fix: restructure smoke-chroot workflow to avoid Docker-in-Docker#508
fix: restructure smoke-chroot workflow to avoid Docker-in-Docker#508
Conversation
Add 7 agentic workflows that clone and test external repositories to validate firewall network rules work correctly for different language ecosystems: - Node.js: clsx, execa, p-limit (npm install/test) - Go: color, env, uuid (go mod download/test) - Rust: fd, zoxide (cargo build/test) - Java: gson, caffeine (mvn compile/test) - C++: fmt, json (cmake/make) - Deno: oak, std (deno test) - Bun: elysia, hono (bun install/test) Each workflow: - Triggers on pull_request and workflow_dispatch - Uses appropriate network allowlists (defaults, github, language-specific) - Reports results via PR comments with pass/fail tables - Adds language-specific labels on success Also updates postprocess-smoke-workflows.ts to include the new workflows for local build patching in CI. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The smoke-chroot workflow had a design incompatibility where it attempted to run `awf --enable-chroot` commands from within an AWF sandbox container. This creates a nested Docker-in-Docker scenario that is not supported (Docker-in-Docker was removed in AWF v0.9.1, PR #205). This fix restructures the workflow to: 1. Run all chroot tests in the frontmatter `steps:` section, which executes directly on the GitHub Actions runner BEFORE the agent sandbox starts 2. Save test results to files in /tmp/gh-aw/chroot-test/ 3. Have the agent (running inside AWF) simply read the results and post PR comments/labels The workflow now: - Sets up Go (for consistent version testing) - Captures host versions (Python, Node, Go) - Builds local containers - Runs chroot version tests via `awf --enable-chroot` - Compares versions and saves results - Agent analyzes results and posts to PR This approach avoids the Docker-in-Docker problem while still validating the chroot feature end-to-end. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident... |
✅ Coverage Check PassedOverall Coverage
Coverage comparison generated by |
There was a problem hiding this comment.
Pull request overview
Restructures the smoke-chroot GitHub Agentic Workflow to avoid Docker-in-Docker by running chroot validations on the runner first and limiting the agent to analyzing precomputed results. Also introduces several new “build-test-*” workflows and updates the CI postprocessing script to include them.
Changes:
- Move chroot runtime/version checks into frontmatter
steps:(runner-executed) and adjust the agent prompt to only summarize results. - Update the compiled
smoke-chroot.lock.ymlworkflow to match the new structure and bump related tool/container versions. - Add multiple new “build-test-*” workflow markdown + compiled lockfiles, and include them in
postprocess-smoke-workflows.ts.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/ci/postprocess-smoke-workflows.ts | Expands postprocessing to include build-test workflow lockfiles. |
| .github/workflows/smoke-chroot.md | Moves chroot checks to runner steps and updates agent instructions to read precomputed results. |
| .github/workflows/smoke-chroot.lock.yml | Compiled workflow reflecting new smoke-chroot structure and tooling versions. |
| .github/workflows/build-test-node.md / .lock.yml | New Node.js build/test workflow and compiled lockfile. |
| .github/workflows/build-test-go.md / .lock.yml | New Go build/test workflow and compiled lockfile. |
| .github/workflows/build-test-rust.md / .lock.yml | New Rust build/test workflow and compiled lockfile. |
| .github/workflows/build-test-java.md / .lock.yml | New Java build/test workflow and compiled lockfile. |
| .github/workflows/build-test-cpp.md / .lock.yml | New C++ build/test workflow and compiled lockfile. |
| .github/workflows/build-test-deno.md / .lock.yml | New Deno build/test workflow and compiled lockfile. |
| .github/workflows/build-test-bun.md / .lock.yml | New Bun build/test workflow and compiled lockfile. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
This generated workflow uses Checkout actions folder + uses: ./actions/setup, but the repository does not include an actions/setup action (no actions/ directory at repo root). The workflow will fail when resolving the local action. Use the previously pinned remote github/gh-aw/actions/setup@<sha> action, or vendor the required action into this repo and reference the correct path.
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@d8e5d9a593ee0f12e51e74a53ce38afcb7631c10 |
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
This generated workflow uses Checkout actions folder + uses: ./actions/setup, but the repository does not include an actions/setup action (no actions/ directory at repo root). The workflow will fail when resolving the local action. Use the previously pinned remote github/gh-aw/actions/setup@<sha> action, or vendor the required action into this repo and reference the correct path.
