From ff6912b014c5d0c0bf54cd353c3121f28b7f7ed9 Mon Sep 17 00:00:00 2001 From: Timothee Guerin Date: Fri, 27 Mar 2026 11:46:18 -0400 Subject: [PATCH 1/6] Add action lint ci --- .github/matchers/actionlint.json | 17 +++++++++++++++ .github/workflows/github-test.yml | 35 +++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 .github/matchers/actionlint.json create mode 100644 .github/workflows/github-test.yml diff --git a/.github/matchers/actionlint.json b/.github/matchers/actionlint.json new file mode 100644 index 0000000000..4613e1617b --- /dev/null +++ b/.github/matchers/actionlint.json @@ -0,0 +1,17 @@ +{ + "problemMatcher": [ + { + "owner": "actionlint", + "pattern": [ + { + "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", + "file": 1, + "line": 2, + "column": 3, + "message": 4, + "code": 5 + } + ] + } + ] +} diff --git a/.github/workflows/github-test.yml b/.github/workflows/github-test.yml new file mode 100644 index 0000000000..94b83cdf0a --- /dev/null +++ b/.github/workflows/github-test.yml @@ -0,0 +1,35 @@ +name: GitHub Actions - Test + +on: + push: + branches: + - main + paths: + - .github/** + pull_request: + paths: + - .github/** + workflow_dispatch: + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-24.04 + + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + sparse-checkout: | + .github + + # Content copied from https://raw.githubusercontent.com/rhysd/actionlint/2ab3a12c7848f6c15faca9a92612ef4261d0e370/.github/actionlint-matcher.json + - name: Add ActionLint Problem Matcher + run: echo "::add-matcher::.github/matchers/actionlint.json" + + - name: Lint workflows + uses: docker://rhysd/actionlint:1.7.11 + with: + args: -color -verbose From 7b1300f2d33868a73b44ad5c4f5c459550f06b98 Mon Sep 17 00:00:00 2001 From: Timothee Guerin Date: Fri, 27 Mar 2026 12:30:07 -0400 Subject: [PATCH 2/6] fix spellcheck --- .github/workflows/github-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/github-test.yml b/.github/workflows/github-test.yml index 94b83cdf0a..ac920b3ed8 100644 --- a/.github/workflows/github-test.yml +++ b/.github/workflows/github-test.yml @@ -24,7 +24,7 @@ jobs: with: sparse-checkout: | .github - + # cspell:ignore rhysd # Content copied from https://raw.githubusercontent.com/rhysd/actionlint/2ab3a12c7848f6c15faca9a92612ef4261d0e370/.github/actionlint-matcher.json - name: Add ActionLint Problem Matcher run: echo "::add-matcher::.github/matchers/actionlint.json" From f1e6c4e5b67d7bb32e81ebece115d0b397785b59 Mon Sep 17 00:00:00 2001 From: Timothee Guerin Date: Fri, 27 Mar 2026 14:43:42 -0400 Subject: [PATCH 3/6] fix --- .github/workflows/consistency.yml | 10 +++++++++ .github/workflows/github-test.yml | 35 ------------------------------- 2 files changed, 10 insertions(+), 35 deletions(-) delete mode 100644 .github/workflows/github-test.yml diff --git a/.github/workflows/consistency.yml b/.github/workflows/consistency.yml index c7115276e6..9d82b1501a 100644 --- a/.github/workflows/consistency.yml +++ b/.github/workflows/consistency.yml @@ -101,6 +101,16 @@ jobs: - run: pnpm run lint name: Lint + # cspell:ignore rhysd + # Content copied from https://raw.githubusercontent.com/rhysd/actionlint/2ab3a12c7848f6c15faca9a92612ef4261d0e370/.github/actionlint-matcher.json + - name: Add ActionLint Problem Matcher + run: echo "::add-matcher::.github/matchers/actionlint.json" + + - name: Lint GitHub Actions workflows + uses: docker://rhysd/actionlint:1.7.11 + with: + args: -color -verbose + # Check catalog is in sync with core version-consistency: name: Versions consistency diff --git a/.github/workflows/github-test.yml b/.github/workflows/github-test.yml deleted file mode 100644 index ac920b3ed8..0000000000 --- a/.github/workflows/github-test.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: GitHub Actions - Test - -on: - push: - branches: - - main - paths: - - .github/** - pull_request: - paths: - - .github/** - workflow_dispatch: - -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-24.04 - - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - sparse-checkout: | - .github - # cspell:ignore rhysd - # Content copied from https://raw.githubusercontent.com/rhysd/actionlint/2ab3a12c7848f6c15faca9a92612ef4261d0e370/.github/actionlint-matcher.json - - name: Add ActionLint Problem Matcher - run: echo "::add-matcher::.github/matchers/actionlint.json" - - - name: Lint workflows - uses: docker://rhysd/actionlint:1.7.11 - with: - args: -color -verbose From b4bc1e6d57f2eebbf26851b590e37073e3847ac0 Mon Sep 17 00:00:00 2001 From: tadelesh Date: Mon, 30 Mar 2026 16:46:07 +0800 Subject: [PATCH 4/6] update --- .github/workflows/doc-update.lock.yml | 42 +++++++++++++-------------- .github/workflows/doc-update.md | 4 +-- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/doc-update.lock.yml b/.github/workflows/doc-update.lock.yml index 5f36041ccd..46cfc7267c 100644 --- a/.github/workflows/doc-update.lock.yml +++ b/.github/workflows/doc-update.