diff --git a/.github/agents/create-agentic-workflow.agent.md b/.github/agents/create-agentic-workflow.agent.md index f911b277..c69b392e 100644 --- a/.github/agents/create-agentic-workflow.agent.md +++ b/.github/agents/create-agentic-workflow.agent.md @@ -59,7 +59,7 @@ You love to use emojis to make the conversation more engaging. - Always consult the **instructions file** for schema and features: - Local copy: @.github/aw/github-agentic-workflows.md - - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md + - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md - Key commands: - `gh aw compile` → compile all workflows - `gh aw compile ` → compile one workflow diff --git a/.github/agents/debug-agentic-workflow.agent.md b/.github/agents/debug-agentic-workflow.agent.md index 4c3bd09c..fb291ac7 100644 --- a/.github/agents/debug-agentic-workflow.agent.md +++ b/.github/agents/debug-agentic-workflow.agent.md @@ -18,7 +18,7 @@ The tools output is not visible to the user unless you explicitly print it. Alwa **Example: Debugging from a workflow run URL** -User: "Investigate the reason there is a missing tool call in this run: https://github.com/githubnext/gh-aw/actions/runs/20135841934" +User: "Investigate the reason there is a missing tool call in this run: https://github.com/github/gh-aw/actions/runs/20135841934" Your response: ``` @@ -51,7 +51,7 @@ Report back with specific findings and actionable fixes. - The `gh aw` CLI is already installed in this environment. - Always consult the **instructions file** for schema and features: - Local copy: @.github/aw/github-agentic-workflows.md - - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md + - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md **Key Commands Available** @@ -135,7 +135,7 @@ These tools provide the same functionality without requiring GitHub CLI authenti ## Debug Flow: Workflow Run URL Analysis -When the user provides a workflow run URL (e.g., `https://github.com/githubnext/gh-aw/actions/runs/20135841934`): +When the user provides a workflow run URL (e.g., `https://github.com/github/gh-aw/actions/runs/20135841934`): 1. **Extract Run ID** @@ -338,7 +338,7 @@ Use these tactics when a run is still executing or finishes without artifacts: - **Polling in-progress runs**: If `gh aw audit --json` returns `"status": "in_progress"`, wait ~45s and re-run the command or monitor the run URL directly. Avoid spamming the API—loop with `sleep` intervals. - **Check run annotations**: `gh run view ` reveals whether a maintainer cancelled the run. If a manual cancellation is noted, expect missing safe-output artifacts and recommend re-running instead of searching for nonexistent files. - **Inspect specific job logs**: Use `gh run view --job --log` (job IDs are listed in `gh run view `) to see the exact failure step. -- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=githubnext/gh-aw gh run download -n agent-stdio.log`. +- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=github/gh-aw gh run download -n agent-stdio.log`. - **Review cached run summaries**: `gh aw audit` stores artifacts under `logs/run-/`. Inspect `run_summary.json` or `agent-stdio.log` there for offline analysis before re-running workflows. ## Common Issues to Look For diff --git a/.github/agents/technical-writer.md b/.github/agents/technical-writer.md index 579b0971..f33b389c 100644 --- a/.github/agents/technical-writer.md +++ b/.github/agents/technical-writer.md @@ -184,7 +184,7 @@ Before installing, ensure you have: Download the latest release binary: \`\`\`bash -curl -L https://github.com/githubnext/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf +curl -L https://github.com/github/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf chmod +x awf sudo mv awf /usr/local/bin/ \`\`\` diff --git a/.github/agents/upgrade-agentic-workflows.md b/.github/agents/upgrade-agentic-workflows.md index 83cee26e..b43750de 100644 --- a/.github/agents/upgrade-agentic-workflows.md +++ b/.github/agents/upgrade-agentic-workflows.md @@ -15,7 +15,7 @@ Read the ENTIRE content of this file carefully before proceeding. Follow the ins - The `gh aw` CLI may be available in this environment. - Always consult the **instructions file** for schema and features: - Local copy: @.github/aw/github-agentic-workflows.md - - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md + - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md **Key Commands Available** @@ -40,7 +40,7 @@ These tools provide the same functionality through the MCP server without requir Before upgrading, always review what's new: 1. **Fetch Latest Release Information** - - Use GitHub tools to fetch the CHANGELOG.md from the `githubnext/gh-aw` repository + - Use GitHub tools to fetch the CHANGELOG.md from the `github/gh-aw` repository - Review and understand: - Breaking changes - New features diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 9208aca3..59669e2a 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -35,13 +35,13 @@ "version": "v3", "sha": "8d2750c68a42422c14e847fe6c8ac0403b4cbd6f" }, - "githubnext/gh-aw/actions/setup@v0.37.3": { - "repo": "githubnext/gh-aw/actions/setup", + "github/gh-aw/actions/setup@v0.37.3": { + "repo": "github/gh-aw/actions/setup", "version": "v0.37.3", "sha": "55503f44aef44813947980f65655a67b5ed8702f" }, - "githubnext/gh-aw/actions/setup@v0.38.1": { - "repo": "githubnext/gh-aw/actions/setup", + "github/gh-aw/actions/setup@v0.38.1": { + "repo": "github/gh-aw/actions/setup", "version": "v0.38.1", "sha": "98493c96da3fb6a59dc232e32a7b990a4c4e8969" }, diff --git a/.github/aw/create-agentic-workflow.md b/.github/aw/create-agentic-workflow.md index 46f8e295..4ba6ae0a 100644 --- a/.github/aw/create-agentic-workflow.md +++ b/.github/aw/create-agentic-workflow.md @@ -57,7 +57,7 @@ You love to use emojis to make the conversation more engaging. - Always consult the **instructions file** for schema and features: - Local copy: @.github/aw/github-agentic-workflows.md - - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md + - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md - Key commands: - `gh aw compile` → compile all workflows - `gh aw compile ` → compile one workflow @@ -67,7 +67,7 @@ You love to use emojis to make the conversation more engaging. ## Learning from Reference Materials Before creating workflows, read the Peli's Agent Factory documentation: -- Fetch: https://githubnext.github.io/gh-aw/llms-create-agentic-workflows.txt +- Fetch: https://github.github.io/gh-aw/llms-create-agentic-workflows.txt This llms.txt file contains workflow patterns, best practices, safe outputs, and permissions models. diff --git a/.github/aw/create-shared-agentic-workflow.md b/.github/aw/create-shared-agentic-workflow.md index 76e06757..79c25ac6 100644 --- a/.github/aw/create-shared-agentic-workflow.md +++ b/.github/aw/create-shared-agentic-workflow.md @@ -93,7 +93,7 @@ mcp-servers: \`\`\`yaml mcp-servers: serena: - container: "ghcr.io/githubnext/serena-mcp-server" + container: "ghcr.io/github/serena-mcp-server" version: "latest" args: # args come before the docker image argument - "-v" diff --git a/.github/aw/debug-agentic-workflow.md b/.github/aw/debug-agentic-workflow.md index a4f9d2c1..5d9200d4 100644 --- a/.github/aw/debug-agentic-workflow.md +++ b/.github/aw/debug-agentic-workflow.md @@ -18,7 +18,7 @@ The tools output is not visible to the user unless you explicitly print it. Alwa **Example: Debugging from a workflow run URL** -User: "Investigate the reason there is a missing tool call in this run: https://github.com/githubnext/gh-aw/actions/runs/20135841934" +User: "Investigate the reason there is a missing tool call in this run: https://github.com/github/gh-aw/actions/runs/20135841934" Your response: ``` @@ -51,7 +51,7 @@ Report back with specific findings and actionable fixes. - The `gh aw` CLI is already installed in this environment. - Always consult the **instructions file** for schema and features: - Local copy: @.github/aw/github-agentic-workflows.md - - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md + - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md **Key Commands Available** @@ -136,7 +136,7 @@ Report back with specific findings and actionable fixes. ## Debug Flow: Workflow Run URL Analysis -When the user provides a workflow run URL (e.g., `https://github.com/githubnext/gh-aw/actions/runs/20135841934`): +When the user provides a workflow run URL (e.g., `https://github.com/github/gh-aw/actions/runs/20135841934`): 1. **Extract Run ID** @@ -339,7 +339,7 @@ Use these tactics when a run is still executing or finishes without artifacts: - **Polling in-progress runs**: If `gh aw audit --json` returns `"status": "in_progress"`, wait ~45s and re-run the command or monitor the run URL directly. Avoid spamming the API—loop with `sleep` intervals. - **Check run annotations**: `gh run view ` reveals whether a maintainer cancelled the run. If a manual cancellation is noted, expect missing safe-output artifacts and recommend re-running instead of searching for nonexistent files. - **Inspect specific job logs**: Use `gh run view --job --log` (job IDs are listed in `gh run view `) to see the exact failure step. -- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=githubnext/gh-aw gh run download -n agent-stdio.log`. +- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=github/gh-aw gh run download -n agent-stdio.log`. - **Review cached run summaries**: `gh aw audit` stores artifacts under `logs/run-/`. Inspect `run_summary.json` or `agent-stdio.log` there for offline analysis before re-running workflows. ## Common Issues to Look For diff --git a/.github/aw/github-agentic-workflows.md b/.github/aw/github-agentic-workflows.md index 92507160..a724388a 100644 --- a/.github/aw/github-agentic-workflows.md +++ b/.github/aw/github-agentic-workflows.md @@ -266,7 +266,7 @@ The YAML frontmatter supports these fields: sandbox: agent: awf # or "srt", or false to disable mcp: # MCP Gateway configuration (requires mcp-gateway feature flag) - container: ghcr.io/githubnext/mcp-gateway + container: ghcr.io/github/mcp-gateway port: 8080 api-key: ${{ secrets.MCP_GATEWAY_API_KEY }} ``` @@ -1629,13 +1629,13 @@ Use `gh aw compile --verbose` to see detailed validation messages, or `gh aw com ### Installation ```bash -gh extension install githubnext/gh-aw +gh extension install github/gh-aw ``` If there are authentication issues, use the standalone installer: ```bash -curl -O https://raw.githubusercontent.com/githubnext/gh-aw/main/install-gh-aw.sh +curl -O https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh chmod +x install-gh-aw.sh ./install-gh-aw.sh ``` @@ -1664,4 +1664,4 @@ gh aw logs ### Documentation -For complete CLI documentation, see: https://githubnext.github.io/gh-aw/setup/cli/ \ No newline at end of file +For complete CLI documentation, see: https://github.github.io/gh-aw/setup/cli/ \ No newline at end of file diff --git a/.github/aw/schemas/agentic-workflow.json b/.github/aw/schemas/agentic-workflow.json index 83d6cd60..6409b7c7 100644 --- a/.github/aw/schemas/agentic-workflow.json +++ b/.github/aw/schemas/agentic-workflow.json @@ -1,6 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://github.com/githubnext/gh-aw/schemas/main_workflow_schema.json", + "$id": "https://github.com/github/gh-aw/schemas/main_workflow_schema.json", "title": "GitHub Agentic Workflow Schema", "description": "JSON Schema for validating agentic workflow frontmatter configuration", "version": "1.0.0", @@ -1806,7 +1806,7 @@ ] }, "env": { - "$comment": "See environment variable precedence documentation: https://githubnext.github.io/gh-aw/reference/environment-variables/", + "$comment": "See environment variable precedence documentation: https://github.github.io/gh-aw/reference/environment-variables/", "description": "Environment variables for the workflow", "oneOf": [ { @@ -2342,14 +2342,14 @@ }, { "mcp": { - "container": "ghcr.io/githubnext/mcp-gateway", + "container": "ghcr.io/github/mcp-gateway", "port": 8080 } }, { "agent": "awf", "mcp": { - "container": "ghcr.io/githubnext/mcp-gateway", + "container": "ghcr.io/github/mcp-gateway", "port": 8080, "api-key": "${{ secrets.MCP_GATEWAY_API_KEY }}" } @@ -5363,7 +5363,7 @@ "type": "boolean", "default": true, "$comment": "Strict mode enforces several security constraints that are validated in Go code (pkg/workflow/strict_mode_validation.go) rather than JSON Schema: (1) Write Permissions + Safe Outputs: When strict=true AND permissions contains write values (contents:write, issues:write, pull-requests:write), safe-outputs must be configured. This relationship is too complex for JSON Schema as it requires checking if ANY permission property has a 'write' value. (2) Network Requirements: When strict=true, the 'network' field must be present and cannot contain standalone wildcard '*' (but patterns like '*.example.com' ARE allowed). (3) MCP Container Network: Custom MCP servers with containers require explicit network configuration. (4) Action Pinning: Actions must be pinned to commit SHAs. These are enforced during compilation via validateStrictMode().", - "description": "Enable strict mode validation for enhanced security and compliance. Strict mode enforces: (1) Write Permissions - refuses contents:write, issues:write, pull-requests:write; requires safe-outputs instead, (2) Network Configuration - requires explicit network configuration with no standalone wildcard '*' in allowed domains (patterns like '*.example.com' are allowed), (3) Action Pinning - enforces actions pinned to commit SHAs instead of tags/branches, (4) MCP Network - requires network configuration for custom MCP servers with containers, (5) Deprecated Fields - refuses deprecated frontmatter fields. Can be enabled per-workflow via 'strict: true' in frontmatter, or disabled via 'strict: false'. CLI flag takes precedence over frontmatter (gh aw compile --strict enforces strict mode). Defaults to true. See: https://githubnext.github.io/gh-aw/reference/frontmatter/#strict-mode-strict", + "description": "Enable strict mode validation for enhanced security and compliance. Strict mode enforces: (1) Write Permissions - refuses contents:write, issues:write, pull-requests:write; requires safe-outputs instead, (2) Network Configuration - requires explicit network configuration with no standalone wildcard '*' in allowed domains (patterns like '*.example.com' are allowed), (3) Action Pinning - enforces actions pinned to commit SHAs instead of tags/branches, (4) MCP Network - requires network configuration for custom MCP servers with containers, (5) Deprecated Fields - refuses deprecated frontmatter fields. Can be enabled per-workflow via 'strict: true' in frontmatter, or disabled via 'strict: false'. CLI flag takes precedence over frontmatter (gh aw compile --strict enforces strict mode). Defaults to true. See: https://github.github.io/gh-aw/reference/frontmatter/#strict-mode-strict", "examples": [true, false] }, "safe-inputs": { diff --git a/.github/aw/update-agentic-workflow.md b/.github/aw/update-agentic-workflow.md index beeef734..81a28a55 100644 --- a/.github/aw/update-agentic-workflow.md +++ b/.github/aw/update-agentic-workflow.md @@ -24,7 +24,7 @@ You format your questions and responses similarly to the GitHub Copilot CLI chat - Always consult the **instructions file** for schema and features: - Local copy: @.github/aw/github-agentic-workflows.md - - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md + - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md - Key commands: - `gh aw compile` → compile all workflows - `gh aw compile ` → compile one workflow diff --git a/.github/aw/upgrade-agentic-workflows.md b/.github/aw/upgrade-agentic-workflows.md index 83cee26e..b43750de 100644 --- a/.github/aw/upgrade-agentic-workflows.md +++ b/.github/aw/upgrade-agentic-workflows.md @@ -15,7 +15,7 @@ Read the ENTIRE content of this file carefully before proceeding. Follow the ins - The `gh aw` CLI may be available in this environment. - Always consult the **instructions file** for schema and features: - Local copy: @.github/aw/github-agentic-workflows.md - - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md + - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md **Key Commands Available** @@ -40,7 +40,7 @@ These tools provide the same functionality through the MCP server without requir Before upgrading, always review what's new: 1. **Fetch Latest Release Information** - - Use GitHub tools to fetch the CHANGELOG.md from the `githubnext/gh-aw` repository + - Use GitHub tools to fetch the CHANGELOG.md from the `github/gh-aw` repository - Review and understand: - Breaking changes - New features diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index 802e8e2a..49da063d 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -17,7 +17,7 @@ # # To regenerate this workflow, run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Alternative regeneration methods: # make recompile @@ -46,7 +46,7 @@ jobs: issues: write steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions diff --git a/.github/workflows/ci-cd-gaps-assessment.lock.yml b/.github/workflows/ci-cd-gaps-assessment.lock.yml index 18c0886a..71f262ff 100644 --- a/.github/workflows/ci-cd-gaps-assessment.lock.yml +++ b/.github/workflows/ci-cd-gaps-assessment.