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@5ad7c7c57ba66e94a55c4d3f0ac1f8e4f6e3c493 |
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
This generated workflow uses Checkout actions folder + uses: ./actions/setup, but the repository does not include an actions/setup action (no actions/ directory at repo root). The workflow will fail when resolving the local action. Use the previously pinned remote github/gh-aw/actions/setup@<sha> action, or vendor the required action into this repo and reference the correct path.
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@6b2a4b7a4e3f3a02c2f4f5ffbfb29815dbd5fabc |
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
This generated workflow uses Checkout actions folder + uses: ./actions/setup, but the repository does not include an actions/setup action (no actions/ directory at repo root). The workflow will fail when resolving the local action. Use the previously pinned remote github/gh-aw/actions/setup@<sha> action, or vendor the required action into this repo and reference the correct path.
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@ed4e03e9c1fd0e3e0f4a21f8b7d9d6808f7d5eae |
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
This generated workflow uses Checkout actions folder + uses: ./actions/setup, but the repository does not include an actions/setup action (no actions/ directory at repo root). The workflow will fail when resolving the local action. Use the previously pinned remote github/gh-aw/actions/setup@<sha> action, or vendor the required action into this repo and reference the correct path.
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@v0 |
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: github/gh-aw/actions/setup@76d37d925abd44fee97379206f105b74b91a285b # v0.40.0 | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
actions/checkout is sparse-checking out an actions/ directory and then Setup Scripts uses ./actions/setup, but this repository does not contain an actions/setup action (no actions/ directory at repo root). This will cause the workflow to fail at runtime. Either revert to github/gh-aw/actions/setup@<sha> as before, or change the checkout step to fetch the correct repository/path that contains the setup action (and update the uses: path accordingly).
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@v1 |
| docker build -t ghcr.io/github/gh-aw-firewall/squid:latest containers/squid/ | ||
| docker build -t ghcr.io/github/gh-aw-firewall/agent:latest containers/agent/ | ||
| - name: Run chroot version tests | ||
| run: "echo \"=== Running chroot version tests ===\"\n\n# Capture GOROOT for chroot tests\nexport GOROOT=$(go env GOROOT)\n\n# Test Python version in chroot\necho \"Testing Python...\"\nCHROOT_PYTHON=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- python3 --version 2>&1 | tail -1) || CHROOT_PYTHON=\"FAILED\"\n\n# Test Node version in chroot\necho \"Testing Node...\"\nCHROOT_NODE=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- node --version 2>&1 | tail -1) || CHROOT_NODE=\"FAILED\"\n\n# Test Go version in chroot\necho \"Testing Go...