Fix gh-aw shell-injection warnings and update generated locks#8458
Conversation
Source workflow changes (3 files):
- .github/workflows/build-failure-analysis.md
- .github/workflows/build-failure-analysis-command.md
- .github/workflows/issue-arborist.md
Each moves ${{ ... }} expressions out of run: scripts into step-level
env: blocks to satisfy gh aw compile --strict shell-injection warnings
(e.g. steps.find-binlog.outputs.path, github.repository, inputs.pr-number,
github.event.issue.number, steps.build.outcome, github.workspace).
All other .lock.yml files and .github/aw/actions-lock.json /
agentics-maintenance.yml are regenerated outputs from running
gh aw compile after the gh-aw runtime bumped (gh-aw-actions/setup
v0.72.1 -> v0.74.8, new firewall image SHAs). They contain no
behavioral source changes.
The only remaining gh aw compile --strict warning is the informational
suggestion to set on.slash_command.strategy: centralized on 6 workflows;
this is intentionally deferred to a follow-up PR.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates agentic workflow sources and regenerates gh-aw lock artifacts to eliminate gh aw compile --strict shell-injection warnings and to align all generated workflows/locks with gh-aw v0.74.8.
Changes:
- Move
${{ ... }}GitHub expressions out ofrun:scripts into step-levelenv:in the 3 affected agentic workflow sources. - Regenerate
.lock.ymlworkflows and update.github/aw/actions-lock.jsonto reflect gh-aw v0.74.8 and updated pinned action/container SHAs. - Refresh generated
agentics-maintenance.ymlcontent (including the newly generatedforecastmaintenance operation).
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/build-failure-analysis.md | Moves step outputs/context expressions from run: into env: for strict-mode shell-injection compliance. |
| .github/workflows/build-failure-analysis-command.md | Same strict-mode fix as above for the slash-command variant workflow. |
| .github/workflows/issue-arborist.md | Moves github.repository expression out of the curl run: script into step env:. |
| .github/workflows/repo-historian.lock.yml | Regenerated lock workflow with updated gh-aw version, pinned actions/containers, and updated generated harness snippets. |
| .github/workflows/issue-arborist.lock.yml | Regenerated lock workflow with updated gh-aw version, pinned actions/containers, and generated env-expression handling. |
| .github/workflows/msbuild-quality-review.lock.yml | Regenerated lock workflow for gh-aw v0.74.8; includes updated pinned dependencies and regenerated job steps. |
| .github/workflows/daily-malicious-code-scan.lock.yml | Regenerated lock workflow for gh-aw v0.74.8; updates pinned actions/containers (incl. CodeQL upload-sarif). |
| .github/workflows/agentics-maintenance.yml | Regenerated maintenance workflow for gh-aw v0.74.8; includes the new generated forecast operation path. |
| .github/aw/actions-lock.json | Updates pinned action/container entries to match regenerated workflows (gh-aw-actions/setup v0.74.8, updated SHAs/images). |
Copilot's findings
- Files reviewed: 19/26 changed files
- Comments generated: 0
Evangelink
left a comment
Evangelink
left a comment
There was a problem hiding this comment.
✅ 21/21 dimensions clean — no findings.
This PR is a textbook-correct security fix for shell injection vulnerabilities in GitHub Actions workflows. The changes follow the industry-standard pattern of moving GitHub Actions expressions (${{ ... }}) from run: script blocks into step-level env: blocks, preventing potential injection attacks through repository names or issue numbers.
What was fixed:
- 3 workflow source files (
.md) now use environment variables instead of inline expressions - 23 generated lock files updated after gh-aw runtime bump (v0.72.1 → v0.74.8)
Security impact: The vulnerable pattern allowed expressions like ${{ github.repository }} to be interpolated directly into shell commands. If an attacker could control the repository name (e.g., via a fork or malicious issue), they could potentially inject shell metacharacters. The new pattern evaluates expressions in the GitHub Actions runtime before the shell sees them, eliminating this attack vector.
Code quality: The transformation is applied consistently across all three affected workflows with proper variable naming (GH_AW_* prefix) and complete coverage of all vulnerable expressions.
The generated lock file changes are mechanical and correct — they reflect the runtime version bump and updated firewall image SHAs.
Post-merge note: This PR is already merged. This review confirms the changes are correct and complete.
Generated by Expert Code Review (on open) for issue #8458 · ● 3.8M
What
Fix
gh aw compile --strictshell-injection warnings on 3 agentic workflows and update generated lock files.Source workflow changes (3 files)
.github/workflows/build-failure-analysis.md.github/workflows/build-failure-analysis-command.md.github/workflows/issue-arborist.mdEach one moves
${{ ... }}expressions out ofrun:scripts into step-levelenv:blocks, satisfying the strict-mode shell-injection check. The expressions covered are:steps.find-binlog.outputs.path,github.repository,inputs.pr-number,github.event.issue.number,steps.build.outcome,github.workspace, and the resolved PR head SHA fallback chain.Generated changes (regenerated outputs)
.github/aw/actions-lock.json— gh-aw-actions/setup v0.72.1 → v0.74.8; new firewall image SHAs (0.25.41, 0.25.46, 0.25.49).github/workflows/agentics-maintenance.ymland ~18 other.lock.ymlfiles — pure regeneration fromgh aw compileafter the runtime version bump; no source.mdedits..github/workflows/msbuild-quality-review.lock.yml— also regenerated; supersedes the partial regen from Regenerate stale msbuild-quality-review.lock.yml #8455 (now consistently at v0.74.8).Remaining
gh aw compile --strictoutputOnly one informational warning is left and is intentionally deferred to a follow-up PR:
How to verify
should emit
0 error(s)and only the slash-command centralization suggestion above.