diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 3c56b0cbd39..49d0c612032 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -562,7 +562,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/architecture-guardian.lock.yml b/.github/workflows/architecture-guardian.lock.yml index bbb1138d6ab..0615c8541ad 100644 --- a/.github/workflows/architecture-guardian.lock.yml +++ b/.github/workflows/architecture-guardian.lock.yml @@ -480,7 +480,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 464c467cc10..94fac02a75b 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -460,7 +460,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index fe83efd03f0..23467e58fb3 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -521,7 +521,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index c40c6c6825d..fd983a18db2 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -470,7 +470,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index b932d35d6df..75103afd1f3 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -577,7 +577,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 9b5aa1013f1..cf5ef20396b 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -458,7 +458,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index 32c9dd9b321..eab97d35afe 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -507,7 +507,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 1f95a1e6329..8d2536848c9 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -487,7 +487,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/copilot-opt.lock.yml b/.github/workflows/copilot-opt.lock.yml index 9a73567e4a4..8db5738a337 100644 --- a/.github/workflows/copilot-opt.lock.yml +++ b/.github/workflows/copilot-opt.lock.yml @@ -512,7 +512,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 1e4b7da316c..a2ab9c5ec10 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -452,7 +452,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Download activation artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 11cd4186275..f11c88283f8 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -558,7 +558,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 44dd1ad8e71..c34f684e481 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -526,7 +526,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index 61906de90b0..3ea37194161 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -528,7 +528,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml b/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml index 5889643cf78..1adcc95c8b1 100644 --- a/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml +++ b/.github/workflows/daily-agent-of-the-day-blog-writer.lock.yml @@ -536,7 +536,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index b9bbac2213a..770d823d439 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -526,7 +526,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 048ee27701f..6e123b2bb01 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -455,7 +455,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 53f282b7a02..5ed4f7bafb0 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -523,7 +523,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 59e1d810041..e8f8e4749f7 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -564,7 +564,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml b/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml index 3515fb97dc9..17111bd6473 100644 --- a/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml +++ b/.github/workflows/daily-compiler-threat-spec-optimizer.lock.yml @@ -471,7 +471,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-experiment-report.lock.yml b/.github/workflows/daily-experiment-report.lock.yml index 1278eee8393..23bf0038d25 100644 --- a/.github/workflows/daily-experiment-report.lock.yml +++ b/.github/workflows/daily-experiment-report.lock.yml @@ -514,7 +514,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-geo-optimizer.lock.yml b/.github/workflows/daily-geo-optimizer.lock.yml index 2b980fbf702..e2344744a8a 100644 --- a/.github/workflows/daily-geo-optimizer.lock.yml +++ b/.github/workflows/daily-geo-optimizer.lock.yml @@ -477,7 +477,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index a4248079606..ed7560033cf 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -718,7 +718,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index f884441e578..d1776fcc966 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -461,7 +461,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 114122f0b43..5c7336cf90d 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -521,7 +521,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-model-inventory.lock.yml b/.github/workflows/daily-model-inventory.lock.yml index cdfd753c0d4..48ca19bc64b 100644 --- a/.github/workflows/daily-model-inventory.lock.yml +++ b/.github/workflows/daily-model-inventory.lock.yml @@ -488,7 +488,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Install Playwright CLI run: npm install -g @playwright/cli@0.1.13 diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index ae5818c330b..cfe583ac86b 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -516,7 +516,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index e4a3a0ea8f4..e88f34dd3d1 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -509,7 +509,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-safe-output-integrator.lock.yml b/.github/workflows/daily-safe-output-integrator.lock.yml index 645eba48cd4..4811d2f19a8 100644 --- a/.github/workflows/daily-safe-output-integrator.lock.yml +++ b/.github/workflows/daily-safe-output-integrator.lock.yml @@ -462,7 +462,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index ffb8e5cf1b0..a826c382ce9 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -460,7 +460,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-security-observability.lock.yml b/.github/workflows/daily-security-observability.lock.yml index 5087f7fd158..de3968eb380 100644 --- a/.github/workflows/daily-security-observability.lock.yml +++ b/.github/workflows/daily-security-observability.lock.yml @@ -587,7 +587,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-sentrux-report.lock.yml b/.github/workflows/daily-sentrux-report.lock.yml index c5f3645e1f4..56619b26352 100644 --- a/.github/workflows/daily-sentrux-report.lock.yml +++ b/.github/workflows/daily-sentrux-report.lock.yml @@ -495,7 +495,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-skill-optimizer.lock.yml b/.github/workflows/daily-skill-optimizer.lock.yml index 33067da92f3..14dbb045cf9 100644 --- a/.github/workflows/daily-skill-optimizer.lock.yml +++ b/.github/workflows/daily-skill-optimizer.lock.yml @@ -467,7 +467,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-spdd-spec-planner.lock.yml b/.github/workflows/daily-spdd-spec-planner.lock.yml index 1bc444832ba..d230594b6ff 100644 --- a/.github/workflows/daily-spdd-spec-planner.lock.yml +++ b/.github/workflows/daily-spdd-spec-planner.lock.yml @@ -488,7 +488,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index f25b336c86a..b3fd4965a4c 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -469,7 +469,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 699a1660c5d..ac7a2ec8460 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -530,7 +530,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index b1054ebb2e1..5f83a15fa3d 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -457,7 +457,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index 93669f535c6..983ed540b4a 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -509,7 +509,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 95e4a32c3f8..3545e876927 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -485,7 +485,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/deployment-incident-monitor.lock.yml b/.github/workflows/deployment-incident-monitor.lock.yml index f916e47a119..9ffcb91c6e2 100644 --- a/.github/workflows/deployment-incident-monitor.lock.yml +++ b/.github/workflows/deployment-incident-monitor.lock.yml @@ -472,7 +472,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 9414139878f..470cdfebbc9 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -526,7 +526,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index e07e8bd6f09..724c2932fe6 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -459,7 +459,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 36325872c86..e2fa5bd6cda 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -484,7 +484,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 15da8a93199..519de0a0b83 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -470,7 +470,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Install Playwright CLI run: npm install -g @playwright/cli@0.1.13 diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index d34c81cd80d..0dad82ec569 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -454,7 +454,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 3360990777e..bd21888a7d5 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -529,7 +529,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index ed6ae9db0ad..997599e4371 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -455,7 +455,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index d6f1de2a507..dad2e571140 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -497,7 +497,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 6d866656da7..4f02516fe01 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -473,7 +473,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/linter-miner.lock.yml b/.github/workflows/linter-miner.lock.yml index 3013a1b309d..cbc23241602 100644 --- a/.github/workflows/linter-miner.lock.yml +++ b/.github/workflows/linter-miner.lock.yml @@ -523,7 +523,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 9670eb238e3..de66c110425 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -620,7 +620,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index d52cdb115d4..cc9284590ec 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -526,7 +526,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index af2fe05d472..e7ec44a33dc 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -527,7 +527,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 7fa8a32f031..d3e907fd920 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -514,7 +514,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 99b1bb0343c..4398f8b3125 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -567,7 +567,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index b36120f14b7..a868b8e9074 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -524,7 +524,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/pr-code-quality-reviewer.lock.yml b/.github/workflows/pr-code-quality-reviewer.lock.yml index 35359326316..09a7fa6c56d 100644 --- a/.github/workflows/pr-code-quality-reviewer.lock.yml +++ b/.github/workflows/pr-code-quality-reviewer.lock.yml @@ -523,7 +523,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 5988d320ab4..a04dcd172b0 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -526,7 +526,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 851b4511a69..08dd253b942 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -492,7 +492,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index a95771d61cd..f22195905cd 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -541,7 +541,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index d5332c0c0b3..dbc2393a37a 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -596,7 +596,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Parse integrity filter lists id: parse-guard-vars diff --git a/.github/workflows/smoke-copilot-sdk.lock.yml b/.github/workflows/smoke-copilot-sdk.lock.yml index c866bf30780..f20ae0a6c12 100644 --- a/.github/workflows/smoke-copilot-sdk.lock.yml +++ b/.github/workflows/smoke-copilot-sdk.lock.yml @@ -510,7 +510,7 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.25.58 - - name: Install GitHub Copilot SDK + - name: Install GitHub Copilot SDK (Node.js) run: cd "${GITHUB_WORKSPACE}" && npm install --ignore-scripts --no-save @github/copilot-sdk@1.0.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown diff --git a/docs/src/content/docs/reference/engines.md b/docs/src/content/docs/reference/engines.md index bd6d78b877d..86c69b47bf8 100644 --- a/docs/src/content/docs/reference/engines.md +++ b/docs/src/content/docs/reference/engines.md @@ -263,6 +263,19 @@ The value must be a bare filename — no directory separators, no `..`, and no s | Must start with `[A-Za-z0-9_]` | `harness.js` | `-harness.cjs` | | Must end with `.js`, `.cjs`, or `.mjs` | `wrapper.cjs` | `harness.sh` | +### Copilot SDK Driver Override (`copilot-sdk-driver`) + +When `engine.copilot-sdk: true` is enabled, gh-aw runs a Node.js driver script (`copilot_sdk_driver.cjs`) under the harness. Use `engine.copilot-sdk-driver` to replace that built-in SDK driver with your own script filename. + +```yaml wrap +engine: + id: copilot + copilot-sdk: true + copilot-sdk-driver: custom_copilot_sdk_driver.cjs +``` + +`copilot-sdk-driver` follows the same filename safety rules as `harness`: it must be a bare filename ending with `.js`, `.cjs`, or `.mjs` (no paths, no `..`, no shell metacharacters). + ### Bare Mode (`bare`) Set `engine.bare: true` to disable automatic loading of context and custom instructions by the engine. Use this when the workflow prompt is fully self-contained and you want to prevent the engine from reading memory files, AGENTS.md, or built-in system prompts that would otherwise be loaded automatically. diff --git a/docs/src/content/docs/reference/frontmatter-full.md b/docs/src/content/docs/reference/frontmatter-full.md index 0118cd5f2dc..0b0fd28c69c 100644 --- a/docs/src/content/docs/reference/frontmatter-full.md +++ b/docs/src/content/docs/reference/frontmatter-full.md @@ -2308,6 +2308,12 @@ engine: # (optional) copilot-sdk: true + # Custom Node.js Copilot SDK driver script filename (copilot engine only). This is + # only used when copilot-sdk: true is set and must be a safe basename ending with + # .js, .cjs, or .mjs. + # (optional) + copilot-sdk-driver: "example-value" + # Format 3: Inline engine definition: specifies a runtime adapter and optional # provider settings directly in the workflow frontmatter, without requiring a # named catalog entry diff --git a/pkg/parser/schema_test.go b/pkg/parser/schema_test.go index 0dc6687dfcb..e88df51bdfa 100644 --- a/pkg/parser/schema_test.go +++ b/pkg/parser/schema_test.go @@ -332,6 +332,49 @@ func TestValidateMainWorkflowFrontmatterWithSchemaAndLocation_EngineHarnessPatte } } +func TestValidateMainWorkflowFrontmatterWithSchemaAndLocation_EngineCopilotSDKDriverPattern(t *testing.T) { + t.Parallel() + + validFrontmatter := map[string]any{ + "on": "push", + "engine": map[string]any{ + "id": "copilot", + "copilot-sdk-driver": "custom_copilot_sdk_driver.cjs", + }, + } + + err := ValidateMainWorkflowFrontmatterWithSchemaAndLocation(validFrontmatter, "/tmp/gh-aw/engine-copilot-sdk-driver-valid-pattern-test.md") + if err != nil { + t.Fatalf("expected valid engine.copilot-sdk-driver pattern to pass schema validation, got: %v", err) + } + + invalidFrontmatter := map[string]any{ + "on": "push", + "engine": map[string]any{ + "id": "copilot", + "copilot-sdk-driver": "../driver.cjs", + }, + } + + err = ValidateMainWorkflowFrontmatterWithSchemaAndLocation(invalidFrontmatter, "/tmp/gh-aw/engine-copilot-sdk-driver-invalid-pattern-test.md") + if err == nil { + t.Fatal("expected invalid engine.copilot-sdk-driver pattern to fail schema validation") + } + + invalidFlagLikeFrontmatter := map[string]any{ + "on": "push", + "engine": map[string]any{ + "id": "copilot", + "copilot-sdk-driver": "-driver.cjs", + }, + } + + err = ValidateMainWorkflowFrontmatterWithSchemaAndLocation(invalidFlagLikeFrontmatter, "/tmp/gh-aw/engine-copilot-sdk-driver-invalid-flaglike-pattern-test.md") + if err == nil { + t.Fatal("expected flag-like engine.copilot-sdk-driver pattern to fail schema validation") + } +} + func TestValidateMainWorkflowFrontmatterWithSchemaAndLocation_EnginePermissionMode(t *testing.T) { t.Parallel() diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json index 9abd61a8103..b8cb73cb9ab 100644 --- a/pkg/parser/schemas/main_workflow_schema.json +++ b/pkg/parser/schemas/main_workflow_schema.json @@ -10687,6 +10687,7 @@ }, { "id": "copilot", + "copilot-sdk-driver": "custom_copilot_sdk_driver.cjs", "copilot-sdk": true, "version": "latest" } @@ -10931,6 +10932,11 @@ "copilot-sdk": { "type": "boolean", "description": "Enables the experimental GitHub Copilot SDK integration (copilot engine only). When true, the harness starts a separate headless Copilot CLI sidecar on the configured localhost port and sets COPILOT_SDK_URI on child processes." + }, + "copilot-sdk-driver": { + "type": "string", + "pattern": "^[A-Za-z0-9_][A-Za-z0-9._-]*\\.(?:js|cjs|mjs)$", + "description": "Custom Node.js Copilot SDK driver script filename (copilot engine only). Used only when `copilot-sdk: true` is set; must be a safe basename ending with .js, .cjs, or .mjs." } }, "required": ["id"], diff --git a/pkg/workflow/compiler_orchestrator_workflow.go b/pkg/workflow/compiler_orchestrator_workflow.go index 02717a69b98..d5a4b496fa2 100644 --- a/pkg/workflow/compiler_orchestrator_workflow.go +++ b/pkg/workflow/compiler_orchestrator_workflow.go @@ -150,6 +150,7 @@ func (c *Compiler) validateWorkflowEngineSettings(cleanPath string, workflowData c.validateGeminiDeprecation, c.validatePlaywrightMode, c.validateEngineHarnessScript, + c.validateEngineCopilotSDKDriver, c.validateEngineMCPSessionTimeout, c.validateEngineMCPToolTimeout, } diff --git a/pkg/workflow/copilot_engine_execution.go b/pkg/workflow/copilot_engine_execution.go index 0b13d1bf13e..f669a8b2150 100644 --- a/pkg/workflow/copilot_engine_execution.go +++ b/pkg/workflow/copilot_engine_execution.go @@ -200,6 +200,10 @@ func (e *CopilotEngine) GetExecutionSteps(workflowData *WorkflowData, logFile st harnessScriptName = workflowData.EngineConfig.HarnessScript } isCopilotSDKMode := workflowData.EngineConfig != nil && workflowData.EngineConfig.CopilotSDK + sdkDriverScriptName := "copilot_sdk_driver.cjs" + if workflowData.EngineConfig != nil && workflowData.EngineConfig.CopilotSDKDriver != "" { + sdkDriverScriptName = workflowData.EngineConfig.CopilotSDKDriver + } // copilotSDKServerArgsJSON holds the JSON-encoded server-args array that will be set in // GH_AW_COPILOT_SDK_SERVER_ARGS when copilot-sdk: true. It is declared here so that the @@ -220,9 +224,9 @@ func (e *CopilotEngine) GetExecutionSteps(workflowData *WorkflowData, logFile st // ["copilot_sdk_driver.cjs", commandName]) — treating the driver like any other command. // The shell expands $GH_AW_NODE_EXEC before the harness process starts, so the // harness sees the absolute path to the node binary in its argv. - execPrefix = fmt.Sprintf(`%s %s/%s "$GH_AW_NODE_EXEC" %s/copilot_sdk_driver.cjs %s`, + execPrefix = fmt.Sprintf(`%s %s/%s "$GH_AW_NODE_EXEC" %s/%s %s`, runtimeResolutionCommand, SetupActionDestinationShell, harnessScriptName, - SetupActionDestinationShell, commandName) + SetupActionDestinationShell, sdkDriverScriptName, commandName) } else { execPrefix = fmt.Sprintf(`%s %s/%s %s`, runtimeResolutionCommand, SetupActionDestinationShell, harnessScriptName, commandName) } diff --git a/pkg/workflow/copilot_engine_test.go b/pkg/workflow/copilot_engine_test.go index 03d952eac41..6db556c1dd2 100644 --- a/pkg/workflow/copilot_engine_test.go +++ b/pkg/workflow/copilot_engine_test.go @@ -323,6 +323,30 @@ func TestCopilotEngineExecutionStepsWithCopilotSDK(t *testing.T) { } } +func TestCopilotEngineExecutionStepsWithCopilotSDKCustomDriver(t *testing.T) { + engine := NewCopilotEngine() + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + CopilotSDK: true, + CopilotSDKDriver: "custom_copilot_sdk_driver.cjs", + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + if len(steps) != 1 { + t.Fatalf("Expected 1 execution step, got %d", len(steps)) + } + + stepContent := strings.Join([]string(steps[0]), "\n") + if !strings.Contains(stepContent, "custom_copilot_sdk_driver.cjs") { + t.Fatalf("Expected SDK driver mode command to include custom_copilot_sdk_driver.cjs, got:\n%s", stepContent) + } + if strings.Contains(stepContent, "/actions/copilot_sdk_driver.cjs") { + t.Fatalf("Expected built-in SDK driver to be replaced, got:\n%s", stepContent) + } +} + func TestCopilotEngineExecutionStepsWithCopilotSDKPermissionConfig(t *testing.T) { engine := NewCopilotEngine() workflowData := &WorkflowData{ diff --git a/pkg/workflow/engine.go b/pkg/workflow/engine.go index 41e15811797..b063a673f3d 100644 --- a/pkg/workflow/engine.go +++ b/pkg/workflow/engine.go @@ -39,6 +39,7 @@ type EngineConfig struct { UserAgent string Command string // Custom executable path (when set, skip installation steps) HarnessScript string // Custom Node.js harness script filename (replaces engine default harness script when supported) + CopilotSDKDriver string // Custom Node.js Copilot SDK driver script filename (copilot engine only; used when copilot-sdk=true) Env map[string]string Auth *EngineAuthConfig // Engine-level auth config (mapped to AWF_AUTH_* env vars for API proxy sidecar auth) Config string @@ -408,6 +409,13 @@ func (c *Compiler) ExtractEngineConfig(frontmatter map[string]any) (string, *Eng } } + // Extract optional 'copilot-sdk-driver' field (string - validated separately) + if sdkDriver, hasSDKDriver := engineObj["copilot-sdk-driver"]; hasSDKDriver { + if sdkDriverStr, ok := sdkDriver.(string); ok { + config.CopilotSDKDriver = sdkDriverStr + } + } + // Extract optional 'env' field (object/map of strings) if env, hasEnv := engineObj["env"]; hasEnv { if envMap, ok := env.(map[string]any); ok { diff --git a/pkg/workflow/engine_config_test.go b/pkg/workflow/engine_config_test.go index a9739027f85..a3e06a57a7d 100644 --- a/pkg/workflow/engine_config_test.go +++ b/pkg/workflow/engine_config_test.go @@ -363,6 +363,17 @@ func TestExtractEngineConfig(t *testing.T) { expectedEngineSetting: "copilot", expectedConfig: &EngineConfig{ID: "copilot", HarnessScript: "custom_copilot_harness.cjs"}, }, + { + name: "object format - with copilot sdk driver script", + frontmatter: map[string]any{ + "engine": map[string]any{ + "id": "copilot", + "copilot-sdk-driver": "custom_copilot_sdk_driver.cjs", + }, + }, + expectedEngineSetting: "copilot", + expectedConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "custom_copilot_sdk_driver.cjs"}, + }, { name: "object format - complete with user-agent", frontmatter: map[string]any{ @@ -432,6 +443,10 @@ func TestExtractEngineConfig(t *testing.T) { t.Errorf("Expected config.HarnessScript '%s', got '%s'", test.expectedConfig.HarnessScript, config.HarnessScript) } + if config.CopilotSDKDriver != test.expectedConfig.CopilotSDKDriver { + t.Errorf("Expected config.CopilotSDKDriver '%s', got '%s'", test.expectedConfig.CopilotSDKDriver, config.CopilotSDKDriver) + } + if len(config.Env) != len(test.expectedConfig.Env) { t.Errorf("Expected config.Env length %d, got %d", len(test.expectedConfig.Env), len(config.Env)) } else { diff --git a/pkg/workflow/engine_validation.go b/pkg/workflow/engine_validation.go index 0ed31b0fc71..3317130bbc3 100644 --- a/pkg/workflow/engine_validation.go +++ b/pkg/workflow/engine_validation.go @@ -51,6 +51,28 @@ import ( var engineValidationLog = newValidationLogger("engine") var safeHarnessScriptPattern = regexp.MustCompile(`^[A-Za-z0-9_][A-Za-z0-9._-]*$`) +func validateEngineScriptFilename(fieldName, scriptName string) error { + if strings.TrimSpace(scriptName) != scriptName { + return fmt.Errorf("%s must be a safe basename without leading/trailing whitespace (found: %s).\n\nSee: %s", fieldName, scriptName, constants.DocsEnginesURL) + } + + if filepath.IsAbs(scriptName) || + strings.Contains(scriptName, "/") || + strings.Contains(scriptName, `\`) || + strings.Contains(scriptName, "..") || + !safeHarnessScriptPattern.MatchString(scriptName) { + return fmt.Errorf("%s must be a safe basename (no path separators, '..', or shell metacharacters) ending with .js, .cjs, or .mjs (found: %s).\n\nSee: %s", fieldName, scriptName, constants.DocsEnginesURL) + } + + ext := strings.ToLower(filepath.Ext(scriptName)) + switch ext { + case ".js", ".cjs", ".mjs": + return nil + default: + return fmt.Errorf("%s must be a Node.js script ending with .js, .cjs, or .mjs (found: %s).\n\nSee: %s", fieldName, scriptName, constants.DocsEnginesURL) + } +} + // validateEngineVersion warns when the workflow explicitly pins the engine CLI // to "latest". Unpinned "latest" versions change unpredictably and undermine // supply chain security guarantees. @@ -107,26 +129,17 @@ func (c *Compiler) validateEngineHarnessScript(workflowData *WorkflowData) error return nil } - harnessScript := workflowData.EngineConfig.HarnessScript - if strings.TrimSpace(harnessScript) != harnessScript { - return fmt.Errorf("engine.harness must be a safe basename without leading/trailing whitespace (found: %s).\n\nSee: %s", workflowData.EngineConfig.HarnessScript, constants.DocsEnginesURL) - } - - if filepath.IsAbs(harnessScript) || - strings.Contains(harnessScript, "/") || - strings.Contains(harnessScript, `\`) || - strings.Contains(harnessScript, "..") || - !safeHarnessScriptPattern.MatchString(harnessScript) { - return fmt.Errorf("engine.harness must be a safe basename (no path separators, '..', or shell metacharacters) ending with .js, .cjs, or .mjs (found: %s).\n\nSee: %s", workflowData.EngineConfig.HarnessScript, constants.DocsEnginesURL) - } + return validateEngineScriptFilename("engine.harness", workflowData.EngineConfig.HarnessScript) +} - ext := strings.ToLower(filepath.Ext(harnessScript)) - switch ext { - case ".js", ".cjs", ".mjs": +// validateEngineCopilotSDKDriver validates optional engine.copilot-sdk-driver configuration. +// engine.copilot-sdk-driver must point to a Node.js script. +func (c *Compiler) validateEngineCopilotSDKDriver(workflowData *WorkflowData) error { + if workflowData == nil || workflowData.EngineConfig == nil || workflowData.EngineConfig.CopilotSDKDriver == "" { return nil - default: - return fmt.Errorf("engine.harness must be a Node.js script ending with .js, .cjs, or .mjs (found: %s).\n\nSee: %s", workflowData.EngineConfig.HarnessScript, constants.DocsEnginesURL) } + + return validateEngineScriptFilename("engine.copilot-sdk-driver", workflowData.EngineConfig.CopilotSDKDriver) } // validateEngineMCPSessionTimeout validates optional engine.mcp.session-timeout configuration. diff --git a/pkg/workflow/engine_validation_test.go b/pkg/workflow/engine_validation_test.go index 3600e9ae925..93c91ac092f 100644 --- a/pkg/workflow/engine_validation_test.go +++ b/pkg/workflow/engine_validation_test.go @@ -448,6 +448,109 @@ func TestValidateEngineHarnessScript(t *testing.T) { } } +func TestValidateEngineCopilotSDKDriver(t *testing.T) { + tests := []struct { + name string + workflow *WorkflowData + expectError bool + errorSubstr string + }{ + { + name: "no engine config", + workflow: &WorkflowData{ + EngineConfig: nil, + }, + expectError: false, + }, + { + name: "no copilot sdk driver configured", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot"}, + }, + expectError: false, + }, + { + name: "valid cjs copilot sdk driver", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "custom_copilot_sdk_driver.cjs"}, + }, + expectError: false, + }, + { + name: "valid mjs copilot sdk driver", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "custom_copilot_sdk_driver.mjs"}, + }, + expectError: false, + }, + { + name: "invalid extension", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "driver.sh"}, + }, + expectError: true, + errorSubstr: "must be a Node.js script", + }, + { + name: "invalid path traversal", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "../driver.cjs"}, + }, + expectError: true, + errorSubstr: "safe basename", + }, + { + name: "invalid path separator", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "nested/driver.cjs"}, + }, + expectError: true, + errorSubstr: "safe basename", + }, + { + name: "invalid shell metacharacter", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "driver;rm -rf /.cjs"}, + }, + expectError: true, + errorSubstr: "safe basename", + }, + { + name: "invalid leading whitespace", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: " driver.cjs"}, + }, + expectError: true, + errorSubstr: "leading/trailing whitespace", + }, + { + name: "invalid leading hyphen", + workflow: &WorkflowData{ + EngineConfig: &EngineConfig{ID: "copilot", CopilotSDKDriver: "-driver.cjs"}, + }, + expectError: true, + errorSubstr: "safe basename", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + compiler := NewCompiler() + err := compiler.validateEngineCopilotSDKDriver(tt.workflow) + + if tt.expectError { + require.Error(t, err, "Expected validation error") + if tt.errorSubstr != "" { + assert.Contains(t, err.Error(), tt.errorSubstr, "Expected error substring mismatch") + } + return + } + + assert.NoError(t, err, "Expected copilot-sdk-driver validation to pass") + }) + } +} + // TestValidateEngineMCPSessionTimeout tests the validateEngineMCPSessionTimeout function. func TestValidateEngineMCPSessionTimeout(t *testing.T) { tests := []struct { diff --git a/pkg/workflow/threat_detection.go b/pkg/workflow/threat_detection.go index 25c07eba86c..b157533c047 100644 --- a/pkg/workflow/threat_detection.go +++ b/pkg/workflow/threat_detection.go @@ -614,6 +614,7 @@ func (c *Compiler) buildDetectionEngineExecutionStep(data *WorkflowData) []strin APITarget: detectionEngineConfig.APITarget, MaxEffectiveTokens: detectionEngineConfig.MaxEffectiveTokens, HarnessScript: detectionEngineConfig.HarnessScript, + CopilotSDKDriver: detectionEngineConfig.CopilotSDKDriver, } } if detectionEngineConfig.ID == "" {