\"\nCHROOT_GO=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- go version 2>&1 | tail -1) || CHROOT_GO=\"FAILED\"\n\n# Save chroot versions\n{\n echo \"CHROOT_PYTHON_VERSION=$CHROOT_PYTHON\"\n echo \"CHROOT_NODE_VERSION=$CHROOT_NODE\"\n echo \"CHROOT_GO_VERSION=$CHROOT_GO\"\n} > /tmp/gh-aw/chroot-test/chroot-versions.env\n\ncat /tmp/gh-aw/chroot-test/chroot-versions.env\n\n# Compare versions and create results\nsource /tmp/gh-aw/chroot-test/host-versions.env\n\nPYTHON_MATCH=\"NO\"\nNODE_MATCH=\"NO\"\nGO_MATCH=\"NO\"\n\n# Compare Python (extract version number)\nHOST_PY_NUM=$(echo \"$HOST_PYTHON_VERSION\" | grep -oP '\\d+\\.\\d+\\.\\d+' || echo \"\")\nCHROOT_PY_NUM=$(echo \"$CHROOT_PYTHON\" | grep -oP '\\d+\\.\\d+\\.\\d+' || echo \"\")\n[ \"$HOST_PY_NUM\" = \"$CHROOT_PY_NUM\" ] && [ -n \"$HOST_PY_NUM\" ] && PYTHON_MATCH=\"YES\"\n\n# Compare Node (extract version number)\nHOST_NODE_NUM=$(echo \"$HOST_NODE_VERSION\" | grep -oP 'v\\d+\\.\\d+\\.\\d+' || echo \"\")\nCHROOT_NODE_NUM=$(echo \"$CHROOT_NODE\" | grep -oP 'v\\d+\\.\\d+\\.\\d+' || echo \"\")\n[ \"$HOST_NODE_NUM\" = \"$CHROOT_NODE_NUM\" ] && [ -n \"$HOST_NODE_NUM\" ] && NODE_MATCH=\"YES\"\n\n# Compare Go (extract version number)\nHOST_GO_NUM=$(echo \"$HOST_GO_VERSION\" | grep -oP 'go\\d+\\.\\d+(\\.\\d+)?' || echo \"\")\nCHROOT_GO_NUM=$(echo \"$CHROOT_GO\" | grep -oP 'go\\d+\\.\\d+(\\.\\d+)?' || echo \"\")\n[ \"$HOST_GO_NUM\" = \"$CHROOT_GO_NUM\" ] && [ -n \"$HOST_GO_NUM\" ] && GO_MATCH=\"YES\"\n\n# Create results summary\n{\n echo \"PYTHON_MATCH=$PYTHON_MATCH\"\n echo \"NODE_MATCH=$NODE_MATCH\"\n echo \"GO_MATCH=$GO_MATCH\"\n echo \"HOST_PY_NUM=$HOST_PY_NUM\"\n echo \"CHROOT_PY_NUM=$CHROOT_PY_NUM\"\n echo \"HOST_NODE_NUM=$HOST_NODE_NUM\"\n echo \"CHROOT_NODE_NUM=$CHROOT_NODE_NUM\"\n echo \"HOST_GO_NUM=$HOST_GO_NUM\"\n echo \"CHROOT_GO_NUM=$CHROOT_GO_NUM\"\n} > /tmp/gh-aw/chroot-test/results.env\n\ncat /tmp/gh-aw/chroot-test/results.env\n\n# Determine overall result\nif [ \"$PYTHON_MATCH\" = \"YES\" ] && [ \"$NODE_MATCH\" = \"YES\" ] && [ \"$GO_MATCH\" = \"YES\" ]; then\n echo \"ALL_TESTS_PASSED=true\" >> /tmp/gh-aw/chroot-test/results.env\n echo \"=== ALL CHROOT TESTS PASSED ===\"\nelse\n echo \"ALL_TESTS_PASSED=false\" >> /tmp/gh-aw/chroot-test/results.env\n echo \"=== SOME CHROOT TESTS FAILED ===\"\nfi\n" |
There was a problem hiding this comment.
The Run chroot version tests step invokes awf ... but the workflow doesn’t install/provide the awf binary until later (Install awf binary is at line 202). This will fail on runners where awf is not preinstalled. Move the awf installation earlier (before these chroot test steps), or add a dedicated install step ahead of this block (and ensure it doesn’t conflict with scripts/ci/postprocess-smoke-workflows.ts which expects a single "Install awf binary" step name).
| run: "echo \"=== Running chroot version tests ===\"\n\n# Capture GOROOT for chroot tests\nexport GOROOT=$(go env GOROOT)\n\n# Test Python version in chroot\necho \"Testing Python...\"\nCHROOT_PYTHON=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- python3 --version 2>&1 | tail -1) || CHROOT_PYTHON=\"FAILED\"\n\n# Test Node version in chroot\necho \"Testing Node...\"\nCHROOT_NODE=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- node --version 2>&1 | tail -1) || CHROOT_NODE=\"FAILED\"\n\n# Test Go version in chroot\necho \"Testing Go...\"\nCHROOT_GO=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- go version 2>&1 | tail -1) || CHROOT_GO=\"FAILED\"\n\n# Save chroot versions\n{\n echo \"CHROOT_PYTHON_VERSION=$CHROOT_PYTHON\"\n echo \"CHROOT_NODE_VERSION=$CHROOT_NODE\"\n echo \"CHROOT_GO_VERSION=$CHROOT_GO\"\n} > /tmp/gh-aw/chroot-test/chroot-versions.env\n\ncat /tmp/gh-aw/chroot-test/chroot-versions.env\n\n# Compare versions and create results\nsource /tmp/gh-aw/chroot-test/host-versions.env\n\nPYTHON_MATCH=\"NO\"\nNODE_MATCH=\"NO\"\nGO_MATCH=\"NO\"\n\n# Compare Python (extract version number)\nHOST_PY_NUM=$(echo \"$HOST_PYTHON_VERSION\" | grep -oP '\\d+\\.