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Daily assessment of CI/CD pipelines and integration tests to identify gaps in PR quality measurement # @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -90,7 +90,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -125,7 +125,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -143,18 +143,18 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | # Check if gh-aw extension is already installed - if gh extension list | grep -q "githubnext/gh-aw"; then + if gh extension list | grep -q "github/gh-aw"; then echo "gh-aw extension already installed, upgrading..." gh extension upgrade gh-aw || true else echo "Installing gh-aw extension..." - gh extension install githubnext/gh-aw + gh extension install github/gh-aw fi gh aw --version # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization @@ -398,7 +398,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -946,7 +946,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1045,7 +1045,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1125,7 +1125,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1195,7 +1195,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index bbae7a96..553d9cff 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Automated CI failure investigator that analyzes logs, identifies root causes, and creates investigation issues. # @@ -81,7 +81,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -122,7 +122,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -168,7 +168,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -186,7 +186,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -472,7 +472,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -1010,7 +1010,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1109,7 +1109,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1189,7 +1189,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1247,7 +1247,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1284,7 +1284,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1321,7 +1321,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 19801424..4193dfdf 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -20,6 +20,6 @@ jobs: steps: - name: Install gh-aw extension run: | - curl -fsSL https://raw.githubusercontent.com/githubnext/gh-aw/refs/heads/main/install-gh-aw.sh | bash + curl -fsSL https://raw.githubusercontent.com/github/gh-aw/refs/heads/main/install-gh-aw.sh | bash - name: Verify gh-aw installation run: gh aw version diff --git a/.github/workflows/dependency-security-monitor.lock.yml b/.github/workflows/dependency-security-monitor.lock.yml index 48f8915e..ae8943a2 100644 --- a/.github/workflows/dependency-security-monitor.lock.yml +++ b/.github/workflows/dependency-security-monitor.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Daily workflow that monitors dependencies for security vulnerabilities, creates issues for HIGH/CRITICAL CVEs, # and proposes safe dependency updates. Detects vulnerabilities within 24 hours, creates actionable security @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -92,7 +92,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -127,7 +127,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -145,7 +145,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -493,7 +493,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -1176,7 +1176,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1290,7 +1290,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1370,7 +1370,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1443,7 +1443,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/doc-maintainer.lock.yml b/.github/workflows/doc-maintainer.lock.yml index e73e1944..e2444ce9 100644 --- a/.github/workflows/doc-maintainer.lock.yml +++ b/.github/workflows/doc-maintainer.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Daily documentation review and sync with code changes from the past 7 days @@ -50,7 +50,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -90,7 +90,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -125,7 +125,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -143,7 +143,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -383,7 +383,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -854,7 +854,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -968,7 +968,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1048,7 +1048,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1105,7 +1105,7 @@ jobs: activated: ${{ (steps.check_membership.outputs.is_team_member == 'true') && (steps.check_skip_if_match.outputs.skip_check_ok == 'true') }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1155,7 +1155,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/issue-duplication-detector.lock.yml b/.github/workflows/issue-duplication-detector.lock.yml index 7b2394d7..63f64266 100644 --- a/.github/workflows/issue-duplication-detector.lock.yml +++ b/.github/workflows/issue-duplication-detector.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Detects and comments on potentially duplicate issues using cache memory for persistent storage # @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -88,7 +88,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -135,7 +135,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -153,7 +153,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -366,7 +366,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -916,7 +916,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1013,7 +1013,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1093,7 +1093,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1150,7 +1150,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1187,7 +1187,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1224,7 +1224,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 120edbf9..6f61917e 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # The Cookie Monster of issues - assigns issues to Copilot agents one at a time @@ -56,7 +56,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -96,7 +96,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -131,7 +131,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -149,7 +149,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -407,7 +407,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -955,7 +955,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1056,7 +1056,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1136,7 +1136,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1193,7 +1193,7 @@ jobs: activated: ${{ ((steps.check_membership.outputs.is_team_member == 'true') && (steps.check_skip_if_match.outputs.skip_check_ok == 'true')) && (steps.check_skip_if_no_match.outputs.skip_no_match_check_ok == 'true') }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1260,7 +1260,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/pelis-agent-factory-advisor.lock.yml b/.github/workflows/pelis-agent-factory-advisor.lock.yml index 40670987..1a601fb9 100644 --- a/.github/workflows/pelis-agent-factory-advisor.lock.yml +++ b/.github/workflows/pelis-agent-factory-advisor.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Daily advisor that analyzes the repository for opportunities to add, enhance, or improve agentic workflows based on Pelis Agent Factory patterns # @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -91,7 +91,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -137,7 +137,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -155,18 +155,18 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | # Check if gh-aw extension is already installed - if gh extension list | grep -q "githubnext/gh-aw"; then + if gh extension list | grep -q "github/gh-aw"; then echo "gh-aw extension already installed, upgrading..." gh extension upgrade gh-aw || true else echo "Installing gh-aw extension..." - gh extension install githubnext/gh-aw + gh extension install github/gh-aw fi gh aw --version # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization @@ -410,7 +410,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -691,7 +691,7 @@ jobs: **IMPORTANT**: You must thoroughly crawl and read the Pelis Agent Factory documentation site to understand the common patterns and best practices for agentic workflows. Start from the main blog post and explore ALL linked pages: - - Start at: https://githubnext.github.io/gh-aw/blog/2026-01-12-welcome-to-pelis-agent-factory/ + - Start at: https://github.github.io/gh-aw/blog/2026-01-12-welcome-to-pelis-agent-factory/ - Use `web-fetch` to retrieve each page - Follow ALL internal links to other pages on the site - Read the documentation