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ac41b00cbc5d57f5e9639553ddc6dceba3c07a11722ab3d0e7fb48a9f8926cab","compiler_version":"v0.64.3","strict":true,"agent_id":"copilot","agent_model":"claude-opus-4.6"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"09e2e0f0507b44e62b295636f061cb112e11b3050ba0d1d76571cf63bce286a0","compiler_version":"v0.64.3","strict":true,"agent_id":"copilot","agent_model":"claude-opus-4.6"} name: "Documentation Update Agent" "on": @@ -131,19 +131,19 @@ jobs: run: | bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh { - cat << 'GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF' + cat << 'GH_AW_PROMPT_fa8cccfa6d45648f_EOF' - GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF + GH_AW_PROMPT_fa8cccfa6d45648f_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF' + cat << 'GH_AW_PROMPT_fa8cccfa6d45648f_EOF' Tools: create_pull_request, missing_tool, missing_data, noop - GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF + GH_AW_PROMPT_fa8cccfa6d45648f_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md" - cat << 'GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF' + cat << 'GH_AW_PROMPT_fa8cccfa6d45648f_EOF' The following GitHub context information is available for this workflow: @@ -176,14 +176,14 @@ jobs: - **Note**: If a branch you need is not in the list above and is not listed as an additional fetched ref, it has NOT been checked out. For private repositories you cannot fetch it without proper authentication. If the branch is required and not available, exit with an error and ask the user to add it to the `fetch:` option of the `checkout:` configuration (e.g., `fetch: ["refs/pulls/open/*"]` for all open PR refs, or `fetch: ["main", "feature/my-branch"]` for specific branches). - GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF + GH_AW_PROMPT_fa8cccfa6d45648f_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF' + cat << 'GH_AW_PROMPT_fa8cccfa6d45648f_EOF' - GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF - cat << 'GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF' + GH_AW_PROMPT_fa8cccfa6d45648f_EOF + cat << 'GH_AW_PROMPT_fa8cccfa6d45648f_EOF' {{#runtime-import .github/workflows/doc-update.md}} - GH_AW_PROMPT_38e7c7e95ecd3ce7_EOF + GH_AW_PROMPT_fa8cccfa6d45648f_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -323,7 +323,7 @@ jobs: wget -q "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" tar -xzf "apache-maven-${MAVEN_VERSION}-bin.tar.gz" -C "$HOME" rm -f "apache-maven-${MAVEN_VERSION}-bin.tar.gz" - echo "$HOME/apache-maven-${MAVEN_VERSION}/bin" >> $GITHUB_PATH + echo "$HOME/apache-maven-${MAVEN_VERSION}/bin" >> "$GITHUB_PATH" - name: Install repo dependencies run: pnpm install - name: Install doc-updater dependencies @@ -334,7 +334,7 @@ jobs: FULL_REBUILD_INPUT: ${{ github.event.inputs.full_rebuild }} GH_TOKEN: ${{ github.token }} name: Pre-compute context - run: "REBUILD_FLAG=\"\"\nif [ \"$FULL_REBUILD_INPUT\" = \"true\" ]; then\n REBUILD_FLAG=\"--full-rebuild\"\nfi\n\nnpx tsx eng/scripts/doc-updater/src/precompute.ts \\\n --config \"$CONFIG_INPUT\" \\\n --output /tmp/gh-aw/agent/context.json \\\n $REBUILD_FLAG\n" + run: "REBUILD_FLAG=\"\"\nif [ \"$FULL_REBUILD_INPUT\" = \"true\" ]; then\n REBUILD_FLAG=\"--full-rebuild\"\nfi\n\nnpx tsx eng/scripts/doc-updater/src/precompute.ts \\\n --config \"$CONFIG_INPUT\" \\\n --output /tmp/gh-aw/agent/context.json \\\n ${REBUILD_FLAG:+\"$REBUILD_FLAG\"}\n" - name: Configure Git credentials env: @@ -383,12 +383,12 @@ jobs: mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_2e568c1b40554edb_EOF' + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_fd7b188f17a1f5e1_EOF' {"create_pull_request":{"labels":["documentation","automated"],"max":1,"max_patch_size":1024,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS"],"protected_path_prefixes":[".github/",".agents/"],"title_prefix":"[Automated][${{ github.event.inputs.config }}] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"}} - GH_AW_SAFE_OUTPUTS_CONFIG_2e568c1b40554edb_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_fd7b188f17a1f5e1_EOF - name: Write Safe Outputs Tools run: | - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_670d36fb23e2506f_EOF' + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_af2c70bfe6601dbf_EOF' { "description_suffixes": { "create_pull_request": " CONSTRAINTS: Maximum 1 pull request(s) can be created. Title will be prefixed with \"[Automated][${{ github.event.inputs.config }}] \". Labels [\"documentation\" \"automated\"] will be automatically added." @@ -396,8 +396,8 @@ jobs: "repo_params": {}, "dynamic_tools": [] } - GH_AW_SAFE_OUTPUTS_TOOLS_META_670d36fb23e2506f_EOF - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_057fb5c921487e2c_EOF' + GH_AW_SAFE_OUTPUTS_TOOLS_META_af2c70bfe6601dbf_EOF + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_00eaf8a802aa6473_EOF' { "create_pull_request": { "defaultMax": 1, @@ -493,7 +493,7 @@ jobs: } } } - GH_AW_SAFE_OUTPUTS_VALIDATION_057fb5c921487e2c_EOF + GH_AW_SAFE_OUTPUTS_VALIDATION_00eaf8a802aa6473_EOF node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs - name: Generate Safe Outputs MCP Server Config id: safe-outputs-config @@ -561,7 +561,7 @@ jobs: export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.8' mkdir -p /home/runner/.copilot - cat << GH_AW_MCP_CONFIG_53f4a323993aab0c_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh + cat << GH_AW_MCP_CONFIG_8c5919f85ccc7f21_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh { "mcpServers": { "github": { @@ -602,7 +602,7 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_53f4a323993aab0c_EOF + GH_AW_MCP_CONFIG_8c5919f85ccc7f21_EOF - name: Download activation artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: diff --git a/.github/workflows/doc-update.md b/.github/workflows/doc-update.md index a556db4ef1..92f0e22ac7 100644 --- a/.github/workflows/doc-update.md +++ b/.github/workflows/doc-update.md @@ -46,7 +46,7 @@ steps: wget -q "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" tar -xzf "apache-maven-${MAVEN_VERSION}-bin.tar.gz" -C "$HOME" rm -f "apache-maven-${MAVEN_VERSION}-bin.tar.gz" - echo "$HOME/apache-maven-${MAVEN_VERSION}/bin" >> $GITHUB_PATH + echo "$HOME/apache-maven-${MAVEN_VERSION}/bin" >> "$GITHUB_PATH" - name: Install repo dependencies run: pnpm install @@ -69,7 +69,7 @@ steps: npx tsx eng/scripts/doc-updater/src/precompute.ts \ --config "$CONFIG_INPUT" \ --output /tmp/gh-aw/agent/context.json \ - $REBUILD_FLAG + ${REBUILD_FLAG:+"$REBUILD_FLAG"} tools: edit: From 3a5b26be4709c244c347d43e42b91750e39c3bd4 Mon Sep 17 00:00:00 2001 From: Timothee Guerin Date: Mon, 30 Mar 2026 08:25:27 -0400 Subject: [PATCH 5/6] ignore lock files --- .github/actionlint.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .github/actionlint.yml diff --git a/.github/actionlint.yml b/.github/actionlint.yml new file mode 100644 index 0000000000..eecb88a033 --- /dev/null +++ b/.github/actionlint.yml @@ -0,0 +1,4 @@ +paths: + .github/workflows/*.lock.yml: + ignore: + - ".+" From 6332714c13fb6bcc1ff330793969dda63f55ce86 Mon Sep 17 00:00:00 2001 From: Timothee Guerin Date: Mon, 30 Mar 2026 15:02:09 -0400 Subject: [PATCH 6/6] fix --- .github/workflows/merge-release-in-main.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/merge-release-in-main.yml b/.github/workflows/merge-release-in-main.yml index 3fc26ceb13..ed379d8ef1 100644 --- a/.github/workflows/merge-release-in-main.yml +++ b/.github/workflows/merge-release-in-main.yml @@ -25,10 +25,13 @@ jobs: - name: Generate branch name id: branchname + env: + REF_NAME: ${{ github.ref_name }} run: | - echo "::set-output name=branchname::backmerge/${{ github.ref_name }}-$(date +'%Y-%m-%d')" + echo "branchname=backmerge/${REF_NAME}-$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT" - name: Create branch + env: + BRANCH: ${{ steps.branchname.outputs.branchname }} run: | - branch="${{ steps.branchname.outputs.branchname }}" - git checkout -b $branch - git push --set-upstream origin $branch --force + git checkout -b "$BRANCH" + git push --set-upstream origin "$BRANCH"