\\d+\\.\\d+' || echo \"\")\nCHROOT_PY_NUM=$(echo \"$CHROOT_PYTHON\" | grep -oP '\\d+\\.\\d+\\.\\d+' || echo \"\")\n[ \"$HOST_PY_NUM\" = \"$CHROOT_PY_NUM\" ] && [ -n \"$HOST_PY_NUM\" ] && PYTHON_MATCH=\"YES\"\n\n# Compare Node (extract version number)\nHOST_NODE_NUM=$(echo \"$HOST_NODE_VERSION\" | grep -oP 'v\\d+\\.\\d+\\.\\d+' || echo \"\")\nCHROOT_NODE_NUM=$(echo \"$CHROOT_NODE\" | grep -oP 'v\\d+\\.\\d+\\.\\d+' || echo \"\")\n[ \"$HOST_NODE_NUM\" = \"$CHROOT_NODE_NUM\" ] && [ -n \"$HOST_NODE_NUM\" ] && NODE_MATCH=\"YES\"\n\n# Compare Go (extract version number)\nHOST_GO_NUM=$(echo \"$HOST_GO_VERSION\" | grep -oP 'go\\d+\\.\\d+(\\.\\d+)?' || echo \"\")\nCHROOT_GO_NUM=$(echo \"$CHROOT_GO\" | grep -oP 'go\\d+\\.\\d+(\\.\\d+)?' || echo \"\")\n[ \"$HOST_GO_NUM\" = \"$CHROOT_GO_NUM\" ] && [ -n \"$HOST_GO_NUM\" ] && GO_MATCH=\"YES\"\n\n# Create results summary\n{\n echo \"PYTHON_MATCH=$PYTHON_MATCH\"\n echo \"NODE_MATCH=$NODE_MATCH\"\n echo \"GO_MATCH=$GO_MATCH\"\n echo \"HOST_PY_NUM=$HOST_PY_NUM\"\n echo \"CHROOT_PY_NUM=$CHROOT_PY_NUM\"\n echo \"HOST_NODE_NUM=$HOST_NODE_NUM\"\n echo \"CHROOT_NODE_NUM=$CHROOT_NODE_NUM\"\n echo \"HOST_GO_NUM=$HOST_GO_NUM\"\n echo \"CHROOT_GO_NUM=$CHROOT_GO_NUM\"\n} > /tmp/gh-aw/chroot-test/results.env\n\ncat /tmp/gh-aw/chroot-test/results.env\n\n# Determine overall result\nif [ \"$PYTHON_MATCH\" = \"YES\" ] && [ \"$NODE_MATCH\" = \"YES\" ] && [ \"$GO_MATCH\" = \"YES\" ]; then\n echo \"ALL_TESTS_PASSED=true\" >> /tmp/gh-aw/chroot-test/results.env\n echo \"=== ALL CHROOT TESTS PASSED ===\"\nelse\n echo \"ALL_TESTS_PASSED=false\" >> /tmp/gh-aw/chroot-test/results.env\n echo \"=== SOME CHROOT TESTS FAILED ===\"\nfi\n" | |
| run: | | |
| echo "=== Running chroot version tests ===" | |
| # Ensure awf is available before running chroot tests | |
| if ! command -v awf >/dev/null 2>&1; then | |
| echo "awf binary is not installed; skipping chroot version tests." | |
| exit 0 | |
| fi | |
| # Capture GOROOT for chroot tests | |
| export GOROOT="$(go env GOROOT)" | |
| # Test Python version in chroot | |
| echo "Testing Python..." | |
| CHROOT_PYTHON=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- python3 --version 2>&1 | tail -1) || CHROOT_PYTHON="FAILED" | |
| # Test Node version in chroot | |
| echo "Testing Node..." | |
| CHROOT_NODE=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- node --version 2>&1 | tail -1) || CHROOT_NODE="FAILED" | |
| # Test Go version in chroot | |
| echo "Testing Go..." | |
| CHROOT_GO=$(sudo -E awf --enable-chroot --skip-pull --allow-domains localhost -- go version 2>&1 | tail -1) || CHROOT_GO="FAILED" | |
| # Save chroot versions | |
| { | |
| echo "CHROOT_PYTHON_VERSION=$CHROOT_PYTHON" | |
| echo "CHROOT_NODE_VERSION=$CHROOT_NODE" | |
| echo "CHROOT_GO_VERSION=$CHROOT_GO" | |
| } > /tmp/gh-aw/chroot-test/chroot-versions.env | |
| cat /tmp/gh-aw/chroot-test/chroot-versions.env | |
| # Compare versions and create results | |
| # shellcheck disable=SC1091 | |
| source /tmp/gh-aw/chroot-test/host-versions.env | |
| PYTHON_MATCH="NO" | |
| NODE_MATCH="NO" | |
| GO_MATCH="NO" | |
| # Compare Python (extract version number) | |
| HOST_PY_NUM=$(echo "$HOST_PYTHON_VERSION" | grep -oP '\d+\.\d+\.\d+' || echo "") | |
| CHROOT_PY_NUM=$(echo "$CHROOT_PYTHON" | grep -oP '\d+\.\d+\.\d+' || echo "") | |
| [ "$HOST_PY_NUM" = "$CHROOT_PY_NUM" ] && [ -n "$HOST_PY_NUM" ] && PYTHON_MATCH="YES" | |
| # Compare Node (extract version number) | |
| HOST_NODE_NUM=$(echo "$HOST_NODE_VERSION" | grep -oP 'v\d+\.\d+\.\d+' || echo "") | |
| CHROOT_NODE_NUM=$(echo "$CHROOT_NODE" | grep -oP 'v\d+\.\d+\.\d+' || echo "") | |
| [ "$HOST_NODE_NUM" = "$CHROOT_NODE_NUM" ] && [ -n "$HOST_NODE_NUM" ] && NODE_MATCH="YES" | |
| # Compare Go (extract version number) | |
| HOST_GO_NUM=$(echo "$HOST_GO_VERSION" | grep -oP 'go\d+\.\d+(\.\d+)?' || echo "") | |
| CHROOT_GO_NUM=$(echo "$CHROOT_GO" | grep -oP 'go\d+\.\d+(\.\d+)?' || echo "") | |
| [ "$HOST_GO_NUM" = "$CHROOT_GO_NUM" ] && [ -n "$HOST_GO_NUM" ] && GO_MATCH="YES" | |
| # Create results summary | |
| { | |
| echo "PYTHON_MATCH=$PYTHON_MATCH" | |
| echo "NODE_MATCH=$NODE_MATCH" | |
| echo "GO_MATCH=$GO_MATCH" | |
| echo "HOST_PY_NUM=$HOST_PY_NUM" | |
| echo "CHROOT_PY_NUM=$CHROOT_PY_NUM" | |
| echo "HOST_NODE_NUM=$HOST_NODE_NUM" | |
| echo "CHROOT_NODE_NUM=$CHROOT_NODE_NUM" | |
| echo "HOST_GO_NUM=$HOST_GO_NUM" | |
| echo "CHROOT_GO_NUM=$CHROOT_GO_NUM" | |
| } > /tmp/gh-aw/chroot-test/results.env | |
| cat /tmp/gh-aw/chroot-test/results.env | |
| # Determine overall result | |
| if [ "$PYTHON_MATCH" = "YES" ] && [ "$NODE_MATCH" = "YES" ] && [ "$GO_MATCH" = "YES" ]; then | |
| echo "ALL_TESTS_PASSED=true" >> /tmp/gh-aw/chroot-test/results.env | |
| echo "=== ALL CHROOT TESTS PASSED ===" | |
| else | |
| echo "ALL_TESTS_PASSED=false" >> /tmp/gh-aw/chroot-test/results.env | |
| echo "=== SOME CHROOT TESTS FAILED ===" | |
| fi |
| run: | | ||
| echo "=== Building local containers ===" | ||
| docker build -t ghcr.io/github/gh-aw-firewall/squid:latest containers/squid/ | ||
| docker build -t ghcr.io/github/gh-aw-firewall/agent:latest containers/agent/ |
There was a problem hiding this comment.
These frontmatter steps: run awf --enable-chroot ... but there is no preceding step in this workflow that installs or otherwise ensures awf is available on the runner before these commands execute. Add an explicit awf install step before Run chroot version tests (or restructure so the existing awf install in the compiled workflow happens before these steps).
| docker build -t ghcr.io/github/gh-aw-firewall/agent:latest containers/agent/ | |
| docker build -t ghcr.io/github/gh-aw-firewall/agent:latest containers/agent/ | |
| - name: Ensure awf is installed | |
| run: | | |
| echo "=== Ensuring awf is available ===" | |
| if ! command -v awf >/dev/null 2>&1; then | |
| echo "Error: 'awf' is required but not installed or not in PATH." >&2 | |
| exit 1 | |
| fi |
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
This generated workflow uses Checkout actions folder + uses: ./actions/setup, but the repository does not include an actions/setup action (no actions/ directory at repo root). The workflow will fail when resolving the local action. Use the previously pinned remote github/gh-aw/actions/setup@<sha> action, or vendor the required action into this repo and reference the correct path.
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@v1 |
| actions | ||
| persist-credentials: false | ||
| - name: Setup Scripts | ||
| uses: ./actions/setup |
There was a problem hiding this comment.
