chore: recompile agentic workflow lock files with gh-aw v0.50.6#119
chore: recompile agentic workflow lock files with gh-aw v0.50.6#119danielmeppiel merged 2 commits intomainfrom
Conversation
Upgrades from gh-aw v0.42.2 to v0.50.6 to fix runtime-import path resolution bug. The old compiler emitted paths like 'workflows/daily-test-improver.md' which the runtime prefixed with 'workflows/' again, causing 'file not found' errors. The new compiler emits '.github/workflows/daily-test-improver.md' which the runtime correctly strips the '.github/' prefix from. Fixes: https://github.com/microsoft/apm/actions/runs/22483217187
danielmeppiel
requested review from
SebastienDegodez
and removed request for
Copilot
|
Is it impossible to inherit a workflow from a source ? |
Yes but with GitHub Agentic Workflows we rather edit the |
There was a problem hiding this comment.
Pull request overview
Recompiles the repository’s agentic workflow lock files with gh aw v0.50.6 to fix runtime-import path resolution (emitting .github/... paths) and bring generated workflow scaffolding up to date.
Changes:
- Recompiled 3 agentic workflow lock files with updated gh-aw metadata, prompt generation steps, and runtime-import paths.
- Updated the agentic maintenance workflow output produced by the compiler.
- Added
.github/aw/actions-lock.jsonto pin key action SHAs used by gh-aw.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/daily-test-improver.lock.yml | Recompiled lock workflow; updates runtime-import path emission and generated steps/permissions/output wiring. |
| .github/workflows/daily-doc-updater.lock.yml | Recompiled lock workflow; updates runtime-import path emission and generated steps/permissions. |
| .github/workflows/cli-consistency-checker.lock.yml | Recompiled lock workflow; updates runtime-import path emission and generated steps/permissions. |
| .github/workflows/agentics-maintenance.yml | Regenerated maintenance workflow and adds a fork guard to skip on forks. |
| .github/aw/actions-lock.json | New gh-aw action pin lock file capturing SHAs for key actions. |
| - push_repo_memory | ||
| - safe_outputs | ||
| if: (always()) && (needs.agent.result != 'skipped') | ||
| runs-on: ubuntu-slim | ||
| permissions: | ||
| contents: read | ||
| contents: write |
There was a problem hiding this comment.
The conclusion job grants contents: write, but this job only downloads artifacts and runs GitHub API scripts (noop/missing_tool/handle_*); it doesn't check out the repo or push commits. Consider reducing this back to contents: read to follow the repo’s least-privilege convention (e.g., .github/workflows/build-release.yml:25-28).
| contents: write | |
| contents: read |
| permissions: | ||
| contents: read | ||
| discussions: write | ||
| contents: write |
There was a problem hiding this comment.
The conclusion job now has contents: write, but the steps shown don’t perform any repo writes (no checkout / git push). To adhere to least-privilege permissions used elsewhere in this repo (see .github/workflows/build-release.yml:25-28), consider switching this back to contents: read.
| contents: write | |
| contents: read |
| if: > | ||
| ((github.event_name == 'issues' || github.event_name == 'issue_comment' || github.event_name == 'pull_request' || | ||
| github.event_name == 'pull_request_review_comment' || github.event_name == 'discussion' || github.event_name == 'discussion_comment') && | ||
| ((github.event_name == 'issues') && (contains(github.event.issue.body, '/test-assist')) || (github.event_name == 'issue_comment') && | ||
| ((contains(github.event.comment.body, '/test-assist')) && (github.event.issue.pull_request == null)) || | ||
| (github.event_name == 'issue_comment') && ((contains(github.event.comment.body, '/test-assist')) && (github.event.issue.pull_request != null)) || | ||
| (github.event_name == 'pull_request_review_comment') && (contains(github.event.comment.body, '/test-assist')) || | ||
| (github.event_name == 'pull_request') && (contains(github.event.pull_request.body, '/test-assist')) || | ||
| (github.event_name == 'discussion') && (contains(github.event.discussion.body, '/test-assist')) || | ||
| (github.event_name == 'discussion_comment') && | ||
| (contains(github.event.comment.body, '/test-assist')))) || (!(github.event_name == 'issues' || github.event_name == 'issue_comment' || | ||
| ((github.event_name == 'issues') && ((startsWith(github.event.issue.body, '/test-assist ')) || (github.event.issue.body == '/test-assist')) || | ||
| (github.event_name == 'issue_comment') && (((startsWith(github.event.comment.body, '/test-assist ')) || |
There was a problem hiding this comment.
This changes the slash-command detection from contains(..., '/test-assist') to requiring the body/comment to start with /test-assist (or equal it). That’s a behavioral change (e.g., /test-assist elsewhere in the text will no longer trigger) and isn’t called out in the PR description. If backward compatibility is desired, consider matching /test-assist at the start of any line or reverting to contains.
| body: ${{ steps.sanitized.outputs.body }} | ||
| comment_id: "" | ||
| comment_repo: "" | ||
| secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} | ||
| slash_command: ${{ needs.pre_activation.outputs.matched_command }} | ||
| text: ${{ steps.sanitized.outputs.text }} | ||
| title: ${{ steps.sanitized.outputs.title }} |
There was a problem hiding this comment.
activation.outputs now exposes body, text, and title, but they don't appear to be consumed anywhere else in this workflow (only secret_verification_result/slash_command are referenced). If they’re not needed, consider removing these outputs to reduce noise and avoid implying they’re part of the workflow contract.
| body: ${{ steps.sanitized.outputs.body }} | |
| comment_id: "" | |
| comment_repo: "" | |
| secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} | |
| slash_command: ${{ needs.pre_activation.outputs.matched_command }} | |
| text: ${{ steps.sanitized.outputs.text }} | |
| title: ${{ steps.sanitized.outputs.title }} | |
| comment_id: "" | |
| comment_repo: "" | |
| secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} | |
| slash_command: ${{ needs.pre_activation.outputs.matched_command }} |
- Bump version to 0.7.4 - Rewrite Unreleased changelog as v0.7.4 with clean style (no bold labels), consolidated CI/governance entries, Added → Fixed → Changed ordering - Add missing PRs: #97 (hooks), #118 (governance), #119 (gh-aw upgrade), #130 (multi-host) - README: fix APM Packages section — accurate installable types, doc links, fix anthropics/courses → anthropics/skills, remove Add yours row, note hooks in apm.yml example comment
Summary
Recompiles all agentic workflow lock files using
gh awv0.50.6 (previously compiled with v0.42.2).Problem
The lock files generated by v0.42.2 had a runtime-import path resolution bug:
{{#runtime-import workflows/daily-test-improver.md}}.github/prefix, so it prependedworkflows/again.github/workflows/workflows/daily-test-improver.md→ file not foundFailing run: https://github.com/microsoft/apm/actions/runs/22483217187
Fix
v0.50.6 compiler now emits:
{{#runtime-import .github/workflows/daily-test-improver.md}}The runtime correctly strips the
.github/prefix and resolves to.github/workflows/daily-test-improver.md.Changes
daily-test-improver,daily-doc-updater,cli-consistency-checker).github/aw/actions-lock.json(new action pin lock file introduced in newer gh-aw versions)