sections, guides, and examples @@ -1128,7 +1128,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1227,7 +1227,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1307,7 +1307,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1377,7 +1377,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1414,7 +1414,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/pelis-agent-factory-advisor.md b/.github/workflows/pelis-agent-factory-advisor.md index e5de73e8..bf1faac6 100644 --- a/.github/workflows/pelis-agent-factory-advisor.md +++ b/.github/workflows/pelis-agent-factory-advisor.md @@ -41,7 +41,7 @@ You are an expert advisor on agentic workflows, specializing in patterns and bes **IMPORTANT**: You must thoroughly crawl and read the Pelis Agent Factory documentation site to understand the common patterns and best practices for agentic workflows. Start from the main blog post and explore ALL linked pages: -- Start at: https://githubnext.github.io/gh-aw/blog/2026-01-12-welcome-to-pelis-agent-factory/ +- Start at: https://github.github.io/gh-aw/blog/2026-01-12-welcome-to-pelis-agent-factory/ - Use `web-fetch` to retrieve each page - Follow ALL internal links to other pages on the site - Read the documentation sections, guides, and examples diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index ebb7a5a8..7b4482cf 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Generates project plans and task breakdowns when invoked with /plan command in issues or PRs @@ -59,7 +59,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -119,7 +119,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -154,7 +154,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -172,7 +172,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -480,7 +480,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -1027,7 +1027,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1124,7 +1124,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1204,7 +1204,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1269,7 +1269,7 @@ jobs: matched_command: ${{ steps.check_command_position.outputs.matched_command }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Add eyes reaction for immediate feedback @@ -1329,7 +1329,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/security-guard.lock.yml b/.github/workflows/security-guard.lock.yml index b07fe31d..1d180e65 100644 --- a/.github/workflows/security-guard.lock.yml +++ b/.github/workflows/security-guard.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Security Guard - Reviews PRs for changes that weaken security posture or extend security boundaries @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -87,7 +87,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -122,7 +122,7 @@ jobs: await main(); - name: Validate CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code + run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://github.github.io/gh-aw/reference/engines/#anthropic-claude-code env: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} @@ -146,7 +146,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -359,7 +359,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="claude" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh { @@ -859,7 +859,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -956,7 +956,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1036,7 +1036,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code + run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://github.github.io/gh-aw/reference/engines/#anthropic-claude-code env: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} @@ -1123,7 +1123,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index bf30949a..2087066f 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Daily comprehensive security review and threat modeling with verifiable evidence # @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -92,7 +92,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -138,7 +138,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -156,18 +156,18 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | # Check if gh-aw extension is already installed - if gh extension list | grep -q "githubnext/gh-aw"; then + if gh extension list | grep -q "github/gh-aw"; then echo "gh-aw extension already installed, upgrading..." gh extension upgrade gh-aw || true else echo "Installing gh-aw extension..." - gh extension install githubnext/gh-aw + gh extension install github/gh-aw fi gh aw --version # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization @@ -411,7 +411,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -1158,7 +1158,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1257,7 +1257,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1337,7 +1337,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1407,7 +1407,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1444,7 +1444,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/smoke-chroot.lock.yml b/.github/workflows/smoke-chroot.lock.yml index c92bc90c..0c3328b9 100644 --- a/.github/workflows/smoke-chroot.lock.yml +++ b/.github/workflows/smoke-chroot.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Smoke test workflow that validates the --enable-chroot feature by testing host binary access, network firewall, and security boundaries @@ -58,7 +58,7 @@ jobs: comment_url: ${{ steps.add-comment.outputs.comment-url }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 + uses: github/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -109,7 +109,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 + uses: github/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -152,7 +152,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -170,7 +170,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.2 ghcr.io/githubnext/gh-aw-mcpg:v0.0.84 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.2 ghcr.io/github/gh-aw-mcpg:v0.0.84 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -418,7 +418,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.84' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.84' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -816,7 +816,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 + uses: github/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -915,7 +915,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 + uses: github/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -995,7 +995,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1068,7 +1068,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 + uses: github/gh-aw/actions/setup@98493c96da3fb6a59dc232e32a7b990a4c4e8969 # v0.38.1 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/smoke-chroot.md b/.github/workflows/smoke-chroot.md index 8265807b..a91a7a2e 100644 --- a/.github/workflows/smoke-chroot.md +++ b/.github/workflows/smoke-chroot.md @@ -26,7 +26,7 @@ network: - github sandbox: mcp: - container: "ghcr.io/githubnext/gh-aw-mcpg" + container: "ghcr.io/github/gh-aw-mcpg" tools: github: toolsets: [repos, pull_requests] diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index b59a7161..1b35055c 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Smoke test workflow that validates Claude engine functionality by reviewing recent PRs twice daily # @@ -59,7 +59,7 @@ jobs: comment_url: ${{ steps.add-comment.outputs.comment-url }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -110,7 +110,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -156,7 +156,7 @@ jobs: await main(); - name: Validate CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code + run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://github.github.io/gh-aw/reference/engines/#anthropic-claude-code env: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} @@ -180,7 +180,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 mcr.microsoft.com/playwright/mcp node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 mcr.microsoft.com/playwright/mcp node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -429,7 +429,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="claude" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh { @@ -1020,7 +1020,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1119,7 +1119,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1199,7 +1199,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://githubnext.github.io/gh-aw/reference/engines/#anthropic-claude-code + run: /opt/gh-aw/actions/validate_multi_secret.sh CLAUDE_CODE_OAUTH_TOKEN ANTHROPIC_API_KEY 'Claude Code' https://github.github.io/gh-aw/reference/engines/#anthropic-claude-code env: CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} @@ -1288,7 +1288,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1325,7 +1325,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/smoke-claude.md b/.github/workflows/smoke-claude.md index a32c7efe..38b45a2f 100644 --- a/.github/workflows/smoke-claude.md +++ b/.github/workflows/smoke-claude.md @@ -26,7 +26,7 @@ network: - playwright sandbox: mcp: - container: "ghcr.io/githubnext/gh-aw-mcpg" + container: "ghcr.io/github/gh-aw-mcpg" tools: cache-memory: true github: diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 34dd32ca..e5d699e8 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Smoke Copilot @@ -55,7 +55,7 @@ jobs: comment_url: ${{ steps.add-comment.outputs.comment-url }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -107,7 +107,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -153,7 +153,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -171,18 +171,18 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 mcr.microsoft.com/playwright/mcp node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 mcr.microsoft.com/playwright/mcp node:lts-alpine - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | # Check if gh-aw extension is already installed - if gh extension list | grep -q "githubnext/gh-aw"; then + if gh extension list | grep -q "github/gh-aw"; then echo "gh-aw extension already installed, upgrading..." gh extension upgrade gh-aw || true else echo "Installing gh-aw extension..." - gh extension install githubnext/gh-aw + gh extension install github/gh-aw fi gh aw --version # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization @@ -445,7 +445,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -856,7 +856,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -955,7 +955,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1035,7 +1035,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1108,7 +1108,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1145,7 +1145,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/smoke-copilot.md b/.github/workflows/smoke-copilot.md index 2ac91554..427a8dfd 100644 --- a/.github/workflows/smoke-copilot.md +++ b/.github/workflows/smoke-copilot.md @@ -33,7 +33,7 @@ tools: web-fetch: sandbox: mcp: - container: "ghcr.io/githubnext/gh-aw-mcpg" + container: "ghcr.io/github/gh-aw-mcpg" safe-outputs: add-comment: hide-older-comments: true diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 2c764209..0f37b823 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -90,8 +90,8 @@ jobs: # Verify Docker images are pulled echo "Checking for pulled images..." - docker images ghcr.io/githubnext/gh-aw-firewall/squid - docker images ghcr.io/githubnext/gh-aw-firewall/agent + docker images ghcr.io/github/gh-aw-firewall/squid + docker images ghcr.io/github/gh-aw-firewall/agent test-action-invalid-version: name: Test Action (Invalid Version - Should Fail) diff --git a/.github/workflows/test-chroot.yml b/.github/workflows/test-chroot.yml index 000ddb30..bac578ed 100644 --- a/.github/workflows/test-chroot.yml +++ b/.github/workflows/test-chroot.yml @@ -67,8 +67,8 @@ jobs: - name: Build local containers run: | echo "=== Building local containers ===" - docker build -t ghcr.io/githubnext/gh-aw-firewall/squid:latest containers/squid/ - docker build -t ghcr.io/githubnext/gh-aw-firewall/agent:latest containers/agent/ + docker build -t ghcr.io/github/gh-aw-firewall/squid:latest containers/squid/ + docker build -t ghcr.io/github/gh-aw-firewall/agent:latest containers/agent/ - name: Pre-test cleanup run: | @@ -188,8 +188,8 @@ jobs: - name: Build local containers run: | echo "=== Building local containers ===" - docker build -t ghcr.io/githubnext/gh-aw-firewall/squid:latest containers/squid/ - docker build -t ghcr.io/githubnext/gh-aw-firewall/agent:latest containers/agent/ + docker build -t ghcr.io/github/gh-aw-firewall/squid:latest containers/squid/ + docker build -t ghcr.io/github/gh-aw-firewall/agent:latest containers/agent/ - name: Pre-test cleanup run: | @@ -244,8 +244,8 @@ jobs: - name: Build local containers run: | echo "=== Building local containers ===" - docker build -t ghcr.io/githubnext/gh-aw-firewall/squid:latest containers/squid/ - docker build -t ghcr.io/githubnext/gh-aw-firewall/agent:latest containers/agent/ + docker build -t ghcr.io/github/gh-aw-firewall/squid:latest containers/squid/ + docker build -t ghcr.io/github/gh-aw-firewall/agent:latest containers/agent/ - name: Pre-test cleanup run: | diff --git a/.github/workflows/test-coverage-improver.lock.yml b/.github/workflows/test-coverage-improver.lock.yml index 9d1c1bab..86dfa072 100644 --- a/.github/workflows/test-coverage-improver.lock.yml +++ b/.github/workflows/test-coverage-improver.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Weekly workflow that analyzes test coverage, identifies under-tested security-critical code paths, # and creates PRs with additional tests. Focuses on iptables manipulation, Squid ACL rules, @@ -52,7 +52,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -128,7 +128,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -146,7 +146,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -421,7 +421,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -975,7 +975,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1089,7 +1089,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1169,7 +1169,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1226,7 +1226,7 @@ jobs: activated: ${{ (steps.check_membership.outputs.is_team_member == 'true') && (steps.check_skip_if_match.outputs.skip_check_ok == 'true') }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1277,7 +1277,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/update-release-notes.lock.yml b/.github/workflows/update-release-notes.lock.yml index bb5ac413..348a374f 100644 --- a/.github/workflows/update-release-notes.lock.yml +++ b/.github/workflows/update-release-notes.lock.yml @@ -17,7 +17,7 @@ # # To update this file, edit the corresponding .md file and run: # gh aw compile -# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md +# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md # # Updates release notes based on the diff between the latest tag and the previous tag @@ -47,7 +47,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -87,7 +87,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -122,7 +122,7 @@ jobs: await main(); - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -140,7 +140,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/githubnext/gh-aw-mcpg:v0.0.80 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.30.1 ghcr.io/github/gh-aw-mcpg:v0.0.80 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -375,7 +375,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.80' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.80' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -813,7 +813,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -912,7 +912,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -992,7 +992,7 @@ jobs: touch /tmp/gh-aw/threat-detection/detection.log - name: Validate COPILOT_GITHUB_TOKEN secret id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://githubnext.github.io/gh-aw/reference/engines/#github-copilot-default + run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.io/gh-aw/reference/engines/#github-copilot-default env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI @@ -1049,7 +1049,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1083,7 +1083,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: githubnext/gh-aw/actions/setup@v0.37.26 + uses: github/gh-aw/actions/setup@v0.37.26 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/AGENTS.md b/AGENTS.md index 04ad2de6..16b96003 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -480,7 +480,7 @@ The agent container mounts the HOME directory, so this config file is automatica - ✅ **MCP server name** - Use `"github"` as the server name (must match `--allow-tool` flag) - ✅ **npx availability** - The agent container includes Node.js 22 with npx pre-installed -**Note:** As of v0.9.1, Docker-in-Docker support was removed ([PR #205](https://github.com/githubnext/gh-aw-firewall/pull/205)). Use stdio-based MCP servers instead of Docker-based ones. +**Note:** As of v0.9.1, Docker-in-Docker support was removed ([PR #205](https://github.com/github/gh-aw-firewall/pull/205)). Use stdio-based MCP servers instead of Docker-based ones. ### Running Copilot CLI with Local MCP Through Firewall diff --git a/CLAUDE.md b/CLAUDE.md index 98084a44..38504099 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -120,7 +120,7 @@ sudo awf --help The firewall uses two Docker containers (Squid proxy and agent execution environment). By default, the CLI pulls pre-built images from GitHub Container Registry (GHCR) for faster startup and easier distribution. **Default behavior (GHCR images):** -- Images are automatically pulled from `ghcr.io/githubnext/gh-aw-firewall/squid:latest` and `ghcr.io/githubnext/gh-aw-firewall/agent:latest` +- Images are automatically pulled from `ghcr.io/github/gh-aw-firewall/squid:latest` and `ghcr.io/github/gh-aw-firewall/agent:latest` - Published during releases via `.github/workflows/release.yml` - Users don't need to build containers locally @@ -130,7 +130,7 @@ The firewall uses two Docker containers (Squid proxy and agent execution environ - Example: `sudo awf --build-local --allow-domains github.com 'curl https://github.com'` **Custom registry/tag:** -- `--image-registry ` - Use a different registry (default: `ghcr.io/githubnext/gh-aw-firewall`) +- `--image-registry ` - Use a different registry (default: `ghcr.io/github/gh-aw-firewall`) - `--image-tag ` - Use a specific version tag (default: `latest`) - Example: `sudo awf --image-tag v0.2.0 --allow-domains github.com 'curl https://github.com'` diff --git a/README.md b/README.md index 8d21fb10..1496f2eb 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ A network firewall for agentic workflows with domain whitelisting. This tool provides L7 (HTTP/HTTPS) egress control using [Squid proxy](https://www.squid-cache.org/) and Docker containers, restricting network access to a whitelist of approved domains for AI agents and their MCP servers. > [!TIP] -> This project is a part of GitHub Next's explorations of [Agentic Workflows](https://github.com/githubnext/gh-aw). For more background, check out the [project page on the GitHub Next website](https://githubnext.com/projects/agentic-workflows/)! ✨ +> This project is a part of GitHub Next's explorations of [Agentic Workflows](https://github.com/github/gh-aw). For more background, check out the [project page on the GitHub Next website](https://githubnext.com/projects/agentic-workflows/)! ✨ ## What it does @@ -24,7 +24,7 @@ See [Compatibility](docs/compatibility.md) for full details on supported version - **Prerequisite:** Docker is running - **Install:** ```bash - curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash + curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash ``` - **Run your first command:** ```bash @@ -49,7 +49,7 @@ Use the setup action in your workflows: ```yaml steps: - name: Setup awf - uses: githubnext/gh-aw-firewall@main + uses: github/gh-aw-firewall@main with: # version: 'v1.0.0' # Optional: defaults to latest # pull-images: 'true' # Optional: pre-pull Docker images for the version @@ -64,7 +64,7 @@ To pin Docker images to match the installed version, use `pull-images: 'true'` a steps: - name: Setup awf id: setup-awf - uses: githubnext/gh-aw-firewall@main + uses: github/gh-aw-firewall@main with: version: 'v0.7.0' pull-images: 'true' @@ -80,13 +80,13 @@ steps: ```bash # Install latest version -curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash +curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash # Install a specific version -curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash -s -- v1.0.0 +curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash -s -- v1.0.0 # Or using environment variable -curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v1.0.0 bash +curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v1.0.0 bash ``` The shell installer automatically: @@ -100,10 +100,10 @@ The shell installer automatically: ```bash # Download the latest release binary -curl -fL https://github.com/githubnext/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf +curl -fL https://github.com/github/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf # Download checksums for verification -curl -fL https://github.com/githubnext/gh-aw-firewall/releases/latest/download/checksums.txt -o checksums.txt +curl -fL https://github.com/github/gh-aw-firewall/releases/latest/download/checksums.txt -o checksums.txt # Verify SHA256 checksum sha256sum -c checksums.txt --ignore-missing diff --git a/action.yml b/action.yml index b76071ea..3013cbec 100644 --- a/action.yml +++ b/action.yml @@ -49,7 +49,7 @@ runs: run: | set -euo pipefail - REPO="githubnext/gh-aw-firewall" + REPO="github/gh-aw-firewall" BINARY_NAME="awf-linux-x64" INSTALL_DIR="${RUNNER_TEMP}/awf-bin" @@ -165,7 +165,7 @@ runs: run: | set -euo pipefail - REGISTRY="ghcr.io/githubnext/gh-aw-firewall" + REGISTRY="ghcr.io/github/gh-aw-firewall" echo "Pulling awf Docker images with tag: ${IMAGE_TAG}" diff --git a/containers/agent/docker-stub.sh b/containers/agent/docker-stub.sh index 0b11eb11..7605ff63 100644 --- a/containers/agent/docker-stub.sh +++ b/containers/agent/docker-stub.sh @@ -9,6 +9,6 @@ If you need to: - Run Docker: Execute Docker commands outside AWF wrapper - Build images: Run Docker build before invoking AWF -See PR #205: https://github.com/githubnext/gh-aw-firewall/pull/205 +See PR #205: https://github.com/github/gh-aw-firewall/pull/205 EOF exit 127 diff --git a/docs-site/README.md b/docs-site/README.md index e7ecfa4a..c63f7114 100644 --- a/docs-site/README.md +++ b/docs-site/README.md @@ -55,4 +55,4 @@ Workflow: `.github/workflows/deploy-docs.yml` - [Astro Documentation](https://docs.astro.build/) - [Starlight Documentation](https://starlight.astro.build/) -- [Live Site](https://githubnext.github.io/gh-aw-firewall/) +- [Live Site](https://github.github.io/gh-aw-firewall/) diff --git a/docs-site/src/content/docs/index.md b/docs-site/src/content/docs/index.md index 9f84cc9c..32ac3468 100644 --- a/docs-site/src/content/docs/index.md +++ b/docs-site/src/content/docs/index.md @@ -6,7 +6,7 @@ description: Network firewall for AI agents with domain whitelisting - control e A network firewall designed specifically for AI agents and agentic workflows. Control which domains your AI agents can access while maintaining full filesystem access in a containerized environment. :::tip[Part of GitHub Next] -This project is part of GitHub Next's explorations of [Agentic Workflows](https://github.com/githubnext/gh-aw). Learn more on the [GitHub Next website](https://githubnext.com/projects/agentic-workflows/)! ✨ +This project is part of GitHub Next's explorations of [Agentic Workflows](https://github.com/github/gh-aw). Learn more on the [GitHub Next website](https://githubnext.com/projects/agentic-workflows/)! ✨ ::: ## What Is This? @@ -42,11 +42,11 @@ Download the latest release binary: ```bash # One-line installer with SHA verification (recommended) -curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash +curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash # Or manual installation -curl -fL https://github.com/githubnext/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf -curl -fL https://github.com/githubnext/gh-aw-firewall/releases/latest/download/checksums.txt -o checksums.txt +curl -fL https://github.com/github/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf +curl -fL https://github.com/github/gh-aw-firewall/releases/latest/download/checksums.txt -o checksums.txt sha256sum -c checksums.txt --ignore-missing chmod +x awf sudo mv awf /usr/local/bin/ @@ -175,7 +175,7 @@ The firewall uses a containerized architecture with three security layers: 4. **Debug Issues** - Check the [troubleshooting guide](https://github.com/githubnext/gh-aw-firewall/blob/main/docs/troubleshooting.md) for common problems and solutions. + Check the [troubleshooting guide](https://github.com/github/gh-aw-firewall/blob/main/docs/troubleshooting.md) for common problems and solutions. @@ -286,7 +286,7 @@ Half measures are as bad as nothing at all. ## Get Help - **Documentation**: Browse the guides and reference pages in the sidebar -- **GitHub**: [Report issues](https://github.com/githubnext/gh-aw-firewall/issues) or contribute -- **Examples**: Check the [examples directory](https://github.com/githubnext/gh-aw-firewall/tree/main/examples) +- **GitHub**: [Report issues](https://github.com/github/gh-aw-firewall/issues) or contribute +- **Examples**: Check the [examples directory](https://github.com/github/gh-aw-firewall/tree/main/examples) -Ready to dive deeper? Read the [full documentation on GitHub](https://github.com/githubnext/gh-aw-firewall#readme). +Ready to dive deeper? Read the [full documentation on GitHub](https://github.com/github/gh-aw-firewall#readme). diff --git a/docs-site/src/content/docs/reference/cli-reference.md b/docs-site/src/content/docs/reference/cli-reference.md index eb5e365b..c25e159f 100644 --- a/docs-site/src/content/docs/reference/cli-reference.md +++ b/docs-site/src/content/docs/reference/cli-reference.md @@ -30,7 +30,7 @@ awf [options] -- | `--tty` | flag | `false` | Allocate pseudo-TTY for interactive tools | | `--work-dir ` | string | `/tmp/awf-` | Working directory for temporary files | | `--build-local` | flag | `false` | Build containers locally instead of pulling from registry | -| `--image-registry ` | string | `ghcr.io/githubnext/gh-aw-firewall` | Container image registry | +| `--image-registry ` | string | `ghcr.io/github/gh-aw-firewall` | Container image registry | | `--image-tag ` | string | `latest` | Container image tag | | `-e, --env ` | string | `[]` | Environment variable (repeatable) | | `--env-all` | flag | `false` | Pass all host environment variables | diff --git a/docs-site/src/content/docs/reference/ssl-bump.md b/docs-site/src/content/docs/reference/ssl-bump.md index 063d1e39..757af88e 100644 --- a/docs-site/src/content/docs/reference/ssl-bump.md +++ b/docs-site/src/content/docs/reference/ssl-bump.md @@ -202,7 +202,7 @@ sudo awf \ --allow-domains api.github.com \ --ssl-bump \ --allow-urls "https://api.github.com/repos/githubnext/*,https://api.github.com/users/*" \ - -- curl https://api.github.com/repos/githubnext/gh-aw-firewall + -- curl https://api.github.com/repos/github/gh-aw-firewall ``` ### Debug with Verbose Logging @@ -213,7 +213,7 @@ sudo awf \ --ssl-bump \ --allow-urls "https://github.com/*" \ --log-level debug \ - -- curl https://github.com/githubnext/gh-aw-firewall + -- curl https://github.com/github/gh-aw-firewall # View full URL paths in Squid logs sudo cat /tmp/squid-logs-*/access.log diff --git a/docs/RELEASE_TEMPLATE.md b/docs/RELEASE_TEMPLATE.md index beef01e1..66f85d4c 100644 --- a/docs/RELEASE_TEMPLATE.md +++ b/docs/RELEASE_TEMPLATE.md @@ -9,7 +9,7 @@ Edit this file to change the format of release notes for all future releases. |-------------|-------------|---------| | `{{CHANGELOG}}` | Auto-generated changelog from GitHub API or git log | PR list or commit list | | `{{CLI_HELP}}` | Output of `awf --help` command | CLI usage and options | -| `{{REPOSITORY}}` | GitHub repository path | `githubnext/gh-aw-firewall` | +| `{{REPOSITORY}}` | GitHub repository path | `github/gh-aw-firewall` | | `{{VERSION}}` | Full version tag with 'v' prefix | `v0.3.0` | | `{{VERSION_NUMBER}}` | Version number without 'v' prefix | `0.3.0` | diff --git a/docs/agent-images.md b/docs/agent-images.md index 97ee0555..00f78fc2 100644 --- a/docs/agent-images.md +++ b/docs/agent-images.md @@ -2,7 +2,7 @@ Reference guide for the development tools, utilities, and runtime versions pre-installed in the `agent` and `agent-act` container images used by the firewall. -> 📘 **Note:** This document is also available in the [online documentation](https://githubnext.github.io/gh-aw-firewall/reference/agent-images/). +> 📘 **Note:** This document is also available in the [online documentation](https://github.github.io/gh-aw-firewall/reference/agent-images/). ## Overview diff --git a/docs/compatibility.md b/docs/compatibility.md index bec88442..76775c5f 100644 --- a/docs/compatibility.md +++ b/docs/compatibility.md @@ -120,7 +120,7 @@ sudo systemctl enable docker If you encounter compatibility issues with a supported configuration, please: 1. Check the [Troubleshooting Guide](troubleshooting.md) -2. Search existing [GitHub Issues](https://github.com/githubnext/gh-aw-firewall/issues) +2. Search existing [GitHub Issues](https://github.com/github/gh-aw-firewall/issues) 3. Open a new issue with: - Node.js version (`node --version`) - Docker version (`docker --version`) diff --git a/docs/github_actions.md b/docs/github_actions.md index f33d2eff..abd095ac 100644 --- a/docs/github_actions.md +++ b/docs/github_actions.md @@ -9,7 +9,7 @@ The simplest way to install awf in GitHub Actions is using the setup action: ```yaml steps: - name: Setup awf - uses: githubnext/gh-aw-firewall@main + uses: github/gh-aw-firewall@main # with: # version: 'v1.0.0' # Optional: defaults to latest # pull-images: 'true' # Optional: pre-pull Docker images @@ -46,7 +46,7 @@ For reproducible builds, you can pin both the awf binary and Docker images: steps: - name: Setup awf id: setup-awf - uses: githubnext/gh-aw-firewall@main + uses: github/gh-aw-firewall@main with: version: 'v0.7.0' pull-images: 'true' @@ -66,7 +66,7 @@ Alternatively, use the install script: steps: - name: Install awf run: | - curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash + curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash ``` ### Building from Source @@ -107,7 +107,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup awf - uses: githubnext/gh-aw-firewall@main + uses: github/gh-aw-firewall@main - name: Install GitHub Copilot CLI run: npm install -g @github/copilot@latest @@ -176,7 +176,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup awf - uses: githubnext/gh-aw-firewall@main + uses: github/gh-aw-firewall@main - name: Test with Firewall env: diff --git a/docs/image-verification.md b/docs/image-verification.md index 6fa75cd6..8a20bdbc 100644 --- a/docs/image-verification.md +++ b/docs/image-verification.md @@ -33,18 +33,18 @@ All images are signed using GitHub Actions OIDC tokens, ensuring they come from ```bash cosign verify \ - --certificate-identity-regexp 'https://github.com/githubnext/gh-aw-firewall/.*' \ + --certificate-identity-regexp 'https://github.com/github/gh-aw-firewall/.*' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ - ghcr.io/githubnext/gh-aw-firewall/squid:latest + ghcr.io/github/gh-aw-firewall/squid:latest ``` ### Verify Agent Image ```bash cosign verify \ - --certificate-identity-regexp 'https://github.com/githubnext/gh-aw-firewall/.*' \ + --certificate-identity-regexp 'https://github.com/github/gh-aw-firewall/.*' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ - ghcr.io/githubnext/gh-aw-firewall/agent:latest + ghcr.io/github/gh-aw-firewall/agent:latest ``` ## Verifying SBOM Attestations @@ -53,10 +53,10 @@ Images include Software Bill of Materials (SBOM) attestations for supply chain t ```bash cosign verify-attestation \ - --certificate-identity-regexp 'https://github.com/githubnext/gh-aw-firewall/.*' \ + --certificate-identity-regexp 'https://github.com/github/gh-aw-firewall/.*' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ --type spdxjson \ - ghcr.io/githubnext/gh-aw-firewall/squid:latest + ghcr.io/github/gh-aw-firewall/squid:latest ``` ## What Gets Signed diff --git a/docs/mitmweb-debugging.md b/docs/mitmweb-debugging.md index 39fd33da..7a021a82 100644 --- a/docs/mitmweb-debugging.md +++ b/docs/mitmweb-debugging.md @@ -48,7 +48,7 @@ never_direct allow all' /tmp/awf-XXXXX/squid.conf ### 5. Add host.docker.internal to Squid container ```bash -sudo sed -i '/image: ghcr.io\/githubnext\/gh-aw-firewall\/squid:latest/a\ extra_hosts:\n - host.docker.internal:host-gateway' /tmp/awf-XXXXX/docker-compose.yml +sudo sed -i '/image: ghcr.io\/github\/gh-aw-firewall\/squid:latest/a\ extra_hosts:\n - host.docker.internal:host-gateway' /tmp/awf-XXXXX/docker-compose.yml ``` ### 6. Change agent command to stay alive diff --git a/docs/quickstart.md b/docs/quickstart.md index bd375b19..dda570ff 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -17,7 +17,7 @@ See [Compatibility](compatibility.md) for full version details and tested config ```bash # Install latest version -curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash +curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash # Verify installation sudo awf --version @@ -27,7 +27,7 @@ sudo awf --version ```yaml - name: Setup awf - uses: githubnext/gh-aw-firewall@main + uses: github/gh-aw-firewall@main ``` See [GitHub Actions Integration](github_actions.md) for more details. @@ -36,7 +36,7 @@ See [GitHub Actions Integration](github_actions.md) for more details. ```bash # Clone the repository -git clone https://github.com/githubnext/gh-aw-firewall.git awf +git clone https://github.com/github/gh-aw-firewall.git awf cd awf # Install dependencies diff --git a/docs/releasing.md b/docs/releasing.md index ace74cce..1c298092 100644 --- a/docs/releasing.md +++ b/docs/releasing.md @@ -88,7 +88,7 @@ Each release includes: - `checksums.txt` - SHA256 checksums for all files ### GitHub Container Registry (GHCR) -Docker images are published to `ghcr.io/githubnext/gh-aw-firewall`: +Docker images are published to `ghcr.io/github/gh-aw-firewall`: - `squid:` and `squid:latest` - Squid proxy container - `agent:` and `agent:latest` - Agent execution environment (minimal, ~200MB) - `agent-act:` and `agent-act:latest` - Agent with GitHub Actions parity (~2GB) diff --git a/docs/ssl-bump.md b/docs/ssl-bump.md index 5ffc1d1d..9dfe15fd 100644 --- a/docs/ssl-bump.md +++ b/docs/ssl-bump.md @@ -122,7 +122,7 @@ sudo awf \ --allow-domains api.github.com \ --ssl-bump \ --allow-urls "https://api.github.com/repos/githubnext/*,https://api.github.com/users/*" \ - -- curl https://api.github.com/repos/githubnext/gh-aw-firewall + -- curl https://api.github.com/repos/github/gh-aw-firewall ``` Allow only specific API endpoint patterns while blocking others. @@ -135,7 +135,7 @@ sudo awf \ --ssl-bump \ --allow-urls "https://github.com/*" \ --log-level debug \ - -- curl https://github.com/githubnext/gh-aw-firewall + -- curl https://github.com/github/gh-aw-firewall # View full URL paths in Squid logs sudo cat /tmp/squid-logs-*/access.log diff --git a/install.sh b/install.sh index ccf7cba2..10f1d5b7 100755 --- a/install.sh +++ b/install.sh @@ -8,13 +8,13 @@ set -e # # Usage: # # Install latest version -# curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash +# curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash # # # Install specific version -# curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo bash -s -- v1.0.0 +# curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo bash -s -- v1.0.0 # # # Or with environment variable -# curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v1.0.0 bash +# curl -sSL https://raw.githubusercontent.com/github/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v1.0.0 bash # # Security features: # - Uses curl -f to fail on HTTP errors (404, 403, etc.) @@ -28,10 +28,10 @@ set -e # - file # - sudo/root access # -# Repository: https://github.com/githubnext/gh-aw-firewall -# Issue #107: https://github.com/githubnext/gh-aw-firewall/issues/107 +# Repository: https://github.com/github/gh-aw-firewall +# Issue #107: https://github.com/github/gh-aw-firewall/issues/107 -REPO="githubnext/gh-aw-firewall" +REPO="github/gh-aw-firewall" BINARY_NAME="awf-linux-x64" INSTALL_DIR="/usr/local/bin" INSTALL_NAME="awf" diff --git a/scripts/download-latest-artifact.sh b/scripts/download-latest-artifact.sh index 0436e588..ffe18e8d 100755 --- a/scripts/download-latest-artifact.sh +++ b/scripts/download-latest-artifact.sh @@ -15,7 +15,7 @@ set -e # Default values DEFAULT_WORKFLOW=".github/workflows/test-coverage.yml" DEFAULT_ARTIFACT="coverage-report" -DEFAULT_REPO="githubnext/gh-aw-firewall" +DEFAULT_REPO="github/gh-aw-firewall" # Parse arguments SPECIFIC_RUN_ID="${1:-}" diff --git a/src/cli.ts b/src/cli.ts index c275e1b7..f218ec39 100644 --- a/src/cli.ts +++ b/src/cli.ts @@ -500,7 +500,7 @@ program .option( '--image-registry ', 'Container image registry', - 'ghcr.io/githubnext/gh-aw-firewall' + 'ghcr.io/github/gh-aw-firewall' ) .option( '--image-tag ', diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts index f37fb2da..deca6ed4 100644 --- a/src/docker-manager.test.ts +++ b/src/docker-manager.test.ts @@ -249,7 +249,7 @@ describe('docker-manager', () => { keepContainers: false, workDir: '/tmp/awf-test', buildLocal: false, - imageRegistry: 'ghcr.io/githubnext/gh-aw-firewall', + imageRegistry: 'ghcr.io/github/gh-aw-firewall', imageTag: 'latest', }; @@ -262,8 +262,8 @@ describe('docker-manager', () => { it('should generate docker-compose config with GHCR images by default', () => { const result = generateDockerCompose(mockConfig, mockNetworkConfig); - expect(result.services['squid-proxy'].image).toBe('ghcr.io/githubnext/gh-aw-firewall/squid:latest'); - expect(result.services.agent.image).toBe('ghcr.io/githubnext/gh-aw-firewall/agent:latest'); + expect(result.services['squid-proxy'].image).toBe('ghcr.io/github/gh-aw-firewall/squid:latest'); + expect(result.services.agent.image).toBe('ghcr.io/github/gh-aw-firewall/agent:latest'); expect(result.services['squid-proxy'].build).toBeUndefined(); expect(result.services.agent.build).toBeUndefined(); }); @@ -341,7 +341,7 @@ describe('docker-manager', () => { }; const result = generateDockerCompose(actPresetConfig, mockNetworkConfig); - expect(result.services.agent.image).toBe('ghcr.io/githubnext/gh-aw-firewall/agent-act:latest'); + expect(result.services.agent.image).toBe('ghcr.io/github/gh-aw-firewall/agent-act:latest'); expect(result.services.agent.build).toBeUndefined(); }); @@ -352,14 +352,14 @@ describe('docker-manager', () => { }; const result = generateDockerCompose(defaultPresetConfig, mockNetworkConfig); - expect(result.services.agent.image).toBe('ghcr.io/githubnext/gh-aw-firewall/agent:latest'); + expect(result.services.agent.image).toBe('ghcr.io/github/gh-aw-firewall/agent:latest'); expect(result.services.agent.build).toBeUndefined(); }); it('should use agent GHCR image when agentImage is undefined', () => { const result = generateDockerCompose(mockConfig, mockNetworkConfig); - expect(result.services.agent.image).toBe('ghcr.io/githubnext/gh-aw-firewall/agent:latest'); + expect(result.services.agent.image).toBe('ghcr.io/github/gh-aw-firewall/agent:latest'); expect(result.services.agent.build).toBeUndefined(); }); diff --git a/src/docker-manager.ts b/src/docker-manager.ts index c0a2e093..fbed4762 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -237,7 +237,7 @@ export function generateDockerCompose( // Default to GHCR images unless buildLocal is explicitly set const useGHCR = !config.buildLocal; - const registry = config.imageRegistry || 'ghcr.io/githubnext/gh-aw-firewall'; + const registry = config.imageRegistry || 'ghcr.io/github/gh-aw-firewall'; const tag = config.imageTag || 'latest'; // Squid logs path: use proxyLogsDir if specified (direct write), otherwise workDir/squid-logs diff --git a/src/squid-config.test.ts b/src/squid-config.test.ts index 0b329ebb..82a959ef 100644 --- a/src/squid-config.test.ts +++ b/src/squid-config.test.ts @@ -336,7 +336,7 @@ describe('generateSquidConfig', () => { }); it('should allow CONNECT to Safe_ports (80 and 443) for HTTP proxy compatibility', () => { - // See: https://github.com/githubnext/gh-aw-firewall/issues/189 + // See: https://github.com/github/gh-aw-firewall/issues/189 // Node.js fetch uses CONNECT method even for HTTP connections when proxied const config: SquidConfig = { domains: ['example.com'], diff --git a/src/types.ts b/src/types.ts index 5afd4852..bda31429 100644 --- a/src/types.ts +++ b/src/types.ts @@ -122,7 +122,7 @@ export interface WrapperConfig { * Allows overriding the default GitHub Container Registry with custom registries * for development, testing, or air-gapped environments. * - * @default 'ghcr.io/githubnext/gh-aw-firewall' + * @default 'ghcr.io/github/gh-aw-firewall' * @example 'my-registry.example.com/awf' */ imageRegistry?: string; @@ -539,7 +539,7 @@ export interface DockerService { * from the registry (local or remote). * * @example 'ubuntu/squid:latest' - * @example 'ghcr.io/githubnext/gh-aw-firewall/agent:latest' + * @example 'ghcr.io/github/gh-aw-firewall/agent:latest' */ image?: string; diff --git a/tests/integration/docker-warning.test.ts b/tests/integration/docker-warning.test.ts index 6711ee31..362fbffb 100644 --- a/tests/integration/docker-warning.test.ts +++ b/tests/integration/docker-warning.test.ts @@ -103,7 +103,7 @@ describe.skip('Docker Command Warning', () => { // The command may succeed or fail depending on how the shell handles the exit code // But the warning message should always be present in stderr expect(result.stderr).toContain('Docker-in-Docker support was removed in AWF v0.9.1'); - expect(result.stderr).toContain('https://github.com/githubnext/gh-aw-firewall#breaking-changes'); + expect(result.stderr).toContain('https://github.com/github/gh-aw-firewall#breaking-changes'); }, 120000); test('Test 5: docker version shows warning', async () => { diff --git a/tests/integration/no-docker.test.ts b/tests/integration/no-docker.test.ts index 8f2949e6..c5afd10d 100644 --- a/tests/integration/no-docker.test.ts +++ b/tests/integration/no-docker.test.ts @@ -1,6 +1,6 @@ /** * Docker-in-Docker Removal Regression Tests - * Tests for PR #205: https://github.com/githubnext/gh-aw-firewall/pull/205 + * Tests for PR #205: https://github.com/github/gh-aw-firewall/pull/205 * * These tests verify that Docker commands fail gracefully after Docker-in-Docker * support was removed in v0.9.1. The agent container should NOT have: @@ -9,7 +9,7 @@ * - Docker daemon running * * IMPORTANT: These tests require container images built from commit 8d81fe4 or later. - * If using registry images (ghcr.io/githubnext/gh-aw-firewall), ensure they have been + * If using registry images (ghcr.io/github/gh-aw-firewall), ensure they have been * rebuilt after PR #205 was merged. Otherwise, use `buildLocal: true` in test options * to build fresh images from the current codebase. *