/_temp/uv-pytho--show-toplevel ylQP4Z8/vCNYLdc7D8RXanEmFBss --no�� --noprofile git ache/go/1.25.8/x64/pkg/tool/linu-nilfunc l-apm(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 on cfg /../../.prettiergit erignore $name) { has--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu-importcfg(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --show-toplevel(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 gpg.program erignore 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md/tmp/go-build287510110/b404/cli.test /tmp/go-build287510110/b404/cli.test -test.testlogfile=/tmp/go-build287510110/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url /usr/bin/git ace-editor.md 99eb428b eutil.test git rev-�� --show-toplevel eutil.test /usr/bin/git k/gh-aw/gh-aw /tmp/go-build287-k e/git git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv se 510110/b118/vet.cfg not-exist-xyzzy.txt **/*.ts **/*.json --ignore-path ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv es-file\|v1.5.0\-test.timeout=10m0s ithub/workflows/-test.run=^Test x_amd64/vet -f owner=github -f x_amd64/vet 1639�� k/gh-aw/gh-aw/.github/workflows -f x_amd64/vet l owner=github DiscussionsEnabl/repos/actions/github-script/git/ref/tags/v9 x_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.g-c=4 show x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw config x_amd64/vet remote.origin.urgit ler_yaml_main_jo-C $name) { has/tmp/gh-aw-test-runs/20260429-001048-16996/test-179725314/.github/workflows x_amd64/vet 1639�� k/gh-aw/gh-aw/.github/workflows(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv graphql _job_builder.go x_amd64/vet _jobs_test.go _simple_test.go test.go x_amd64/vet 1/x6�� esteps_test.go .go x_amd64/vet validation_test.git ions_test.go s_test.go x_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv inspect ghcr.io/github/sgithub.com/github/gh-aw/pkg/semverutil x_amd64/vet(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv se 510110/b122/vet.cfg k **/*.ts **/*.json --ignore-path ache/go/1.25.8/x64/pkg/tool/linuconfig sRem�� se 510110/b250/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet tierignore(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --verify main /usr/bin/bash ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo -importcfg /tmp/go-build287510110/b430/importcfg -embedcfg /tmp/go-build287510110/b430/embedcfg -pack -C ../pkg/workflow/-errorsas show x_amd64/compile(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo sh --stats(http block)/usr/bin/gh gh workflow list --repo owner/repo --json name,path,state rtcfg.link FETCH_HEAD^{commgit rd/go-difflib/direv-parse repository(owne--show-toplevel D1vb8bV6YvrCyz0kYU/UimiJ_lt2omPM-trimpath(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name on' --ignore-path ../../../.prettierignore(http block)https://api.github.com/repos/test/repo/usr/bin/gh gh api /repos/test/repo --jq .default_branch _.a 510110/b047/vet.cfg k --noprofile er_test r: $owner, name:--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet sRem�� uypkflb2T bash ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet tierignore(http block)If you need me to access, download, or install something from one of these locations, you can either:
Changeset
microsoft/apm-actionv1.5.0 with multi-bundle restore and optional GitHub App credential groups.Warning
Firewall blocked 2 domains
The following domains were blocked by the firewall during workflow execution:
ab.chatgpt.comchatgpt.comSee Network Configuration for more information.
✨ PR Review Safe Output Test - Run 25087942760
Note
🔒 Integrity filter blocked 1 item
The following item was blocked because it doesn't meet the GitHub integrity level.
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".To allow these resources, lower
min-integrityin your GitHub frontmatter: