Add formal checkout behavior specification for agent and safe_outputs jobs#44225
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
@copilot merge main and recompile |
…out-behavior Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in |
🤖 PR Triage
Rationale: Draft PR adding a checkout behavior specification doc. Pure documentation, no code logic changes. Hold until ready for review (undraft). Run §28924016278
|
|
@copilot revert lock.yml files |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in |
| - Symlink handling for activation sparse checkout | ||
| - Submodule credential cleanup behavior | ||
| - Trial mode and side-repo derivation behavior | ||
|
|
There was a problem hiding this comment.
@copilot also handle checkout manifest generation
There was a problem hiding this comment.
Done in f4562a1: added normative checkout-manifest generation requirements, including safe-outputs auth metadata handling and no persisted resolved tokens.
There was a problem hiding this comment.
Section 3.4 (Checkout Manifest) was added in f4562a1 and is in the current spec — see lines 111–118 of checkout-behavior-specification.md. It covers the compiler requirement to emit a manifest step, manifest-path safety (absolute/out-of-workspace rejection), and the requirement to include safe_outputs auth metadata without persisting resolved token values.
|
@copilot please run the
|
…out-behavior Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Branch updated: merged main ( |
|
@copilot please run the
|
#42926) Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Done. Here's what was addressed in this pass:
CI needs a human re-trigger (close/reopen or push) after this push to verify on the current HEAD. |
|
|
…out-behavior Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Done in |
🤖 PR Triage
Status: Carry-over (run 4) · CI unstable. Pure docs spec: formal checkout behavior specification for agent and safe_outputs jobs. Persists across 4 runs with CI unstable. Run §28966928999
|
|
Run: https://github.com/github/gh-aw/actions/runs/28969326363
|
…out-behavior Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Done in Summary of where things stand:
Hand-off: CI must be re-triggered by a maintainer (close/reopen PR, |
|
🎉 This pull request is included in a new release. Release: |
Checkout behavior is currently distributed across compiler/runtime paths, which makes auth precedence and mode-specific semantics hard to reason about quickly. This PR introduces a single formal specification for checkout behavior across activation, agent, and safe_outputs jobs, including trial mode and side-repo cases.
Specification baseline (W3C/RFC2119)
docs/src/content/docs/specs/checkout-behavior-specification.md.Authentication and credential lifecycle
github-tokenandgithub-appat checkout entry level, activation token resolution, and safe_outputs PR checkout token resolution.Checkout mechanics and safety constraints
checkout:merge behavior for repeated(repository, path, wiki)targets.fetch-depth,fetch, sparse checkout partial-clone repair, and submodule credential-cleanup behavior.Trial mode and side-repo targeting
current: truecheckouts and side-repo auth precedence.Reference docs linkage
docs/src/content/docs/reference/checkout.md.