Bump default AWF firewall to v0.25.49 and refresh compiled lockfiles#33124
Conversation
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Bumps the default AWF firewall version from v0.25.46 to v0.25.49 and refreshes all compiled workflow lockfiles to match.
Changes:
- Updated
DefaultFirewallVersionconstant inpkg/constants/version_constants.gotov0.25.49. - Regenerated all
.github/workflows/*.lock.ymlartifacts so manifests, image tags, AWF install args, and schema URLs reference0.25.49. - Added a patch changeset entry documenting the bump.
Show a summary per file
| File | Description |
|---|---|
| pkg/constants/version_constants.go | Updates DefaultFirewallVersion to v0.25.49. |
| .changeset/patch-upgrade-awf-firewall-v0-25-49.md | Adds patch changeset for the AWF default-version bump. |
| .github/workflows/*.lock.yml (17 files) | Regenerated lockfiles updating firewall container tags, AWF binary install args, schema URLs, and GH_AW_INFO_AWF_VERSION from 0.25.46 to 0.25.49. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 65/233 changed files
- Comments generated: 0
|
@copilot merge main |
…-to-v02549 # Conflicts: # .github/workflows/pr-sous-chef.lock.yml Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Merged |
|
|
|
✅ Smoke OTEL completed successfully! |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ Caution agentic threat detected |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
|
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
|
Caution agentic threat detected Smoke Test Results
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Smoke Codex 26058026452: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
💥 Smoke Test: Claude — Run §26058026496Core (#1–#12): ✅✅✅✅✅✅✅✅✅✅✅✅ Overall: Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · ● 4.7M
| @@ -0,0 +1,5 @@ | |||
| --- | |||
| "gh-aw": patch | |||
There was a problem hiding this comment.
📝 Smoke test review comment: changeset header looks correct — gh-aw: patch is the right semver bump for a default version bump.
| "gh-aw": patch | ||
| --- | ||
|
|
||
| Bumped the default AWF firewall version to `v0.25.49`. |
There was a problem hiding this comment.
✅ Smoke test review comment: changeset summary clearly states the firewall version bump — nice and explicit.
|
🎉 Smoke test run §26058026329 says hello! All systems green — Copilot, Serena, Playwright, builds. The robots are thriving! 🤖✨ Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
|
🎊 Hello from the smoke test run §26058026329! All tests passed with flying colors. The agents are dancing, the builds are green, and the robots are celebrating. 🤖🎉 Thanks for being a great test subject, discussion! Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Smoke test review: Lock file bump to v0.25.49 looks clean. New checkout config with full PR ref fetching is a good improvement for diff-based workflows. No concerns.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · ● 13.7M
| @@ -1,5 +1,5 @@ | |||
| # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"20e519f90372e13b267ae10e1b57c90bd77480dee8f18c90ebe1c3905b354311","compiler_version":"v0.74.4","strict":true,"agent_id":"copilot","agent_model":"gpt-5-mini"} | |||
There was a problem hiding this comment.
Lock file correctly bumped to gh-aw-firewall v0.25.49 across all container images. The compiler_version field is a new addition — nice for traceability.
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
This updates gh-aw’s default AWF firewall version from
v0.25.46tov0.25.49and regenerates compiled workflow lock artifacts so runtime manifests and embedded AWF references stay aligned with the new default.Version pin update
pkg/constants/version_constants.go:DefaultFirewallVersion→v0.25.49AWF*MinVersion) unchanged.Compiled workflow artifact refresh
.github/workflows/*.lock.yml) so generated AWF install args, schema URLs, and firewall container image tags now resolve to0.25.49.Release metadata
✨ PR Review Safe Output Test - Run 26058026496
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.