From 8eba19498dfb73b5957e5e688f569b49082cdb97 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 00:20:34 +0000 Subject: [PATCH 1/9] Initial plan From 22e9208971cdf78164af9ba9a374f4f2e35c2ccf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 00:30:17 +0000 Subject: [PATCH 2/9] Add git credentials cleaner step before agent execution Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../agent-performance-analyzer.lock.yml | 2 + .../workflows/agent-persona-explorer.lock.yml | 2 + .github/workflows/ai-moderator.lock.yml | 2 + .github/workflows/archie.lock.yml | 2 + .github/workflows/artifacts-summary.lock.yml | 2 + .github/workflows/audit-workflows.lock.yml | 2 + .github/workflows/auto-triage-issues.lock.yml | 2 + .github/workflows/blog-auditor.lock.yml | 2 + .github/workflows/brave.lock.yml | 2 + .../breaking-change-checker.lock.yml | 2 + .github/workflows/changeset.lock.yml | 2 + .../workflows/chroma-issue-indexer.lock.yml | 2 + .github/workflows/ci-coach.lock.yml | 2 + .github/workflows/ci-doctor.lock.yml | 2 + .../claude-code-user-docs-review.lock.yml | 2 + .../cli-consistency-checker.lock.yml | 2 + .../workflows/cli-version-checker.lock.yml | 2 + .github/workflows/cloclo.lock.yml | 2 + .../workflows/code-scanning-fixer.lock.yml | 2 + .github/workflows/code-simplifier.lock.yml | 2 + .../codex-github-remote-mcp-test.lock.yml | 2 + .../commit-changes-analyzer.lock.yml | 2 + .../workflows/copilot-agent-analysis.lock.yml | 2 + .../copilot-cli-deep-research.lock.yml | 2 + .../copilot-pr-merged-report.lock.yml | 2 + .../copilot-pr-nlp-analysis.lock.yml | 2 + .../copilot-pr-prompt-analysis.lock.yml | 2 + .../copilot-session-insights.lock.yml | 2 + .github/workflows/craft.lock.yml | 2 + .../daily-assign-issue-to-user.lock.yml | 2 + .github/workflows/daily-choice-test.lock.yml | 2 + .../workflows/daily-cli-performance.lock.yml | 2 + .../workflows/daily-cli-tools-tester.lock.yml | 2 + .github/workflows/daily-code-metrics.lock.yml | 2 + .../workflows/daily-compiler-quality.lock.yml | 2 + .../daily-copilot-token-report.lock.yml | 2 + .github/workflows/daily-doc-updater.lock.yml | 2 + .github/workflows/daily-fact.lock.yml | 2 + .github/workflows/daily-file-diet.lock.yml | 2 + .../workflows/daily-firewall-report.lock.yml | 2 + .../workflows/daily-issues-report.lock.yml | 2 + .../daily-malicious-code-scan.lock.yml | 2 + .../daily-mcp-concurrency-analysis.lock.yml | 2 + .../daily-multi-device-docs-tester.lock.yml | 2 + .github/workflows/daily-news.lock.yml | 2 + .../daily-observability-report.lock.yml | 2 + .../daily-performance-summary.lock.yml | 2 + .github/workflows/daily-regulatory.lock.yml | 2 + .../workflows/daily-repo-chronicle.lock.yml | 2 + .../daily-safe-output-optimizer.lock.yml | 2 + .../workflows/daily-secrets-analysis.lock.yml | 2 + .github/workflows/daily-semgrep-scan.lock.yml | 2 + .../daily-syntax-error-quality.lock.yml | 2 + .../daily-team-evolution-insights.lock.yml | 2 + .github/workflows/daily-team-status.lock.yml | 2 + .../daily-testify-uber-super-expert.lock.yml | 2 + .../workflows/daily-workflow-updater.lock.yml | 2 + .github/workflows/deep-report.lock.yml | 2 + actions/setup/sh/clean_git_credentials.sh | 87 +++++++++++++++ pkg/workflow/compiler_yaml_main_job.go | 8 ++ pkg/workflow/git_config_test.go | 104 ++++++++++++++++++ pkg/workflow/yaml_generation.go | 9 ++ 62 files changed, 324 insertions(+) create mode 100755 actions/setup/sh/clean_git_credentials.sh diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 53a0fccd839..739dfda415c 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -810,6 +810,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 29dd87d1d34..e9b1bb750ec 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -684,6 +684,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 337802dce78..dfea787c455 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -645,6 +645,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index 96e1c159c29..14461d997c1 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -646,6 +646,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index ca5c3227fec..26aa21a5a32 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -603,6 +603,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index adee5838a72..8845606436b 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -782,6 +782,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index f6d63af4781..36af6423ea3 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -638,6 +638,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 9b8af53a490..f35050ca8e9 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -627,6 +627,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 6cdba1cdf43..1526cfb524e 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -639,6 +639,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index e888d9a3cec..681b6ea230f 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -624,6 +624,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 5f669650f65..f23d1b14b17 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -736,6 +736,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/chroma-issue-indexer.lock.yml b/.github/workflows/chroma-issue-indexer.lock.yml index c7a1387ec06..b60cf184d89 100644 --- a/.github/workflows/chroma-issue-indexer.lock.yml +++ b/.github/workflows/chroma-issue-indexer.lock.yml @@ -408,6 +408,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index df24a5a7d0e..d25b6cc98fe 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -681,6 +681,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index f35e41a3633..01cb4873059 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -797,6 +797,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index 1fa4596f973..a7fa92d9a61 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -619,6 +619,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 65f88abca9d..85da899d098 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -618,6 +618,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 758a64a611a..8bdcd6cfd65 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -649,6 +649,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 4bcd1357d2d..dbd531834d5 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -862,6 +862,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index a3b2e3a3a68..48b97182a6a 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -688,6 +688,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index 2992e9627c2..16d3125642a 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -614,6 +614,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index fae7d4c8745..b15cfbc4aa1 