From 713ce574c632a82420ca9f88be1c6a3ef53c4487 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 06:59:35 +0000 Subject: [PATCH 1/3] Initial plan From f4804bf776dfcaf7893f552c89f9ddb7ef3d20b2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 07:15:48 +0000 Subject: [PATCH 2/3] Fix agentic workflow CI failures Co-authored-by: mrjf <180956+mrjf@users.noreply.github.com> --- .github/workflows/agentics-maintenance.yml | 82 ++++++++-------------- .github/workflows/autoloop.lock.yml | 37 ++++++---- .github/workflows/autoloop.md | 4 +- .github/workflows/build-release.yml | 1 + 4 files changed, 57 insertions(+), 67 deletions(-) diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index 5dcb659..a48733e 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -104,7 +104,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -149,7 +149,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -178,7 +178,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -192,21 +192,17 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs'); await main(); - - name: Setup Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - name: Install gh-aw + uses: github/gh-aw/actions/setup-cli@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: - go-version-file: go.mod - cache: true - - - name: Build gh-aw - run: make build + version: v0.72.1 - name: Run operation uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_AW_OPERATION: ${{ inputs.operation }} - GH_AW_CMD_PREFIX: ./gh-aw + GH_AW_CMD_PREFIX: gh aw with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -234,7 +230,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -280,7 +276,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -324,7 +320,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -338,19 +334,15 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs'); await main(); - - name: Setup Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - name: Install gh-aw + uses: github/gh-aw/actions/setup-cli@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: - go-version-file: go.mod - cache: true - - - name: Build gh-aw - run: make build + version: v0.72.1 - name: Create missing labels uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: - GH_AW_CMD_PREFIX: ./gh-aw + GH_AW_CMD_PREFIX: gh aw with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -374,7 +366,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -388,14 +380,10 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs'); await main(); - - name: Setup Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - name: Install gh-aw + uses: github/gh-aw/actions/setup-cli@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: - go-version-file: go.mod - cache: true - - - name: Build gh-aw - run: make build + version: v0.72.1 - name: Restore activity report logs cache id: activity_report_logs_cache @@ -411,7 +399,7 @@ jobs: shell: bash env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_AW_CMD_PREFIX: ./gh-aw + GH_AW_CMD_PREFIX: gh aw run: | ${GH_AW_CMD_PREFIX} logs \ --repo "${{ github.repository }}" \ @@ -482,7 +470,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -519,7 +507,7 @@ jobs: persist-credentials: false - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -533,19 +521,15 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs'); await main(); - - name: Setup Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - name: Install gh-aw + uses: github/gh-aw/actions/setup-cli@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: - go-version-file: go.mod - cache: true - - - name: Build gh-aw - run: make build + version: v0.72.1 - name: Validate workflows and file issue on findings uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: - GH_AW_CMD_PREFIX: ./gh-aw + GH_AW_CMD_PREFIX: gh aw with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -569,22 +553,18 @@ jobs: with: persist-credentials: false - - name: Setup Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - name: Install gh-aw + uses: github/gh-aw/actions/setup-cli@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: - go-version-file: go.mod - cache: true - - - name: Build gh-aw - run: make build + version: v0.72.1 - name: Compile workflows run: | - ./gh-aw compile --validate --validate-images --verbose + gh aw compile --validate --validate-images --verbose echo "✓ All workflows compiled successfully" - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions @@ -616,7 +596,7 @@ jobs: node-version: '22' - name: Setup Scripts - uses: ./actions/setup + uses: github/gh-aw/actions/setup@4a32129491598c66908107001a88d8e5cad631c8 # v0.72.1 with: destination: ${{ runner.temp }}/gh-aw/actions diff --git a/.github/workflows/autoloop.lock.yml b/.github/workflows/autoloop.lock.yml index 39c78a5..1ef1f76 100644 --- a/.github/workflows/autoloop.lock.yml +++ b/.github/workflows/autoloop.lock.yml @@ -1,5 +1,5 @@ -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3a6cf59bd705cac7d84420b31f9429cdd7462fef26110a0c5b8792c038ec9599","strict":true,"agent_id":"copilot"} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.43"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.6","digest":"sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.6@sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c"},{"image":"ghcr.io/github/github-mcp-server:v1.0.3","digest":"sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.3@sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"434f9a4838b76fd4b621b9071d8a11e25629ffa3d04709f045cdf8e64c07983e","strict":true,"agent_id":"copilot"} +# gh-aw-manifest: {"version":1,"secrets":["GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.43"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.43"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.6","digest":"sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.6@sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c"},{"image":"ghcr.io/github/github-mcp-server:v1.0.3","digest":"sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.3@sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -39,7 +39,6 @@ # - shared/reporting.md # # Secrets used: -# - COPILOT_GITHUB_TOKEN # - GH_AW_CI_TRIGGER_TOKEN # - GH_AW_GITHUB_MCP_SERVER_TOKEN # - GH_AW_GITHUB_TOKEN @@ -130,7 +129,6 @@ jobs: engine_id: ${{ steps.generate_aw_info.outputs.engine_id }} lockdown_check_failed: ${{ steps.generate_aw_info.outputs.lockdown_check_failed == 'true' }} model: ${{ steps.generate_aw_info.outputs.model }} - secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} setup-parent-span-id: ${{ steps.setup.outputs.parent-span-id || steps.setup.outputs.span-id }} setup-span-id: ${{ steps.setup.outputs.span-id }} setup-trace-id: ${{ steps.setup.outputs.trace-id }} @@ -196,11 +194,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/add_reaction.cjs'); await main(); - - name: Validate COPILOT_GITHUB_TOKEN secret - id: validate-secret - run: bash "${RUNNER_TEMP}/gh-aw/actions/validate_multi_secret.sh" COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.com/gh-aw/reference/engines/#github-copilot-default - env: - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Checkout .github and .agents folders uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -444,7 +437,23 @@ jobs: agent: needs: activation runs-on: ubuntu-latest - permissions: read-all + permissions: + actions: read + attestations: read + checks: read + contents: read + copilot-requests: write + deployments: read + discussions: read + issues: read + models: read + packages: read + pages: read + pull-requests: read + repository-projects: read + security-events: read + statuses: read + vulnerability-alerts: read env: DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} GH_AW_ASSETS_ALLOWED_EXTS: "" @@ -1072,7 +1081,7 @@ jobs: AWF_REFLECT_ENABLED: 1 COPILOT_AGENT_RUNNER_TYPE: STANDALONE COPILOT_API_KEY: dummy-byok-key-for-offline-mode - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + COPILOT_GITHUB_TOKEN: ${{ github.token }} COPILOT_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'claude-sonnet-4.6' }} GH_AW_MCP_CONFIG: /home/runner/.copilot/mcp-config.json GH_AW_PHASE: agent @@ -1134,8 +1143,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/redact_secrets.cjs'); await main(); env: - GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' - SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GH_AW_SECRET_NAMES: 'GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -1404,7 +1412,6 @@ jobs: GH_AW_WORKFLOW_ID: "autoloop" GH_AW_ACTION_FAILURE_ISSUE_EXPIRES_HOURS: "168" GH_AW_ENGINE_ID: "copilot" - GH_AW_SECRET_VERIFICATION_RESULT: ${{ needs.activation.outputs.secret_verification_result }} GH_AW_CHECKOUT_PR_SUCCESS: ${{ needs.agent.outputs.checkout_pr_success }} GH_AW_EFFECTIVE_TOKENS: ${{ needs.agent.outputs.effective_tokens || '' }} GH_AW_EFFECTIVE_TOKENS_RATE_LIMIT_ERROR: ${{ needs.agent.outputs.effective_tokens_rate_limit_error || 'false' }} @@ -1597,7 +1604,7 @@ jobs: AWF_REFLECT_ENABLED: 1 COPILOT_AGENT_RUNNER_TYPE: STANDALONE COPILOT_API_KEY: dummy-byok-key-for-offline-mode - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + COPILOT_GITHUB_TOKEN: ${{ github.token }} COPILOT_MODEL: ${{ vars.GH_AW_MODEL_DETECTION_COPILOT || 'claude-sonnet-4.6' }} GH_AW_PHASE: detection GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt diff --git a/.github/workflows/autoloop.md b/.github/workflows/autoloop.md index b851951..98cc2ed 100644 --- a/.github/workflows/autoloop.md +++ b/.github/workflows/autoloop.md @@ -118,6 +118,9 @@ steps: source: githubnext/autoloop engine: copilot + +features: + copilot-requests: true --- # Autoloop @@ -880,4 +883,3 @@ The `delta` is **signed by metric direction**: for `higher`-direction programs a > ❌ **Do NOT modify files outside the program's Target list.** > The Target section of the program file is the allowlist. Touching anything else (including the evaluation script or the program file itself) is forbidden. - diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index c80f9b5..46fe72c 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -78,6 +78,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GH_MODELS_PAT }} GITHUB_APM_PAT: ${{ secrets.GH_CLI_PAT }} + USERPROFILE: ${{ runner.temp }} run: uv run pytest tests/unit tests/test_console.py -n auto --dist worksteal # Smoke runs only at promotion boundaries: From e53f5678ff662c7c054b57def51ab37fe55996b4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 11 May 2026 16:29:04 +0000 Subject: [PATCH 3/3] Refresh APM integration files Co-authored-by: mrjf <180956+mrjf@users.noreply.github.com> --- .github/agents/agentic-workflows.agent.md | 19 ------------------- .../agentic-workflows.instructions.md | 16 ++++++++++++++++ apm.lock.yaml | 2 ++ 3 files changed, 18 insertions(+), 19 deletions(-) create mode 100644 .github/instructions/agentic-workflows.instructions.md diff --git a/.github/agents/agentic-workflows.agent.md b/.github/agents/agentic-workflows.agent.md index bcedfcc..c0f2187 100644 --- a/.github/agents/agentic-workflows.agent.md +++ b/.github/agents/agentic-workflows.agent.md @@ -19,7 +19,6 @@ This is a **dispatcher agent** that routes your request to the appropriate speci - **Creating shared components**: Routes to `create-shared-agentic-workflow` prompt - **Fixing Dependabot PRs**: Routes to `dependabot` prompt — use this when Dependabot opens PRs that modify generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`). Never merge those PRs directly; instead update the source `.md` files and rerun `gh aw compile --dependabot` to bundle all fixes - **Analyzing test coverage**: Routes to `test-coverage` prompt — consult this whenever the workflow reads, analyzes, or reports on test coverage data from PRs or CI runs -- **CLI commands and triggering workflows**: Routes to `cli-commands` guide — consult this whenever the user asks how to run, compile, debug, or manage workflows from the command line, or when they need the MCP tool equivalent of a `gh aw` command Workflows may optionally include: @@ -130,17 +129,6 @@ When you interact with this agent, it will: - "Analyze coverage trends over time" - "Add a coverage gate that blocks PRs below a threshold" -### CLI Commands Reference -**Load when**: The user asks how to run, compile, debug, or manage workflows from the command line; needs the MCP tool equivalent of a `gh aw` command; or is in a restricted environment (e.g., Copilot Cloud) without direct CLI access. - -**Reference file**: https://github.com/github/gh-aw/blob/main/.github/aw/cli-commands.md - -**Use cases**: -- "How do I trigger workflow X on the main branch?" -- "What's the MCP equivalent of `gh aw logs`?" -- "I'm in Copilot Cloud — how do I compile a workflow?" -- "Show me all available gh aw commands" - ## Instructions When a user interacts with you: @@ -159,10 +147,6 @@ gh aw init # Generate the lock file for a workflow gh aw compile [workflow-name] -# Trigger a workflow on demand (preferred over gh workflow run) -gh aw run # interactive input collection -gh aw run --ref main # run on a specific branch - # Debug workflow runs gh aw logs [workflow-name] gh aw audit @@ -190,7 +174,4 @@ gh aw compile --validate - Workflows must be compiled to `.lock.yml` files before running in GitHub Actions - **Bash tools are enabled by default** - Don't restrict bash commands unnecessarily since workflows are sandboxed by the AWF - Follow security best practices: minimal permissions, explicit network access, no template injection -- **Network configuration**: Use ecosystem identifiers (`node`, `python`, `go`, etc.) or explicit FQDNs in `network.allowed`. Bare shorthands like `npm` or `pypi` are **not** valid. See https://github.com/github/gh-aw/blob/main/.github/aw/network.md for the full list of valid ecosystem identifiers and domain patterns. - **Single-file output**: When creating a workflow, produce exactly **one** workflow `.md` file. Do not create separate documentation files (architecture docs, runbooks, usage guides, etc.). If documentation is needed, add a brief `## Usage` section inside the workflow file itself. -- **Triggering runs**: Always use `gh aw run ` to trigger a workflow on demand — not `gh workflow run .lock.yml`. `gh aw run` handles workflow resolution by short name, input parsing and validation, and correct run-tracking for agentic workflows. Use `--ref ` to run on a specific branch. -- **CLI commands reference**: For a complete guide on all `gh aw` commands and their MCP tool equivalents (for restricted environments), see https://github.com/github/gh-aw/blob/main/.github/aw/cli-commands.md diff --git a/.github/instructions/agentic-workflows.instructions.md b/.github/instructions/agentic-workflows.instructions.md new file mode 100644 index 0000000..b1063f9 --- /dev/null +++ b/.github/instructions/agentic-workflows.instructions.md @@ -0,0 +1,16 @@ +--- +description: "Agentic workflow recompilation: always recompile after changing workflow files" +--- + +# Agentic Workflows + +After modifying any `.md` workflow file under `.github/workflows/`, always +recompile both agentic workflows and APM integration files before committing: + +```bash +gh aw compile +apm compile +``` + +Commit the regenerated `.lock.yml` and integration files together with your +changes. The CI `APM Self-Check` job will fail if generated files are stale. diff --git a/apm.lock.yaml b/apm.lock.yaml index 1c7666e..4629335 100644 --- a/apm.lock.yaml +++ b/apm.lock.yaml @@ -24,6 +24,7 @@ local_deployed_files: - .github/agents/python-architect.agent.md - .github/agents/supply-chain-security-expert.agent.md - .github/agents/test-coverage-expert.agent.md +- .github/instructions/agentic-workflows.instructions.md - .github/instructions/changelog.instructions.md - .github/instructions/cicd.instructions.md - .github/instructions/cli.instructions.md @@ -46,6 +47,7 @@ local_deployed_file_hashes: .github/agents/python-architect.agent.md: sha256:7587ee7c684c61046a83dfa1b7e39d1345f2f119c3395478e3ca2dbbaaaff0e9 .github/agents/supply-chain-security-expert.agent.md: sha256:8fb8cc426d6af17ba084a28b3f026c2b475b62e3ca63ed2f88b83bd823f877af .github/agents/test-coverage-expert.agent.md: sha256:bc588d89530362469502bfbea788df892a9a0b00e630cd0f3926d3dfd2c2a9e2 + .github/instructions/agentic-workflows.instructions.md: sha256:fc90017f6db18b7aa443668efcdf0ff8dc201fe5c42cbca36e600a5945e210c4 .github/instructions/changelog.instructions.md: sha256:1e51ec4c74e847967962bd279dc4c6e582c5d3578490b3c28d5f3acd3e05f73e .github/instructions/cicd.instructions.md: sha256:9c0fafc74f743aa97e5adba2168d66c9e3a327b135065e3b804bdbb5f04cda5d .github/instructions/cli.instructions.md: sha256:8e39e8d5047ce88575cb02f87c2bcede584dfef258bd86f7466c7badf136541a