fix(ci): bump github/gh-aw from 0.43.23 to 0.57.2

[dependabot]

Bumps github/gh-aw from 0.43.23 to 0.57.2.

Release notes

Sourced from github/gh-aw's releases.

v0.57.2

🌟 Release Highlights

This patch release improves agent self-awareness and polishes report readability in built-in reporting workflows.

✨ What's New

• Agent execution context detection — All engine execution steps (Copilot, Claude, Codex, Gemini) now inject three new environment variables: GITHUB_AW=true lets agents detect they're running inside a GitHub Agentic Workflow, GH_AW_PHASE identifies whether it's the main agent run or a detection (threat detection) run, and GH_AW_VERSION exposes the gh-aw compiler version. This enables agents to tag their output, adapt behavior, and integrate with observability tooling. 166 lock files have been recompiled to include these new variables. (#20382)

🐛 Bug Fixes & Improvements

• Cleaner report formatting with progressive disclosure — The daily-secrets-analysis and copilot-pr-merged-report built-in workflows now use correct header levels (no top-level #/## headings) and wrap verbose sections (e.g., Top 10 Secrets table, Merged PRs table, code generation metrics) in collapsible <details> blocks. Executive summaries and key findings remain always visible, reducing noise for readers scanning long reports. (#20376)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Normalize report formatting: fix headers and add progressive disclosure in secrets and copilot PR reports by @​Copilot in github/gh-aw#20376
• Add GITHUB_AW, GH_AW_PHASE, and GH_AW_VERSION env vars to agentic engine execution steps by @​Copilot in github/gh-aw#20382

Full Changelog: github/gh-aw@v0.57.1...v0.57.2

v0.57.1

🌟 Release Highlights

This release focuses on reliability and developer experience — fixing schema validation gaps, hardening the upgrade flow, improving failure diagnostics, and expanding cross-repo workflow capabilities.

✨ What's New

• Cross-repo workflow_call runtime imports — Workflows invoked via workflow_call from another repository now correctly check out the callee's .md files at runtime, eliminating ERR_SYSTEM: Runtime import file not found errors in cross-repo reuse scenarios. Includes a secrets: inherit support for reusable workflow call jobs. (#20301)

• Auto-upgrade on gh aw upgrade — gh aw upgrade now automatically installs the latest extension version before compiling lock files, then relaunches the new binary transparently. Lock files no longer embed a stale version string after upgrading. (#20300)

• Richer failure issue diagnostics — Agent failure issues now include a universal copy-pasteable debug prompt for any coding agent (Copilot, Claude, Gemini, etc.), plus a new top-level debug.md entry point. A new report-failure-as-issue: false frontmatter option lets you suppress failure issue creation per-workflow. Dedicated 📦 Patch Size Exceeded sections appear when max-patch-size limits are hit. (#20266, #20354)

• CLI flag consistency — Four commands gained missing flags to align with the rest of the CLI: gh aw run --json, gh aw audit --repo, gh aw new --engine, and gh aw list --dir. (#20272)

• Non-agent job concurrency defaults — Non-agent job concurrency groups now default cancel-in-progress: false, preventing accidental cancellation of setup or cleanup jobs during rapid pushes. (#20224)

🐛 Bug Fixes & Improvements

• max-patch-size schema fix — The tools.repo-memory JSON schema was missing the max-patch-size property, causing schema validation to reject valid frontmatter before compilation could process it. (#20309)

... (truncated)

Changelog

Sourced from github/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Move from githubnext/gh-aw to github/gh-aw

If you were a former user of the githubnext Agentic Workflows you might have to re-register the extension to reflect the new location. As the gh-aw project moved from githubnext to github please delete the old channel and register the new one.

Example:

gh extension list
NAME   REPO              VERSION
gh aw  githubnext/gh-aw  v0.36.0
gh extension upgrade --all
[aw]: already up to date
gh extension remove gh-aw
gh extension install github/gh-aw
✓ Installed extension github/gh-aw
gh extension list
NAME   REPO          VERSION
gh aw  github/gh-aw  v0.40.1

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

... (truncated)

Commits

• 32b3a71 Add GITHUB_AW, GH_AW_PHASE, and GH_AW_VERSION env vars to agentic engine exec...
• e011bb6 Normalize report formatting: fix headers and add progressive disclosure in se...
• 36e5751 Add dedicated error messages for max patch size failures in agent failure iss...
• 16599bb fix(daily-code-metrics): increase max-patch-size to prevent push_repo_memory ...
• aee512b docs: add self-contained and Copilot debugging prompts to authoring guides an...
• 05848a9 Improve Docker validation error messages to be actionable (#20350)
• 61a7eb1 feat: fix runtime-import in cross-repo workflow_call by detecting callee repo...
• 5ff8031 docs: update glossary - daily scan 2026-03-10 (#20328)
• 297b343 refactor(cli): apply functional/immutability improvements to pkg/cli (#20323)
• 68a7f67 Fix: max-patch-size missing from tools.repo-memory JSON schema (#20309)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.