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -368,6 +368,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 9f5159a86eb..8abfc2caa26 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -611,6 +611,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index c53f6c78ef8..2a25cfa7eac 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -672,6 +672,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index cbb13e646b7..bc3baa03dda 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -638,6 +638,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 6f22f10d1b2..dbf512e04d9 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -650,6 +650,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 7e5abbc439f..bbb2c4de93b 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -730,6 +730,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index afe14f29032..f1b5e937d40 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -669,6 +669,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 339f8b67503..74879f282a7 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -739,6 +739,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index f92a5656850..716dcba83c4 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -673,6 +673,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index fbe0efd393f..67d0023f9ef 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -626,6 +626,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 95735a54f67..d4e30d923be 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -577,6 +577,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index d8b0ee691cc..1180dfec092 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -834,6 +834,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index b7c7f09d47f..533b2b6de53 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -684,6 +684,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index a6435fa8220..9d89ece7593 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -713,6 +713,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index e23169efad7..d789c7757c1 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -625,6 +625,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index b918430bbf6..8288c368b52 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -740,6 +740,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 4fffe728c0b..2fe801c3f64 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -626,6 +626,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index b04dc914457..e3dc3e8ff71 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -597,6 +597,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 892433d9af6..ba13dd9db15 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -636,6 +636,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index af5b95b2184..f052dd14440 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -740,6 +740,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 25d0fdb8016..e3904a915de 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -782,6 +782,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index d10695c5210..fcea86977f6 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -641,6 +641,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 150a97ac442..8a4cb230375 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -677,6 +677,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 83578030078..0c1a2834a1a 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -688,6 +688,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index b95cf4b7b31..78e7f1a01ab 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -800,6 +800,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 7fef55bf254..91791c7e04c 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -760,6 +760,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 0aa8511978e..811cad86744 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -1238,6 +1238,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 6d997e8d593..5ca02ca8326 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -1131,6 +1131,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 10aca4ae1b2..85c8fdc2580 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -676,6 +676,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 1c30a294edf..be3ef9efc54 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -720,6 +720,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 9bc8110580b..15f81dc8920 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -659,6 +659,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 104fcfafc39..9a1a9aff959 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -654,6 +654,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index d2d9d0118c1..c85088c7f89 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -622,6 +622,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index e266ff29d04..83ee10eb5fb 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -607,6 +607,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index da16a8e14d6..0103b16a21a 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -629,6 +629,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index b3fdaf4cc27..a398522e9a0 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -671,6 +671,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index eaaad5b4d87..c1388b2ff61 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -605,6 +605,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index ef20042c857..1540cd7741c 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -868,6 +868,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/actions/setup/sh/clean_git_credentials.sh b/actions/setup/sh/clean_git_credentials.sh new file mode 100755 index 00000000000..8a42adcd9be --- /dev/null +++ b/actions/setup/sh/clean_git_credentials.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env bash +# +# clean_git_credentials.sh - Remove git credentials from .git/config +# +# This script removes any git credentials that may have been left on disk +# accidentally by an injected step. It specifically targets the credentials +# in $GITHUB_WORKSPACE/.git/config to prevent credential leakage. +# +# This is a security measure to ensure that git credentials configured by +# custom steps or other workflow steps are removed before the agentic engine +# executes, preventing the agent from accessing or exfiltrating credentials. +# +# Exit codes: +# 0 - Success (credentials cleaned or no .git/config found) +# 1 - Error (failed to clean credentials) + +set -euo pipefail + +# Get the workspace directory (defaults to current GITHUB_WORKSPACE) +WORKSPACE="${GITHUB_WORKSPACE:-.}" +GIT_CONFIG_PATH="${WORKSPACE}/.git/config" + +echo "Cleaning git credentials from ${GIT_CONFIG_PATH}" + +# Check if .git/config exists +if [ ! -f "${GIT_CONFIG_PATH}" ]; then + echo "No .git/config found at ${GIT_CONFIG_PATH}, nothing to clean" + exit 0 +fi + +# Create a backup for safety (in case we need to debug) +BACKUP_PATH="${GIT_CONFIG_PATH}.backup-$(date +%s)" +cp "${GIT_CONFIG_PATH}" "${BACKUP_PATH}" +echo "Created backup at ${BACKUP_PATH}" + +# Remove credential helper configuration +# This removes lines like: +# [credential] +# helper = ... +# And any credential URL-specific configs like: +# [credential "https://github.com"] +# helper = ... +if git config --file "${GIT_CONFIG_PATH}" --remove-section credential 2>/dev/null; then + echo "Removed [credential] section from git config" +fi + +# Remove credential URL-specific sections using grep +# This handles multi-line credential sections with URLs +sed -i '/^\[credential /,/^\[/{ /^\[credential /d; /^\[/!d; }' "${GIT_CONFIG_PATH}" 2>/dev/null || true + +# Remove http extraheader (used by GitHub Actions for authentication) +# This is used by actions/checkout to authenticate +if git config --file "${GIT_CONFIG_PATH}" --unset-all http.extraheader 2>/dev/null; then + echo "Removed http.extraheader from git config" +fi + +# Remove any http..extraheader configurations +git config --file "${GIT_CONFIG_PATH}" --get-regexp '^http\..*\.extraheader$' 2>/dev/null | while read -r key _; do + git config --file "${GIT_CONFIG_PATH}" --unset-all "$key" || true + echo "Removed $key from git config" +done || true + +# Remove any credentials from remote URLs (https://username:password@github.com format) +# Replace authenticated URLs with unauthenticated ones +if git config --file "${GIT_CONFIG_PATH}" --get-regexp '^remote\..*\.url$' 2>/dev/null | grep -q '@'; then + echo "Found authenticated remote URLs, cleaning..." + git config --file "${GIT_CONFIG_PATH}" --get-regexp '^remote\..*\.url$' 2>/dev/null | while read -r key url; do + # Remove credentials from URL: https://user:pass@host -> https://host + clean_url=$(echo "$url" | sed -E 's|(https?://)([^@]+@)?(.*)|\1\3|') + if [ "$url" != "$clean_url" ]; then + git config --file "${GIT_CONFIG_PATH}" "$key" "$clean_url" + echo "Cleaned credentials from $key" + fi + done || true +fi + +echo "✓ Git credentials cleaned successfully" +echo "✓ Backup saved at ${BACKUP_PATH}" + +# Verify the file is still valid git config +if ! git config --file "${GIT_CONFIG_PATH}" --list >/dev/null 2>&1; then + echo "ERROR: Git config file is corrupted after cleaning, restoring backup" + cp "${BACKUP_PATH}" "${GIT_CONFIG_PATH}" + exit 1 +fi + +exit 0 diff --git a/pkg/workflow/compiler_yaml_main_job.go b/pkg/workflow/compiler_yaml_main_job.go index b658f8d992c..cb98a593e5c 100644 --- a/pkg/workflow/compiler_yaml_main_job.go +++ b/pkg/workflow/compiler_yaml_main_job.go @@ -231,6 +231,14 @@ func (c *Compiler) generateMainJobSteps(yaml *strings.Builder, data *WorkflowDat logFileFull := "/tmp/gh-aw/agent-stdio.log" + // Clean git credentials before executing the agentic engine + // This ensures that any credentials left on disk by custom steps are removed + // to prevent the agent from accessing or exfiltrating them + gitCleanerSteps := c.generateGitCredentialsCleanerStep() + for _, line := range gitCleanerSteps { + yaml.WriteString(line) + } + // Add AI execution step using the agentic engine c.generateEngineExecutionSteps(yaml, data, engine, logFileFull) diff --git a/pkg/workflow/git_config_test.go b/pkg/workflow/git_config_test.go index 14439164ce6..82e4d932d2f 100644 --- a/pkg/workflow/git_config_test.go +++ b/pkg/workflow/git_config_test.go @@ -108,3 +108,107 @@ func TestGitConfigurationStepsHelper(t *testing.T) { t.Error("Expected first line to have proper indentation for job step (6 spaces)") } } + +// TestGitCredentialsCleanerStep verifies that git credentials cleaner step is included before agent execution +func TestGitCredentialsCleanerStep(t *testing.T) { + // Create temporary directory for test files + tmpDir := testutil.TempDir(t, "git-cleaner-test") + + // Create a simple test workflow + testContent := `--- +on: push +permissions: + contents: read +engine: copilot +--- + +# Test Git Credentials Cleaner + +This is a test workflow to verify git credentials cleaner is included. +` + + testFile := filepath.Join(tmpDir, "test-git-cleaner.md") + if err := os.WriteFile(testFile, []byte(testContent), 0644); err != nil { + t.Fatal(err) + } + + // Compile the workflow + compiler := NewCompiler() + compiler.SetSkipValidation(true) + + workflowData, err := compiler.ParseWorkflowFile(testFile) + if err != nil { + t.Fatalf("Failed to parse workflow file: %v", err) + } + + // Generate YAML content + lockContent, err := compiler.generateYAML(workflowData, testFile) + if err != nil { + t.Fatalf("Failed to generate YAML: %v", err) + } + + // Verify git credentials cleaner step is present + if !strings.Contains(lockContent, "Clean git credentials") { + t.Error("Expected 'Clean git credentials' step to be present in compiled workflow") + } + + // Verify the cleaner script is called + if !strings.Contains(lockContent, "clean_git_credentials.sh") { + t.Error("Expected clean_git_credentials.sh script to be called") + } + + // Verify the cleaner step comes before the agent execution + // Find the positions of both steps + cleanerPos := strings.Index(lockContent, "Clean git credentials") + // The agent execution step is named "Execute GitHub Copilot CLI" (for Copilot engine) + // or similar names for other engines + agentPos := strings.Index(lockContent, "Execute GitHub Copilot CLI") + if agentPos == -1 { + // Try alternative patterns for other engines + agentPos = strings.Index(lockContent, "agentic_execution") + } + + if cleanerPos == -1 { + t.Fatal("Could not find 'Clean git credentials' step in compiled workflow") + } + + if agentPos == -1 { + t.Fatal("Could not find agent execution step in compiled workflow") + } + + // Verify cleaner comes before agent execution + if cleanerPos >= agentPos { + t.Error("Expected 'Clean git credentials' step to come before agent execution step") + } +} + +// TestGitCredentialsCleanerStepsHelper tests the generateGitCredentialsCleanerStep helper directly +func TestGitCredentialsCleanerStepsHelper(t *testing.T) { + compiler := NewCompiler() + + steps := compiler.generateGitCredentialsCleanerStep() + + // Verify we get expected number of lines (2 lines: name and run) + if len(steps) != 2 { + t.Errorf("Expected 2 lines in git credentials cleaner steps, got %d", len(steps)) + } + + // Verify the content of the steps + expectedContents := []string{ + "Clean git credentials", + "run: bash /opt/gh-aw/actions/clean_git_credentials.sh", + } + + fullContent := strings.Join(steps, "") + + for _, expected := range expectedContents { + if !strings.Contains(fullContent, expected) { + t.Errorf("Expected git credentials cleaner steps to contain '%s'", expected) + } + } + + // Verify proper indentation (should start with 6 spaces for job step level) + if !strings.HasPrefix(steps[0], " - name:") { + t.Error("Expected first line to have proper indentation for job step (6 spaces)") + } +} diff --git a/pkg/workflow/yaml_generation.go b/pkg/workflow/yaml_generation.go index 6f6bc7a42f8..49f9b27ad1d 100644 --- a/pkg/workflow/yaml_generation.go +++ b/pkg/workflow/yaml_generation.go @@ -23,3 +23,12 @@ func (c *Compiler) generateGitConfigurationStepsWithToken(token string) []string " echo \"Git configured with standard GitHub Actions identity\"\n", } } + +// generateGitCredentialsCleanerStep generates a step that removes git credentials from .git/config +// This is a security measure to prevent credentials left by injected steps from being accessed by the agent +func (c *Compiler) generateGitCredentialsCleanerStep() []string { + return []string{ + " - name: Clean git credentials\n", + " run: bash /opt/gh-aw/actions/clean_git_credentials.sh\n", + } +} From 4be0891fe2b8acc5f628710b5f63bbc80b86d31d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 00:36:39 +0000 Subject: [PATCH 3/9] Final validation: tests and linting passed Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/delight.lock.yml | 2 ++ .github/workflows/dependabot-burner.lock.yml | 2 ++ .github/workflows/dependabot-go-checker.lock.yml | 2 ++ .github/workflows/dependabot-project-manager.lock.yml | 2 ++ .github/workflows/dev-hawk.lock.yml | 2 ++ .github/workflows/dev.lock.yml | 2 ++ .github/workflows/developer-docs-consolidator.lock.yml | 2 ++ .github/workflows/dictation-prompt.lock.yml | 2 ++ .github/workflows/discussion-task-miner.lock.yml | 2 ++ .github/workflows/docs-noob-tester.lock.yml | 2 ++ .github/workflows/draft-pr-cleanup.lock.yml | 2 ++ .github/workflows/duplicate-code-detector.lock.yml | 2 ++ .github/workflows/example-custom-error-patterns.lock.yml | 2 ++ .github/workflows/example-permissions-warning.lock.yml | 2 ++ .github/workflows/example-workflow-analyzer.lock.yml | 2 ++ .github/workflows/firewall-escape.lock.yml | 2 ++ .github/workflows/firewall.lock.yml | 2 ++ .github/workflows/functional-pragmatist.lock.yml | 2 ++ .github/workflows/github-mcp-structural-analysis.lock.yml | 2 ++ .github/workflows/github-mcp-tools-report.lock.yml | 2 ++ .github/workflows/github-remote-mcp-auth-test.lock.yml | 2 ++ .github/workflows/glossary-maintainer.lock.yml | 2 ++ .github/workflows/go-fan.lock.yml | 2 ++ .github/workflows/go-logger.lock.yml | 2 ++ .github/workflows/go-pattern-detector.lock.yml | 2 ++ .github/workflows/grumpy-reviewer.lock.yml | 2 ++ .github/workflows/hourly-ci-cleaner.lock.yml | 2 ++ .github/workflows/instructions-janitor.lock.yml | 2 ++ .github/workflows/issue-arborist.lock.yml | 2 ++ .github/workflows/issue-classifier.lock.yml | 2 ++ .github/workflows/issue-monster.lock.yml | 2 ++ .github/workflows/issue-triage-agent.lock.yml | 2 ++ .github/workflows/jsweep.lock.yml | 2 ++ .github/workflows/layout-spec-maintainer.lock.yml | 2 ++ .github/workflows/lockfile-stats.lock.yml | 2 ++ .github/workflows/mcp-inspector.lock.yml | 2 ++ .github/workflows/mergefest.lock.yml | 2 ++ .github/workflows/metrics-collector.lock.yml | 2 ++ .github/workflows/notion-issue-summary.lock.yml | 2 ++ .github/workflows/org-health-report.lock.yml | 2 ++ .github/workflows/pdf-summary.lock.yml | 2 ++ .github/workflows/plan.lock.yml | 2 ++ .github/workflows/poem-bot.lock.yml | 2 ++ .github/workflows/portfolio-analyst.lock.yml | 2 ++ .github/workflows/pr-nitpick-reviewer.lock.yml | 2 ++ .github/workflows/pr-triage-agent.lock.yml | 2 ++ .github/workflows/prompt-clustering-analysis.lock.yml | 2 ++ .github/workflows/python-data-charts.lock.yml | 2 ++ .github/workflows/q.lock.yml | 2 ++ .github/workflows/release.lock.yml | 2 ++ .github/workflows/repo-audit-analyzer.lock.yml | 2 ++ .github/workflows/repo-tree-map.lock.yml | 2 ++ .github/workflows/repository-quality-improver.lock.yml | 2 ++ .github/workflows/research.lock.yml | 2 ++ .github/workflows/safe-output-health.lock.yml | 2 ++ .github/workflows/schema-consistency-checker.lock.yml | 2 ++ .github/workflows/scout.lock.yml | 2 ++ .github/workflows/security-compliance.lock.yml | 2 ++ .github/workflows/security-guard.lock.yml | 2 ++ .github/workflows/security-review.lock.yml | 2 ++ .github/workflows/semantic-function-refactor.lock.yml | 2 ++ .github/workflows/sergo.lock.yml | 2 ++ .github/workflows/slide-deck-maintainer.lock.yml | 2 ++ .github/workflows/smoke-claude.lock.yml | 2 ++ .github/workflows/smoke-codex.lock.yml | 2 ++ .github/workflows/smoke-copilot.lock.yml | 2 ++ .github/workflows/smoke-opencode.lock.yml | 2 ++ .github/workflows/smoke-project.lock.yml | 2 ++ .github/workflows/smoke-test-tools.lock.yml | 2 ++ .github/workflows/stale-repo-identifier.lock.yml | 2 ++ .github/workflows/static-analysis-report.lock.yml | 2 ++ .github/workflows/step-name-alignment.lock.yml | 2 ++ .github/workflows/sub-issue-closer.lock.yml | 2 ++ .github/workflows/super-linter.lock.yml | 2 ++ .github/workflows/technical-doc-writer.lock.yml | 2 ++ .github/workflows/terminal-stylist.lock.yml | 2 ++ .github/workflows/test-create-pr-error-handling.lock.yml | 2 ++ .github/workflows/test-dispatcher.lock.yml | 2 ++ .github/workflows/test-project-url-default.lock.yml | 2 ++ .github/workflows/test-workflow.lock.yml | 2 ++ .github/workflows/tidy.lock.yml | 2 ++ .github/workflows/typist.lock.yml | 2 ++ .github/workflows/ubuntu-image-analyzer.lock.yml | 2 ++ .github/workflows/unbloat-docs.lock.yml | 2 ++ .github/workflows/video-analyzer.lock.yml | 2 ++ .github/workflows/weekly-issue-summary.lock.yml | 2 ++ .github/workflows/workflow-generator.lock.yml | 2 ++ .github/workflows/workflow-health-manager.lock.yml | 2 ++ .github/workflows/workflow-normalizer.lock.yml | 2 ++ .github/workflows/workflow-skill-extractor.lock.yml | 2 ++ 90 files changed, 180 insertions(+) diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index f4040435a79..3d43c65817b 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -716,6 +716,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index a24b13b2f13..48b7865970a 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -856,6 +856,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 00eab194458..5f0b5c30614 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -656,6 +656,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/dependabot-project-manager.lock.yml b/.github/workflows/dependabot-project-manager.lock.yml index 1dabdc1f500..4d72d9e0ca4 100644 --- a/.github/workflows/dependabot-project-manager.lock.yml +++ b/.github/workflows/dependabot-project-manager.lock.yml @@ -904,6 +904,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index e735da03383..6b8183f8fc1 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -678,6 +678,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index b4aeac6f36e..24c18ea9a76 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -602,6 +602,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index d3c42c14f6e..15de672e512 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -701,6 +701,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index 580605b87a6..353a20a7f3d 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -608,6 +608,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 7a81c8ace07..2bbb4de1b7e 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -697,6 +697,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 8f720005ecd..5ee4f4dacdd 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -638,6 +638,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index 5481b46a698..110bb9951ef 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -639,6 +639,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 57f6d2a13c1..7d5f08271c2 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -684,6 +684,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/example-custom-error-patterns.lock.yml b/.github/workflows/example-custom-error-patterns.lock.yml index d1bc151e715..fe4b5b4c1d6 100644 --- a/.github/workflows/example-custom-error-patterns.lock.yml +++ b/.github/workflows/example-custom-error-patterns.lock.yml @@ -347,6 +347,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index d8d0b952566..51d2e210129 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -345,6 +345,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index ff832237bed..1afe19a43f9 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -668,6 +668,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 5f1c006252e..c3b740d82ec 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -655,6 +655,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 8ae20d576af..bf02a3b8fca 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -348,6 +348,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index a06cd51f56b..be53f3eafe5 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -610,6 +610,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 0e6930a93b1..0d4579db957 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -679,6 +679,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 009ece29520..adefde610bb 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -686,6 +686,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 5d2f997e0ca..3231d09427f 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -610,6 +610,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index cbce87f317e..6f67a0bcee1 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -649,6 +649,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index 6e29fc92b7e..0e0988a63f6 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -638,6 +638,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index c977df0e825..06ec6f02bf5 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -780,6 +780,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index 44e211a65a0..5f155b425ce 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -636,6 +636,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 39303d2ad85..ca68b829c17 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -715,6 +715,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index fd33f14811e..087d0584355 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -658,6 +658,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 84458d5b594..e8170f3ce2d 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -625,6 +625,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index f0096c9ca31..2ee04e21b0d 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -751,6 +751,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml index ef7b475fb49..a1da559d332 100644 --- a/.github/workflows/issue-classifier.lock.yml +++ b/.github/workflows/issue-classifier.lock.yml @@ -602,6 +602,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run AI Inference uses: actions/ai-inference@a6101c89c6feaecc585efdd8d461f18bb7896f20 # v2 env: diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 0c492e46df8..75d612f66ae 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -646,6 +646,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 41ea287c3db..f5aa28892e1 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -601,6 +601,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index ac63b388d1e..af69f41dcf5 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -641,6 +641,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 76e6d42d55f..0c7c4c3610c 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -613,6 +613,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index f4d1515adcd..20a1b7dba1d 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -620,6 +620,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 1c2b191584b..3e3a36f5ba9 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -981,6 +981,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index f463f428914..0b7fad1e343 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -622,6 +622,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 639c12ed816..7391d5090eb 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -453,6 +453,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 19a8695c53a..eecd1ed8a69 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -584,6 +584,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 2ecc81fafc9..0f5a6291f46 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -668,6 +668,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index afbbf2c1287..dc4cf06baed 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -730,6 +730,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 4d70f5f2ea5..8dfb69fb6d2 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -720,6 +720,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 6bc95922fcc..53be336b002 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -1211,6 +1211,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index 455f4056081..60458bd2a54 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -751,6 +751,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index fd4a1e783f1..8411c156904 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -786,6 +786,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index dca6f91040e..008f6ed0f95 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -722,6 +722,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 5d958e225e1..7f46d76b4d3 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -750,6 +750,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 01f44ad9a70..07458b7d464 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -740,6 +740,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index d2094d1b279..b972b5b23e2 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -808,6 +808,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index a84039ea97a..3e059182cf5 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -624,6 +624,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index fd0577815e3..96c4a5b55fc 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -641,6 +641,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index 8519bd62690..29b43ffe6e7 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -599,6 +599,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 04a15df9f50..23eb413e3e2 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -642,6 +642,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 70fc0d23eb0..2b4ec66aa11 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -625,6 +625,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 09c8f9a1254..229453750cb 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -696,6 +696,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index d4add74bed5..7ce0c40f38c 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -623,6 +623,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index be0d09e5d25..ba4e582a135 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -740,6 +740,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index a0caa46ba8e..9f46a05aba7 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -669,6 +669,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/security-guard.lock.yml b/.github/workflows/security-guard.lock.yml index 63c7f129aab..d96451c1034 100644 --- a/.github/workflows/security-guard.lock.yml +++ b/.github/workflows/security-guard.lock.yml @@ -589,6 +589,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index db3ad7a218b..8c299c10a89 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -784,6 +784,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index 3c3b2a6a051..2219975ea40 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -680,6 +680,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 58ec9380b6e..d3e0dc5ed06 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -638,6 +638,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 6ed3a44aa20..d6291603d8b 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -658,6 +658,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index da205be8a3b..20de64fa7c9 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -1443,6 +1443,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index c5c47de6b65..c90cbbf069d 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1006,6 +1006,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 000454e8b91..0d120975308 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1396,6 +1396,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml index 058d7779dac..2e58b50c4ae 100644 --- a/.github/workflows/smoke-opencode.lock.yml +++ b/.github/workflows/smoke-opencode.lock.yml @@ -1232,6 +1232,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Install OpenCode and jq run: | npm install -g "opencode-ai@${GH_AW_AGENT_VERSION}" diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index fb502dd5b15..03e9a5dd17b 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -1038,6 +1038,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 412d0bd5e69..65f1cf304ee 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -603,6 +603,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index d2601f56ab3..e471de3abef 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -737,6 +737,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index b6b8f3d0746..d75636c8e3f 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -692,6 +692,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index 11be97e88c1..7512d16f666 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -636,6 +636,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index bf2d3d866dc..ce5893876a0 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -668,6 +668,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index c45bd70aef0..5f7e647e083 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -651,6 +651,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 9fc0f174f7a..74a292c97c8 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -727,6 +727,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index f4c055772e6..f5a01133da9 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -603,6 +603,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index efae253e5bd..f2206c69889 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -622,6 +622,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 2ee00c2a3c9..a1b115b4bd0 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -555,6 +555,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index 66eb91592a7..ccaf98c09b0 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -786,6 +786,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index a45d067f148..5e0d0e17ea6 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -348,6 +348,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index a39d79d7ae6..3eb1553ebf4 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -704,6 +704,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 065797f4819..ac74fbd30c0 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -620,6 +620,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index e3be25e2f4b..641405babef 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -610,6 +610,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 18f4fc95254..cdc7c31aa4e 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -760,6 +760,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute Claude Code CLI id: agentic_execution # Allowed tools (sorted): diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 05babd3597d..4f419cdc2a6 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -636,6 +636,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index e28bfc8b36c..54a49e24d1d 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -659,6 +659,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 0f0d7c66a6c..4ef03852f7a 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -707,6 +707,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index d68b976972b..9037a3cec1e 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -782,6 +782,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index ee47625a968..d7be09c6b01 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -687,6 +687,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 465390912e3..5e92f92e267 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -673,6 +673,8 @@ jobs: env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt run: bash /opt/gh-aw/actions/print_prompt_summary.sh + - name: Clean git credentials + run: bash /opt/gh-aw/actions/clean_git_credentials.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): From 98618823518c767aec23758e6287c3a54c036d2e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 00:44:58 +0000 Subject: [PATCH 4/9] Remove backup creation from git credentials cleaner script Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/sh/clean_git_credentials.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/actions/setup/sh/clean_git_credentials.sh b/actions/setup/sh/clean_git_credentials.sh index 8a42adcd9be..801f8d71f3c 100755 --- a/actions/setup/sh/clean_git_credentials.sh +++ b/actions/setup/sh/clean_git_credentials.sh @@ -28,11 +28,6 @@ if [ ! -f "${GIT_CONFIG_PATH}" ]; then exit 0 fi -# Create a backup for safety (in case we need to debug) -BACKUP_PATH="${GIT_CONFIG_PATH}.backup-$(date +%s)" -cp "${GIT_CONFIG_PATH}" "${BACKUP_PATH}" -echo "Created backup at ${BACKUP_PATH}" - # Remove credential helper configuration # This removes lines like: # [credential] @@ -75,12 +70,10 @@ if git config --file "${GIT_CONFIG_PATH}" --get-regexp '^remote\..*\.url$' 2>/de fi echo "✓ Git credentials cleaned successfully" -echo "✓ Backup saved at ${BACKUP_PATH}" # Verify the file is still valid git config if ! git config --file "${GIT_CONFIG_PATH}" --list >/dev/null 2>&1; then - echo "ERROR: Git config file is corrupted after cleaning, restoring backup" - cp "${BACKUP_PATH}" "${GIT_CONFIG_PATH}" + echo "ERROR: Git config file is corrupted after cleaning" exit 1 fi From ec193a328c4172c6dee11c39dd171983b0eeb26d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 00:51:16 +0000 Subject: [PATCH 5/9] Add git remote remove origin to credentials cleanup Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/sh/clean_git_credentials.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/actions/setup/sh/clean_git_credentials.sh b/actions/setup/sh/clean_git_credentials.sh index 801f8d71f3c..0dd907ef62f 100755 --- a/actions/setup/sh/clean_git_credentials.sh +++ b/actions/setup/sh/clean_git_credentials.sh @@ -69,6 +69,12 @@ if git config --file "${GIT_CONFIG_PATH}" --get-regexp '^remote\..*\.url$' 2>/de done || true fi +# Remove the origin remote entirely to prevent any git operations that might use credentials +if git -C "${WORKSPACE}" remote get-url origin >/dev/null 2>&1; then + git -C "${WORKSPACE}" remote remove origin + echo "Removed origin remote" +fi + echo "✓ Git credentials cleaned successfully" # Verify the file is still valid git config From 5e75729f24c63897f14de2d61797c97284ed69df Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 01:10:01 +0000 Subject: [PATCH 6/9] Backup and restore git credentials instead of permanent removal Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../agent-performance-analyzer.lock.yml | 3 ++ actions/setup/sh/clean_git_credentials.sh | 30 +++++++------- actions/setup/sh/restore_git_credentials.sh | 41 +++++++++++++++++++ pkg/workflow/compiler_yaml_main_job.go | 7 ++++ pkg/workflow/yaml_generation.go | 10 +++++ 5 files changed, 75 insertions(+), 16 deletions(-) create mode 100755 actions/setup/sh/restore_git_credentials.sh diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 4e08897667b..32bbae4ee9f 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -830,6 +830,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/actions/setup/sh/clean_git_credentials.sh b/actions/setup/sh/clean_git_credentials.sh index 0dd907ef62f..dee356b246b 100755 --- a/actions/setup/sh/clean_git_credentials.sh +++ b/actions/setup/sh/clean_git_credentials.sh @@ -1,14 +1,11 @@ #!/usr/bin/env bash # -# clean_git_credentials.sh - Remove git credentials from .git/config +# clean_git_credentials.sh - Temporarily remove git credentials from .git/config # -# This script removes any git credentials that may have been left on disk -# accidentally by an injected step. It specifically targets the credentials -# in $GITHUB_WORKSPACE/.git/config to prevent credential leakage. -# -# This is a security measure to ensure that git credentials configured by -# custom steps or other workflow steps are removed before the agentic engine -# executes, preventing the agent from accessing or exfiltrating credentials. +# This script temporarily removes any git credentials that may have been left on disk +# accidentally by an injected step. It backs up the configuration so it can be restored +# after agent execution. This prevents the agent from accessing or exfiltrating credentials +# while still allowing safe-outputs operations that need git to work after agent execution. # # Exit codes: # 0 - Success (credentials cleaned or no .git/config found) @@ -19,8 +16,10 @@ set -euo pipefail # Get the workspace directory (defaults to current GITHUB_WORKSPACE) WORKSPACE="${GITHUB_WORKSPACE:-.}" GIT_CONFIG_PATH="${WORKSPACE}/.git/config" +BACKUP_DIR="/tmp/gh-aw/git-credentials-backup" +BACKUP_PATH="${BACKUP_DIR}/config.backup" -echo "Cleaning git credentials from ${GIT_CONFIG_PATH}" +echo "Backing up and cleaning git credentials from ${GIT_CONFIG_PATH}" # Check if .git/config exists if [ ! -f "${GIT_CONFIG_PATH}" ]; then @@ -28,6 +27,11 @@ if [ ! -f "${GIT_CONFIG_PATH}" ]; then exit 0 fi +# Create backup directory and save current config +mkdir -p "${BACKUP_DIR}" +cp "${GIT_CONFIG_PATH}" "${BACKUP_PATH}" +echo "Backed up git config to ${BACKUP_PATH}" + # Remove credential helper configuration # This removes lines like: # [credential] @@ -69,13 +73,7 @@ if git config --file "${GIT_CONFIG_PATH}" --get-regexp '^remote\..