fix: --schedule-seed no longer silently overridden by per-file git-remote detection#31101
Merged
fix: --schedule-seed no longer silently overridden by per-file git-remote detection#31101
--schedule-seed no longer silently overridden by per-file git-remote detection#31101Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…ction - Add repositorySlugLocked bool field to Compiler struct - Add LockRepositorySlug(), IsRepositorySlugLocked(), SetRepositorySlugIfUnlocked() methods - setupRepositoryContext calls LockRepositorySlug() after valid --schedule-seed - compileWorkflowFile uses SetRepositorySlugIfUnlocked() for per-file slug - CompileWorkflowWithValidation uses SetRepositorySlugIfUnlocked() for per-file slug - Add tests in pkg/workflow and pkg/cli Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix bug where --schedule-seed is overridden by git-remote detection
fix: May 9, 2026
--schedule-seed no longer silently overridden by per-file git-remote detection
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes gh aw compile --schedule-seed owner/repo being overridden by per-file git-remote detection by introducing a “locked” repository slug state in the workflow compiler, and updating per-file detection codepaths to respect that lock.
Changes:
- Added repository slug lock state + helper methods on
workflow.Compilerto prevent per-file overrides when--schedule-seedis explicitly provided. - Updated CLI compilation/validation flows to use
SetRepositorySlugIfUnlockedfor per-file git-remote detection. - Added unit tests covering locked/unlocked behavior and the
setupRepositoryContextintegration. - Updated a large set of workflow
.lock.ymlfiles with additional outputs/env and firewall config fields (not described in the PR text).
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/compiler_types.go | Adds repositorySlugLocked state and methods to lock/introspect/conditionally set the repo slug. |
| pkg/workflow/compiler_repository_slug_test.go | Unit tests for the new lock/conditional-set behavior. |
| pkg/cli/compile_compiler_setup.go | Locks the compiler repo slug after applying a valid --schedule-seed. |
| pkg/cli/compile_workflow_processor.go | Switches per-file slug detection to SetRepositorySlugIfUnlocked. |
| pkg/cli/compile_validation.go | Switches per-file slug detection to SetRepositorySlugIfUnlocked. |
| pkg/cli/compile_compiler_setup_test.go | Tests that setupRepositoryContext locks on valid seed and doesn’t lock on invalid/empty. |
| .github/workflows/video-analyzer.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/test-workflow.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/test-project-url-default.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/smoke-opencode.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/smoke-gemini.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/smoke-crush.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/smoke-ci.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/release.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/poem-bot.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/jsweep.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/issue-triage-agent.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/hippo-embed.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/gpclean.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/firewall.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/example-permissions-warning.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/dev.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/daily-malicious-code-scan.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/copilot-token-optimizer.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/code-simplifier.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/changeset.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/brave.lock.yml | Updates workflow outputs/env and threat-detection error handling. |
| .github/workflows/bot-detection.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/ai-moderator.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
| .github/workflows/ace-editor.lock.yml | Updates workflow outputs/env and firewall JSON config payload. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 70/223 changed files
- Comments generated: 5
Comment on lines
90
to
94
| fileRepoSlug := getRepositorySlugFromRemoteForPath(resolvedFile) | ||
