Skip to content

Treat gh aw as a first-class runtime with release setup-cli injection, dev source build, and firewall domains#31622

Merged
pelikhan merged 9 commits into
mainfrom
copilot/add-gh-aw-runtime-support
May 12, 2026
Merged

Treat gh aw as a first-class runtime with release setup-cli injection, dev source build, and firewall domains#31622
pelikhan merged 9 commits into
mainfrom
copilot/add-gh-aw-runtime-support

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 12, 2026
edited
Loading

Introduces gh aw as a first-class runtime in workflow compilation, including runtime detection, runtime setup step generation, and runtime-derived firewall domains.

What changed

  • Added gh-aw runtime support under runtimes, including typed frontmatter parsing/serialization.
  • Added gh aw command-pair detection from run: steps.
  • Updated runtime setup behavior:
    • Release mode uses github/gh-aw/actions/setup-cli with versioned setup.
    • Dev mode now builds/installs from checked-out sources (gh extension install .) to match existing dev workflows.
  • Removed mutable @main usage and updated affected lock workflow action references to pinned/immutable refs.
  • Updated runtime and compiler tests to cover both release and dev setup paths and the dev source-install flow.

Validation

  • Ran targeted workflow runtime tests for detection and setup-step generation.
  • Ran final PR validation checks (code review + CodeQL scan).

Copilot AI and others added 2 commits May 12, 2026 03:42
@pelikhan
Add gh-aw runtime detection and setup-cli mapping
8dff4ae 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Address review feedback for gh-aw runtime
8ebbb24 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title Treat gh aw as runtime and emit setup-cli step Treat gh aw as a first-class runtime with auto setup-cli injection and firewall domains May 12, 2026
Copilot AI requested a review from pelikhan May 12, 2026 03:45
pelikhan
pelikhan reviewed May 12, 2026
View reviewed changes
Comment thread pkg/constants/version_constants.go Outdated
const DefaultGoVersion Version = "1.25"

// DefaultGhAWVersion is the default gh-aw CLI version used by runtime setup.
const DefaultGhAWVersion Version = "v0.72.1"
Copy link
Copy Markdown
Collaborator

@pelikhan pelikhan May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot use the compiler version of released, otherwise use the build gh-aw version in dev mode. Look at how gh-aw is inserted currently.

Copy link
Copy Markdown
Contributor Author

Copilot AI May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in 6b03a99. The gh-aw runtime no longer uses a hardcoded default; it now resolves to the current compiler/build version so release builds use the released compiler version and dev builds use the current build version.

Copilot AI and others added 3 commits May 12, 2026 03:52
@pelikhan
Plan for addressing PR review feedback
b9e2ebb 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Use build/compiler version for gh-aw runtime default
0b6c3bc 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Refine gh-aw runtime default version resolution
6b03a99 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI requested a review from pelikhan May 12, 2026 04:05
@pelikhan pelikhan marked this pull request as ready for review May 12, 2026 04:13
Copilot AI review requested due to automatic review settings May 12, 2026 04:13
Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes gh aw a first-class runtime in the workflow compiler: it can be declared under runtimes, is auto-detected from run: steps, and contributes runtime-derived firewall domains. It also updates generated lock workflows to inject github/gh-aw/actions/setup-cli.

Changes:

  • Added a new gh-aw runtime definition and runtime-step generation behavior (including default version resolution).
  • Implemented gh aw (token-pair) command detection and added coverage via new/updated unit tests.
  • Extended typed frontmatter parsing/serialization and firewall runtime→ecosystem domain mapping for gh-aw.
Show a summary per file
File Description
pkg/workflow/runtime_step_generator.go Computes default version for gh-aw at setup-step generation time.
pkg/workflow/runtime_setup_test.go Adds detection test cases for gh aw usage.
pkg/workflow/runtime_gh_aw_test.go New tests for frontmatter parsing/serialization, runtime detection, domains, and setup-step output for gh-aw.
pkg/workflow/runtime_detection.go Adds special-case detection for gh aw token pair and default version helper.
pkg/workflow/runtime_definitions.go Registers gh-aw as a known runtime mapped to github/gh-aw/actions/setup-cli.
pkg/workflow/frontmatter_types.go Adds runtimes.gh-aw to the typed config model.
pkg/workflow/frontmatter_serialization.go Ensures gh-aw is counted and serialized back to map form.
pkg/workflow/frontmatter_parsing.go Adds parsing support for runtimes: { gh-aw: ... }.
pkg/workflow/domains.go Maps gh-aw runtime to a new gh-aw ecosystem for domain expansion.
pkg/workflow/data/ecosystem_domains.json Adds a gh-aw ecosystem domain list.
.github/workflows/static-analysis-report.lock.yml Updates locked workflow to include setup-cli injection and manifest entry.
.github/workflows/copilot-token-optimizer.lock.yml Updates locked workflow to include setup-cli injection and manifest entry.
.github/workflows/copilot-token-audit.lock.yml Updates locked workflow to include setup-cli injection and manifest entry.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 13/13 changed files
  • Comments generated: 4

Comment thread pkg/workflow/runtime_definitions.go
Comment on lines +92 to +99
ID: "gh-aw",
Name: "gh-aw CLI",
ActionRepo: "github/gh-aw/actions/setup-cli",
ActionVersion: "main",
VersionField: "version",
// Default version is computed at generation time from the current gh-aw build.
DefaultVersion: "",
Commands: []string{"gh-aw"},
Comment thread .github/workflows/static-analysis-report.lock.yml Outdated
Comment on lines +442 to +445
- name: Setup gh-aw CLI
uses: github/gh-aw/actions/setup-cli@main
with:
version: 'v0.72.1'
Comment thread .github/workflows/copilot-token-optimizer.lock.yml Outdated
Comment on lines +406 to +409
- name: Setup gh-aw CLI
uses: github/gh-aw/actions/setup-cli@main
with:
version: 'v0.72.1'
Comment thread .github/workflows/copilot-token-audit.lock.yml Outdated
Comment on lines +437 to +440
- name: Setup gh-aw CLI
uses: github/gh-aw/actions/setup-cli@main
with:
version: 'v0.72.1'
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 12, 2026

@copilot review all comments

@pelikhan
Pin gh-aw setup-cli refs in lock workflows
23fe371 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 12, 2026

@copilot review all comments

Addressed the actionable review feedback in 23fe371:

  • gh-aw runtime no longer uses setup-cli@main in runtime definitions (v0.72.1 now).
  • Updated the three lock workflows to use immutable SHA-pinned github/gh-aw/actions/setup-cli refs.

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 12, 2026

@copilot in dev mode, the compiler should inject the code to build gh-aw from sources like in other jobs.

Copilot AI and others added 3 commits May 12, 2026 04:56
@pelikhan
Build gh-aw runtime from source in dev mode
5c41aa9 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Strengthen dev-mode gh-aw runtime test assertions
78e817d 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Cover gh-aw version check in dev runtime test
29dbdfe 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 12, 2026

@copilot in dev mode, the compiler should inject the code to build gh-aw from sources like in other jobs.

Addressed in 5c41aa9 (with test follow-ups in 78e817d and 29dbdfe). In dev mode, gh-aw runtime setup now builds/installs from checked-out sources via gh extension install . instead of using setup-cli release installation.

Copilot AI changed the title Treat gh aw as a first-class runtime with auto setup-cli injection and firewall domains Treat gh aw as a first-class runtime with release setup-cli injection, dev source build, and firewall domains May 12, 2026
@github-actions github-actions Bot mentioned this pull request May 12, 2026
Closed
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 12, 2026

@copilot recompile

@pelikhan pelikhan merged commit 86ff05e into main May 12, 2026
1 check failed
@pelikhan pelikhan deleted the copilot/add-gh-aw-runtime-support branch May 12, 2026 13:48
Copilot stopped work on behalf of pelikhan due to an error May 12, 2026 13:49
The session was cancelled by the user.
@github-actions github-actions Bot mentioned this pull request May 13, 2026
Closed
6 tasks
Copilot AI mentioned this pull request May 13, 2026
Merged
@github-actions github-actions Bot mentioned this pull request May 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan