Skip to content

v0.82.6

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 08 Jul 13:30
Immutable release. Only release title and notes can be modified.
adb344b

🌟 Release Highlights

This release focuses on correctness and reliability β€” fixing subtle bugs in workflow compilation, strengthening security defaults, and improving developer tooling with new ESLint rules and unit tests.

✨ What's New

  • ESLint rule: no-github-request-interpolated-route β€” A new static analysis rule flags interpolated template literals and string concatenation in Octokit .request() route arguments. This prevents malformed URLs and enforces the typed placeholder syntax ({owner}, {repo}) that GitHub's REST API expects. (#44268)

  • Comment-memory support for deterministic jobs β€” Custom jobs and on.steps flows with restore-memory: true now correctly receive the comment-memory config, enabling deterministic steps to consume persisted memory before agent execution. (#44214)

πŸ› Bug Fixes & Improvements

  • Safer lockdown defaults on API failure β€” When the determine-automatic-lockdown step cannot fetch repository visibility, sink-visibility now defaults to "public" (strict policy) instead of the previously unrecognized "unknown" value, preventing unpredictable guard policy behavior. (#44286)

  • Detection job dependency fix β€” engine.env values referencing needs.<job>.outputs.* expressions now correctly propagate to the detection job's needs list, preventing silent empty-string resolution at runtime. (#44202)

  • Lockdown autodetection skip when guard policy is explicit β€” The determine-automatic-lockdown step is now skipped when guard policies are already statically configured in frontmatter, eliminating redundant runtime detection. (#44270)

  • Deprecated output references cleaned up β€” All remaining uses of needs.activation.outputs.{text,title,body} in tests and specs replaced with the current steps.sanitized.outputs.* form, eliminating spurious deprecation warnings. (#44255)

πŸ“š Documentation

  • Token type validation clarified β€” Auth reference docs now explicitly document that COPILOT_GITHUB_TOKEN and GH_AW_GITHUB_TOKEN must be fine-grained PATs. OAuth user tokens (gho_...) are intentionally rejected at activation with remediation guidance. (#44275, Learn more)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by πŸš€ Release Β· 24.6 AIC Β· ⊞ 7.6K


What's Changed

  • [spec-extractor] Update package specifications for tty, types, typeutil, workflow by @github-actions[bot] in #44266
  • fix: skip lockdown autodetection step when guard policy is explicitly configured by @pelikhan with @Copilot in #44270
  • Replace deprecated needs.activation.outputs.{text,title,body} with steps.sanitized.outputs.* by @pelikhan with @Copilot in #44255
  • fix: detection job missing engine.env job dependencies in needs list by @pelikhan with @Copilot in #44202
  • Restore comment-memory config for deterministic memory-read jobs by @pelikhan with @Copilot in #44214
  • refactor(workflow): rename same-name/different-semantics helpers to eliminate navigation confusion by @pelikhan with @Copilot in #44149
  • [docs] Update documentation for features from 2026-07-08 by @github-actions[bot] in #44275
  • [docs] Update glossary - daily scan by @github-actions[bot] in #44273
  • feat(eslint): add no-github-request-interpolated-route rule by @pelikhan with @Copilot in #44268
  • fix: default sink-visibility to "public" when repository visibility check fails by @pelikhan with @Copilot in #44286
  • Add unit tests for StripANSI in pkg/stringutil by @pelikhan with @Copilot in #44277

Full Changelog: v0.82.5...v0.82.6