diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 35f1e84b40c..6f775f43f1d 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -293,14 +293,7 @@ jobs: cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md" cat << 'GH_AW_PROMPT_91fe8aae6055ab71_EOF' - ## Required secrets - Consumers of this shared import must provision the following secrets: - - - `GH_AW_OTEL_SENTRY_ENDPOINT` - - `GH_AW_OTEL_SENTRY_AUTHORIZATION` - - `GH_AW_OTEL_GRAFANA_ENDPOINT` - - `GH_AW_OTEL_GRAFANA_AUTHORIZATION` **Important**: If no action is needed after completing your analysis, you **MUST** call the `noop` safe-output tool with a brief explanation. Failing to call any safe-output tool is the most common cause of safe-output workflow failures. @@ -1533,18 +1526,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.9' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_2b471e1ca10b10bf_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_1ae4483e68d98839_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_2b471e1ca10b10bf_EOF + GH_AW_MCP_CONFIG_1ae4483e68d98839_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_ac47dac027aa3430_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_0ec5eb31b5d4f073_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1555,11 +1548,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_ac47dac027aa3430_EOF + GH_AW_MCP_CONFIG_0ec5eb31b5d4f073_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_11b9b7eddbb9712f_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_7886b9c516916e52_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1569,7 +1562,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_11b9b7eddbb9712f_EOF + GH_AW_CODEX_SHELL_POLICY_7886b9c516916e52_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } diff --git a/.github/workflows/design-decision-gate.lock.yml b/.github/workflows/design-decision-gate.lock.yml index 2f16f2869d5..d433e109a87 100644 --- a/.github/workflows/design-decision-gate.lock.yml +++ b/.github/workflows/design-decision-gate.lock.yml @@ -64,6 +64,8 @@ on: # names: # Label filtering applied via job conditions # - implementation # Label filtering applied via job conditions types: + - ready_for_review + - review_requested - labeled workflow_dispatch: inputs: diff --git a/.github/workflows/shared/datadog.md b/.github/workflows/shared/datadog.md index 38e700fb809..15fc70fef3d 100644 --- a/.github/workflows/shared/datadog.md +++ b/.github/workflows/shared/datadog.md @@ -12,9 +12,11 @@ observability: DD-API-KEY: ${{ secrets.GH_AW_OTEL_DATADOG_API_KEY || secrets.DD_API_KEY }} --- + diff --git a/.github/workflows/shared/grafana.md b/.github/workflows/shared/grafana.md index 2e5f02c6346..b46a2f5c21c 100644 --- a/.github/workflows/shared/grafana.md +++ b/.github/workflows/shared/grafana.md @@ -10,9 +10,11 @@ observability: Authorization: ${{ secrets.GH_AW_OTEL_GRAFANA_AUTHORIZATION }} --- + diff --git a/.github/workflows/shared/otlp.md b/.github/workflows/shared/otlp.md index bf9d9c8d9b4..f68eee05a7f 100644 --- a/.github/workflows/shared/otlp.md +++ b/.github/workflows/shared/otlp.md @@ -14,6 +14,7 @@ observability: Authorization: ${{ secrets.GH_AW_OTEL_GRAFANA_AUTHORIZATION }} --- + diff --git a/.github/workflows/shared/sentry.md b/.github/workflows/shared/sentry.md index c0ee6a0c2a2..2ca59d60c23 100644 --- a/.github/workflows/shared/sentry.md +++ b/.github/workflows/shared/sentry.md @@ -10,9 +10,11 @@ observability: Authorization: ${{ secrets.GH_AW_OTEL_SENTRY_AUTHORIZATION }} --- + diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index c5f73726d6b..3f183e49c4c 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -590,14 +590,7 @@ jobs: 2. **Skip test files** — Never analyze files ending in `_test.go` 3. **Focus on `pkg/` directory** — Primary analysis area 4. **Use Serena for semantic analysis** — Leverage LSP capabilities for deeper insights - ## Required secrets - Consumers of this shared import must provision the following secrets: - - - `GH_AW_OTEL_SENTRY_ENDPOINT` - - `GH_AW_OTEL_SENTRY_AUTHORIZATION` - - `GH_AW_OTEL_GRAFANA_ENDPOINT` - - `GH_AW_OTEL_GRAFANA_AUTHORIZATION` **Important**: If no action is needed after completing your analysis, you **MUST** call the `noop` safe-output tool with a brief explanation. Failing to call any safe-output tool is the most common cause of safe-output workflow failures. ```json