Skip to content

chore: recompile all workflows with gh-aw v0.64.3#2779

Merged
lpcox merged 1 commit intomainfrom
chore/upgrade-recompile-workflows
Mar 29, 2026
Merged

chore: recompile all workflows with gh-aw v0.64.3#2779
lpcox merged 1 commit intomainfrom
chore/upgrade-recompile-workflows

Conversation

@lpcox
Copy link
Copy Markdown
Collaborator

@lpcox lpcox commented Mar 29, 2026

Summary

Recompiles all 31 agentic workflows with gh aw compile using gh-aw v0.64.3.

Version Upgrades

Component Before After
Compiler v0.64.2 v0.64.3
gh-aw-actions/setup v0.64.2 v0.64.3
AWF (Agent Workflow Firewall) v0.25.1 v0.25.3

Changes

  • 31 lock files recompiled
  • actions-lock.json updated with new pinned SHAs
  • agentics-maintenance.yml updated

Validation

✓ Compiled 31 workflow(s): 0 error(s), 1 warning(s)

The single warning is a known safe-inputs field in shared/go-make.md.

@lpcox
chore: recompile all workflows with gh-aw v0.64.3
98648f0 
Upgrades:
- Compiler: v0.64.2 → v0.64.3
- gh-aw-actions/setup: v0.64.2 → v0.64.3
- AWF: v0.25.1 → v0.25.3

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings March 29, 2026 15:48
@lpcox lpcox merged commit 6c9a412 into main Mar 29, 2026
11 checks passed
@lpcox lpcox deleted the chore/upgrade-recompile-workflows branch March 29, 2026 15:48
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Recompiles the repository’s agentic workflow lock files with gh-aw v0.64.3, updating pinned action SHAs and related runtime/firewall components.

Changes:

  • Recompiled 31 *.lock.yml workflow lock files to compiler v0.64.3 (including updated gh-aw-actions/setup pins).
  • Updated workflow runtime components (notably AWF v0.25.3 and ghcr.io/github/gh-aw-mcpg v0.2.8) and related job/guard logic emitted by the compiler.
  • Updated .github/aw/actions-lock.json and regenerated agentics-maintenance.yml to align with v0.64.3.

Reviewed changes

Copilot reviewed 33 out of 33 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
.github/workflows/semantic-function-refactor.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/release.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/plan.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/nightly-workflow-compiler.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/nightly-schema-updater.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/nightly-docs-reconciler.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/mcp-gateway-log-analyzer.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/large-payload-tester.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/issue-monster.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/integrity-filtering-audit.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/gpl-dependency-checker.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/github-mcp-guard-coverage-checker.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/ghcr-download-tracker.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/gateway-issue-dispatcher.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/duplicate-code-detector.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/daily-compliance-checker.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/go-fan.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/go-logger.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/guard-status-tracker.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/repo-assist.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/rust-guard-improver.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-allowonly.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-copilot.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-proxy-github-script.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-safeoutputs-discussions.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-safeoutputs-issues.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-safeoutputs-labels.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-safeoutputs-prs.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/smoke-safeoutputs-reviews.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/test-coverage-improver.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/test-improver.lock.yml Recompiled workflow lock to gh-aw v0.64.3; updated pinned action SHA and runtime components.
.github/workflows/agentics-maintenance.yml Regenerated maintenance workflow to align with gh-aw v0.64.3 and updated action pins.
.github/aw/actions-lock.json Added new v0.64.3 entries for pinned gh-aw actions SHAs used by regenerated workflows.
Comments suppressed due to low confidence (4)

.github/workflows/test-improver.lock.yml:539

  • The compiled mcpServers config does not include a "serena" MCP server/tool, but the source workflow (.github/workflows/test-improver.md:34) declares tools: serena: ["go"]. This mismatch will run without the intended Serena tool. Please reconcile by restoring Serena in the compiled MCP config or updating the .md and recompiling.
    .github/workflows/test-coverage-improver.lock.yml:540
  • The compiled mcpServers config does not include a "serena" MCP server/tool, but the source workflow (.github/workflows/test-coverage-improver.md:40) declares tools: serena: ["go"]. This discrepancy likely removes required tool capability at runtime. Please restore Serena in the compiled MCP config (and image download) or update the .md and recompile.
    .github/workflows/go-fan.lock.yml:536
  • The generated mcpServers config does not include a "serena" MCP server/tool even though the source workflow (.github/workflows/go-fan.md:38) declares tools: serena: ["go"]. This discrepancy likely removes required tool capability at runtime. Please reconcile by restoring Serena in the compiled config or updating the .md and recompiling.
          cat << GH_AW_MCP_CONFIG_0f15ae69f7126be7_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
          {
            "mcpServers": {
              "github": {
                "type": "stdio",

.github/workflows/smoke-copilot.lock.yml:638

  • The generated MCP config (mcpServers) includes github/playwright/safeoutputs but no "serena" server/tool, while the source workflow (.github/workflows/smoke-copilot.md:41) declares tools: serena: ["go"]. If the agent uses Serena, it will be unavailable. Please restore Serena in the compiled MCP config (and image download) or remove/update the Serena tool declaration in the .md and recompile.
          cat << GH_AW_MCP_CONFIG_c3a38ec817262fe0_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
          {
            "mcpServers": {
              "github": {
                "type": "stdio",

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/nightly-docs-reconciler.lock.yml
@@ -535,21 +533,6 @@ jobs:
]
}
}
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The generated mcpServers configuration in this workflow no longer includes a "serena" MCP server/tool, but the source workflow (.github/workflows/nightly-docs-reconciler.md:19) declares tools: serena: ["go"]. This mismatch likely causes missing-tool behavior if the agent expects Serena. Either restore the Serena MCP server entry (and its image download) in the compiled workflow, or remove/update the Serena tool declaration in the .md and recompile.

Suggested change
}
}
},
"serena": {
"type": "stdio",
"container": "ghcr.io/github/serena-mcp-server:latest"

Copilot uses AI. Check for mistakes.
Comment thread .github/workflows/duplicate-code-detector.lock.yml
Comment on lines 561 to 565
]
}
}
},
"serena": {
"type": "stdio",
"container": "ghcr.io/github/serena-mcp-server:latest",
"args": ["--network", "host"],
"entrypoint": "serena",
"entrypointArgs": ["start-mcp-server", "--context", "codex", "--project", "\${GITHUB_WORKSPACE}"],
"mounts": ["\${GITHUB_WORKSPACE}:\${GITHUB_WORKSPACE}:rw"],
"guard-policies": {
"write-sink": {
"accept": [
"*"
]
}
}
}
},
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This compiled workflow’s mcpServers config does not include a "serena" MCP server/tool, but the source (.github/workflows/duplicate-code-detector.md:17) declares tools: serena: ["go"]. If the agent uses Serena, it will be unavailable at runtime. Please reconcile by restoring Serena in the compiled MCP config (and image download) or updating the .md to remove/replace Serena and recompiling.

Copilot uses AI. Check for mistakes.
This was referenced Mar 29, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lpcox