| if fileRepoSlug != "" { | ||
| compiler.SetRepositorySlug(fileRepoSlug) | ||
| compiler.SetRepositorySlugIfUnlocked(fileRepoSlug) | ||
| compileWorkflowProcessorLog.Printf("Repository slug for file set: %s", fileRepoSlug) | ||
| } |
Comment on lines
+33
to
38
| // Uses SetRepositorySlugIfUnlocked so that an explicit --schedule-seed flag is never overridden. | ||
| fileRepoSlug := getRepositorySlugFromRemoteForPath(filePath) | ||
| if fileRepoSlug != "" { | ||
| compiler.SetRepositorySlug(fileRepoSlug) | ||
| compiler.SetRepositorySlugIfUnlocked(fileRepoSlug) | ||
| compileValidationLog.Printf("Repository slug for file set: %s", fileRepoSlug) | ||
| } |
Comment on lines
+294
to
+300
| // SetRepositorySlugIfUnlocked sets the repository slug only when it has not been | ||
| // locked via LockRepositorySlug. This is the method per-file git-remote detection | ||
| // should call so that an explicit --schedule-seed flag is never overridden. | ||
| func (c *Compiler) SetRepositorySlugIfUnlocked(slug string) { | ||
| if !c.repositorySlugLocked { | ||
| c.repositorySlug = slug | ||
| } |
Comment on lines
+37
to
+39
| // TestSetupRepositoryContext_InvalidScheduleSeedDoesNotLock verifies that an | ||
| // invalid --schedule-seed value is silently ignored and the slug is NOT locked, | ||
| // allowing per-file git-remote detection to set the slug later. |
Comment on lines
345
to
349
| agentic_engine_timeout: ${{ steps.detect-copilot-errors.outputs.agentic_engine_timeout || 'false' }} | ||
| checkout_pr_success: ${{ steps.checkout-pr.outputs.checkout_pr_success || 'true' }} | ||
| effective_tokens: ${{ steps.parse-mcp-gateway.outputs.effective_tokens }} | ||
| effective_tokens_rate_limit_error: ${{ steps.parse-mcp-gateway.outputs.effective_tokens_rate_limit_error || 'false' }} | ||
| has_patch: ${{ steps.collect_output.outputs.has_patch }} |
Collaborator
|
@copilot review all comments |
- SetRepositorySlugIfUnlocked now delegates to SetRepositorySlug to avoid drift if SetRepositorySlug gains side effects later - Log correctly reflects when a per-file remote slug is ignored due to a locked --schedule-seed vs when it is applied (both processor and validation paths) - Fix test comment: invalid --schedule-seed emits a warning (not silent) before falling back to git remote detection - Revert 217 unrelated .lock.yml changes that were accidentally included in the initial plan commit Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
All four review findings addressed in a0cd623 → latest commit:
Also removed 217 unrelated |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug Fix
What was the bug?
gh aw compile --schedule-seed owner/repohad no effect.setupRepositoryContextset the slug correctly, butcompileWorkflowFileandCompileWorkflowWithValidationboth calledcompiler.SetRepositorySlug(fileRepoSlug)unconditionally for each file, overwriting it with the per-file git-remote-detected value. Fork checkouts always produced scatter values derived from the fork slug instead of the upstream slug.How did you fix it?
Added a lock to the
Compilerso an explicit--schedule-seedcannot be clobbered by per-file detection:pkg/workflow/compiler_types.go— addedrepositorySlugLocked boolfield and three new methods:LockRepositorySlug()— marks the slug as authoritativeIsRepositorySlugLocked() bool— introspectionSetRepositorySlugIfUnlocked(slug string)— delegates toSetRepositorySlugwhen unlocked, no-op when locked; used by per-file detection pathspkg/cli/compile_compiler_setup.go—setupRepositoryContextcallsLockRepositorySlug()immediately after applying a valid--schedule-seedpkg/cli/compile_workflow_processor.goandpkg/cli/compile_validation.go— changedSetRepositorySlug→SetRepositorySlugIfUnlockedin the per-file detection block; logging now distinguishes between a slug being applied vs. ignored due to the lockPer-file detection continues to work unchanged when
--schedule-seedis absent (e.g. compiling a workflow that lives in a different repo than CWD). Only a valid, non-empty seed engages the lock; the invalid-format warning path does not.Testing
pkg/workflow/compiler_repository_slug_test.go— unit tests for the three newCompilermethods covering locked/unlocked transitionspkg/cli/compile_compiler_setup_test.go— tests thatsetupRepositoryContextlocks on a valid seed, does not lock on an invalid/empty seed, and that the locked slug survives a subsequentSetRepositorySlugIfUnlockedcall