This generated workflow uses Checkout actions folder + uses: ./actions/setup, but the repository does not include an actions/setup action (no actions/ directory at repo root). The workflow will fail when resolving the local action. Use the previously pinned remote github/gh-aw/actions/setup@<sha> action, or vendor the required action into this repo and reference the correct path.
| uses: ./actions/setup | |
| uses: github/gh-aw/actions/setup@main |
Regenerate smoke-chroot.lock.yml with gh-aw v0.42.0 after merging origin/main to resolve conflicts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
Smoke Test ResultsLast 2 Merged PRs:
✅ GitHub MCP: Retrieved PRs successfully Overall: PASS cc @Mossaka
|
|
Smoke Test: Claude Engine - PASS Last 2 merged PRs:
✅ GitHub MCP (fetched PRs)
|
The smoke-chroot workflow was trying to run `sudo -E awf` commands before the awf CLI was built and installed. This adds the necessary npm ci, npm run build, and awf binary installation steps before the chroot version tests. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
Smoke Test Results Last 2 merged PRs:
✅ GitHub MCP - fetched recent PRs Status: PASS
|
- Quote values in host-versions.env to prevent bash interpretation - Extract version patterns directly with grep instead of using tail -1 (which captured awf's exit message instead of the version) - Simplify comparison logic since chroot versions are already extracted Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Smoke Test Results (Copilot)Last 2 Merged PRs:
Test Results:
Status: PARTIAL PASS (3/4 tests - Playwright timeout expected in firewall environment) cc @Mossaka
|
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
Smoke Test Results: Claude EngineRecent PRs:
Tests:
Status: PASS
|
Smoke Test Results (Copilot Engine)Last 2 Merged PRs:
Tests:
Overall Status: PASS cc @Mossaka
|
Take main's version of build-test lock files since PR #507 was merged first. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
Smoke Test Results (Copilot) - PASS ✅Last 2 Merged PRs:
Test Results:
Overall Status: PASS cc @Mossaka
|
|
Claude Smoke Test Results ✅ GitHub MCP: #494, #504 Status: PASS
|
Build Test: Go - Failed ❌Error: Unable to clone test repository The repository either:
Overall: FAIL - Cannot access test repository
|
Build Test: Bun - ❌ FAILEDResults
Overall: FAIL ErrorRepository The test repository needs to be created at https://github.com/Mossaka/gh-aw-firewall-test-bun before this test can run.
|
Build Test: Java - FAILEDSummary❌ Overall: FAILED ErrorThe test repository Expected RepositoryThe test requires access to
Action Required: Please verify the repository exists and is accessible, or update the test configuration with the correct repository URL.
|
Build Test: Node.js - FAILED ❌Error: Unable to clone test repository Cause: Repository requires authentication but no valid credentials are available. Required Action:
Overall: FAILED - Cannot access test repository
|
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Smoke Test ResultsLast 2 Merged PRs:
Test Results:
Overall Status: PASS cc @Mossaka
|
|
Smoke Test Results - Claude Engine Last 2 merged PRs:
✅ GitHub MCP Status: PASS
|
Build Test: Go - FAILEDSummary❌ Cannot proceed with tests - Repository not accessible IssueThe test repository Test Status
Overall: FAILED (Repository not accessible) Next StepsPlease verify:
|
Rust Build Test Results❌ FAILED - Unable to clone test repository Error: The test repository Action Required:
|
Build Test: Bun - ❌ FAILEDStatus: UNABLE TO COMPLETE IssueCannot access test repository ErrorRequired ActionTo run this test, please either:
Overall: FAIL (Cannot clone test repository)
|
Build Test: C++ - FAILED❌ Cannot complete test - Unable to clone test repository Error: Git is requesting authentication credentials. The repository appears to be private or requires authentication. Required Action:
Overall: FAIL (Repository access issue)
|
1 participant
Summary
steps:section (runs on runner before sandbox)Problem
The smoke-chroot workflow had a fundamental design flaw:
awf --enable-chrootcommandsError observed:
Solution
Restructure the workflow to run chroot tests in the frontmatter
steps:section:Setup steps (run directly on runner):
awf --enable-chrootcommands and capture results/tmp/gh-aw/chroot-test/Agent job (runs inside AWF sandbox):
/tmp/gh-aw/chroot-test/smoke-chrootlabel if all tests passThis approach avoids Docker-in-Docker while still validating the chroot feature end-to-end.
Test plan
🤖 Generated with Claude Code