diff --git a/.changeset/patch-remove-generated-mcp-workdir-field.md b/.changeset/patch-remove-generated-mcp-workdir-field.md new file mode 100644 index 0000000000..5263378323 --- /dev/null +++ b/.changeset/patch-remove-generated-mcp-workdir-field.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Removed the redundant `workdir` field from generated MCP server configurations so the JSON/TOML configs match expectations. diff --git a/.changeset/patch-remove-workdir-mcp-config.md b/.changeset/patch-remove-workdir-mcp-config.md new file mode 100644 index 0000000000..27a82a7e28 --- /dev/null +++ b/.changeset/patch-remove-workdir-mcp-config.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Removed the stray `workdir` field from generated MCP server configurations for agentic workflows so the output matches the expected schema. diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index f38c453649..3a87d047b5 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -542,7 +542,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 3d5bd1f6eb..a191ff349c 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -436,7 +436,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index b94df04956..228399be42 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -481,7 +481,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 3200e8a9f8..a91099490b 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -518,7 +518,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "$GITHUB_TOKEN" } diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 6aaf4c3300..3e576beb3a 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -406,7 +406,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 8919adf61c..91ac085ad8 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -426,7 +426,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "$GITHUB_TOKEN" } diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index de288148dd..9d85f78a11 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -208,7 +208,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 74a89d98d5..5276230ab4 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -484,7 +484,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index fff8f0567b..9d56f7ec2e 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -524,7 +524,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index dbcbaf734d..c81e85ad57 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1077,7 +1077,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/pkg/workflow/mcp-config-builtin.go b/pkg/workflow/mcp-config-builtin.go index 482ccb3307..1031078f5d 100644 --- a/pkg/workflow/mcp-config-builtin.go +++ b/pkg/workflow/mcp-config-builtin.go @@ -82,8 +82,6 @@ func renderAgenticWorkflowsMCPConfigWithOptions(yaml *strings.Builder, isLast bo yaml.WriteString(" \"entrypointArgs\": [\"mcp-server\"],\n") // Mount gh-aw binary (read-only), workspace (read-write for status/compile), and temp directory (read-write for logs) yaml.WriteString(" \"mounts\": [\"" + constants.DefaultGhAwMount + "\", \"" + constants.DefaultWorkspaceMount + "\", \"" + constants.DefaultTmpGhAwMount + "\"],\n") - // Set working directory to workspace for proper command execution context - yaml.WriteString(" \"workdir\": \"${{ github.workspace }}\",\n") // Note: tools field is NOT included here - the converter script adds it back // for Copilot. This keeps the gateway config compatible with the schema. @@ -138,8 +136,6 @@ func renderAgenticWorkflowsMCPConfigTOML(yaml *strings.Builder) { yaml.WriteString(" entrypointArgs = [\"mcp-server\"]\n") // Mount gh-aw binary (read-only), workspace (read-write for status/compile), and temp directory (read-write for logs) yaml.WriteString(" mounts = [\"" + constants.DefaultGhAwMount + "\", \"" + constants.DefaultWorkspaceMount + "\", \"" + constants.DefaultTmpGhAwMount + "\"]\n") - // Set working directory to workspace for proper command execution context - yaml.WriteString(" workdir = \"${{ github.workspace }}\"\n") // Use env_vars array to reference environment variables instead of embedding secrets yaml.WriteString(" env_vars = [\"GITHUB_TOKEN\"]\n") } diff --git a/pkg/workflow/mcp_config_refactor_test.go b/pkg/workflow/mcp_config_refactor_test.go index d4bed18939..32da544f5e 100644 --- a/pkg/workflow/mcp_config_refactor_test.go +++ b/pkg/workflow/mcp_config_refactor_test.go @@ -215,7 +215,6 @@ func TestRenderAgenticWorkflowsMCPConfigWithOptions(t *testing.T) { `"/opt/gh-aw:/opt/gh-aw:ro"`, // gh-aw binary mount (read-only) `"${{ github.workspace }}:${{ github.workspace }}:rw"`, // workspace mount (read-write) `"/tmp/gh-aw:/tmp/gh-aw:rw"`, // temp directory mount (read-write) - `"workdir": "${{ github.workspace }}"`, // working directory for command execution `"GITHUB_TOKEN": "\${GITHUB_TOKEN}"`, ` },`, }, @@ -236,7 +235,6 @@ func TestRenderAgenticWorkflowsMCPConfigWithOptions(t *testing.T) { `"/opt/gh-aw:/opt/gh-aw:ro"`, // gh-aw binary mount (read-only) `"${{ github.workspace }}:${{ github.workspace }}:rw"`, // workspace mount (read-write) `"/tmp/gh-aw:/tmp/gh-aw:rw"`, // temp directory mount (read-write) - `"workdir": "${{ github.workspace }}"`, // working directory for command execution // Security fix: Now uses shell variable instead of GitHub secret expression `"GITHUB_TOKEN": "$GITHUB_TOKEN"`, ` }`, @@ -390,7 +388,6 @@ func TestRenderAgenticWorkflowsMCPConfigTOML(t *testing.T) { `"/opt/gh-aw:/opt/gh-aw:ro"`, // gh-aw binary mount (read-only) `"${{ github.workspace }}:${{ github.workspace }}:rw"`, // workspace mount (read-write) `"/tmp/gh-aw:/tmp/gh-aw:rw"`, // temp directory mount (read-write) - `workdir = "${{ github.workspace }}"`, // working directory for command execution `env_vars = ["GITHUB_TOKEN"]`, }