*\.url$' 2>/de done || true fi -# Remove the origin remote entirely to prevent any git operations that might use credentials -if git -C "${WORKSPACE}" remote get-url origin >/dev/null 2>&1; then - git -C "${WORKSPACE}" remote remove origin - echo "Removed origin remote" -fi - -echo "✓ Git credentials cleaned successfully" +echo "✓ Git credentials cleaned successfully (backed up for restoration)" # Verify the file is still valid git config if ! git config --file "${GIT_CONFIG_PATH}" --list >/dev/null 2>&1; then diff --git a/actions/setup/sh/restore_git_credentials.sh b/actions/setup/sh/restore_git_credentials.sh new file mode 100755 index 00000000000..6a878d7df9d --- /dev/null +++ b/actions/setup/sh/restore_git_credentials.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash +# +# restore_git_credentials.sh - Restore git credentials from backup +# +# This script restores git credentials that were backed up by clean_git_credentials.sh +# before agent execution. This allows safe-outputs operations that need git to work +# properly after the agent has completed its execution. +# +# Exit codes: +# 0 - Success (credentials restored or no backup found) +# 1 - Error (failed to restore credentials) + +set -euo pipefail + +# Get the workspace directory (defaults to current GITHUB_WORKSPACE) +WORKSPACE="${GITHUB_WORKSPACE:-.}" +GIT_CONFIG_PATH="${WORKSPACE}/.git/config" +BACKUP_DIR="/tmp/gh-aw/git-credentials-backup" +BACKUP_PATH="${BACKUP_DIR}/config.backup" + +echo "Restoring git credentials to ${GIT_CONFIG_PATH}" + +# Check if backup exists +if [ ! -f "${BACKUP_PATH}" ]; then + echo "No backup found at ${BACKUP_PATH}, nothing to restore" + exit 0 +fi + +# Restore the backup +cp "${BACKUP_PATH}" "${GIT_CONFIG_PATH}" +echo "Restored git config from ${BACKUP_PATH}" + +# Verify the file is still valid git config +if ! git config --file "${GIT_CONFIG_PATH}" --list >/dev/null 2>&1; then + echo "ERROR: Restored git config file is corrupted" + exit 1 +fi + +echo "✓ Git credentials restored successfully" + +exit 0 diff --git a/pkg/workflow/compiler_yaml_main_job.go b/pkg/workflow/compiler_yaml_main_job.go index cb98a593e5c..ea8d1537f65 100644 --- a/pkg/workflow/compiler_yaml_main_job.go +++ b/pkg/workflow/compiler_yaml_main_job.go @@ -245,6 +245,13 @@ func (c *Compiler) generateMainJobSteps(yaml *strings.Builder, data *WorkflowDat // Mark that we've completed agent execution - step order validation starts from here c.stepOrderTracker.MarkAgentExecutionComplete() + // Restore git credentials after agent execution + // This allows safe-outputs operations (like create_pull_request) to work properly + gitRestoreSteps := c.generateGitCredentialsRestoreStep() + for _, line := range gitRestoreSteps { + yaml.WriteString(line) + } + // Collect firewall logs BEFORE secret redaction so secrets in logs can be redacted if copilotEngine, ok := engine.(*CopilotEngine); ok { collectionSteps := copilotEngine.GetFirewallLogsCollectionStep(data) diff --git a/pkg/workflow/yaml_generation.go b/pkg/workflow/yaml_generation.go index 49f9b27ad1d..ebdb4267a3b 100644 --- a/pkg/workflow/yaml_generation.go +++ b/pkg/workflow/yaml_generation.go @@ -32,3 +32,13 @@ func (c *Compiler) generateGitCredentialsCleanerStep() []string { " run: bash /opt/gh-aw/actions/clean_git_credentials.sh\n", } } + +// generateGitCredentialsRestoreStep generates a step that restores git credentials from backup +// This allows safe-outputs operations that need git to work after agent execution +func (c *Compiler) generateGitCredentialsRestoreStep() []string { + return []string{ + " - name: Restore git credentials\n", + " if: always()\n", + " run: bash /opt/gh-aw/actions/restore_git_credentials.sh\n", + } +} From 32232e0ea2bc9336a838a97eb0ba1cde4d0b87f0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 01:18:03 +0000 Subject: [PATCH 7/9] Remove backup mechanism, regenerate git credentials instead Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../agent-performance-analyzer.lock.yml | 14 +++++-- .../workflows/agent-persona-explorer.lock.yml | 3 ++ .github/workflows/ai-moderator.lock.yml | 3 ++ .github/workflows/archie.lock.yml | 3 ++ .github/workflows/artifacts-summary.lock.yml | 3 ++ .github/workflows/audit-workflows.lock.yml | 3 ++ .github/workflows/auto-triage-issues.lock.yml | 3 ++ .github/workflows/blog-auditor.lock.yml | 3 ++ .github/workflows/brave.lock.yml | 3 ++ .../breaking-change-checker.lock.yml | 3 ++ .github/workflows/changeset.lock.yml | 3 ++ .../workflows/chroma-issue-indexer.lock.yml | 3 ++ .github/workflows/ci-coach.lock.yml | 3 ++ .github/workflows/ci-doctor.lock.yml | 3 ++ .../claude-code-user-docs-review.lock.yml | 3 ++ .../cli-consistency-checker.lock.yml | 3 ++ .../workflows/cli-version-checker.lock.yml | 3 ++ .github/workflows/cloclo.lock.yml | 3 ++ .../workflows/code-scanning-fixer.lock.yml | 3 ++ .github/workflows/code-simplifier.lock.yml | 3 ++ .../codex-github-remote-mcp-test.lock.yml | 3 ++ .../commit-changes-analyzer.lock.yml | 3 ++ .../workflows/copilot-agent-analysis.lock.yml | 3 ++ .../copilot-cli-deep-research.lock.yml | 3 ++ .../copilot-pr-merged-report.lock.yml | 3 ++ .../copilot-pr-nlp-analysis.lock.yml | 3 ++ .../copilot-pr-prompt-analysis.lock.yml | 3 ++ .../copilot-session-insights.lock.yml | 3 ++ .github/workflows/craft.lock.yml | 3 ++ .../daily-assign-issue-to-user.lock.yml | 3 ++ .github/workflows/daily-choice-test.lock.yml | 3 ++ .../workflows/daily-cli-performance.lock.yml | 3 ++ .../workflows/daily-cli-tools-tester.lock.yml | 3 ++ .github/workflows/daily-code-metrics.lock.yml | 3 ++ .../workflows/daily-compiler-quality.lock.yml | 3 ++ .../daily-copilot-token-report.lock.yml | 3 ++ .github/workflows/daily-doc-updater.lock.yml | 3 ++ .github/workflows/daily-fact.lock.yml | 3 ++ .github/workflows/daily-file-diet.lock.yml | 3 ++ .../workflows/daily-firewall-report.lock.yml | 3 ++ .../workflows/daily-issues-report.lock.yml | 3 ++ .../daily-malicious-code-scan.lock.yml | 3 ++ .../daily-mcp-concurrency-analysis.lock.yml | 3 ++ .../daily-multi-device-docs-tester.lock.yml | 3 ++ .github/workflows/daily-news.lock.yml | 3 ++ .../daily-observability-report.lock.yml | 3 ++ .../daily-performance-summary.lock.yml | 3 ++ .github/workflows/daily-regulatory.lock.yml | 3 ++ .../workflows/daily-repo-chronicle.lock.yml | 3 ++ .../daily-safe-output-optimizer.lock.yml | 3 ++ .../workflows/daily-secrets-analysis.lock.yml | 3 ++ .github/workflows/daily-semgrep-scan.lock.yml | 3 ++ .../daily-syntax-error-quality.lock.yml | 3 ++ .../daily-team-evolution-insights.lock.yml | 3 ++ .github/workflows/daily-team-status.lock.yml | 3 ++ .../daily-testify-uber-super-expert.lock.yml | 3 ++ .../workflows/daily-workflow-updater.lock.yml | 3 ++ .github/workflows/deep-report.lock.yml | 3 ++ .github/workflows/delight.lock.yml | 3 ++ .github/workflows/dependabot-burner.lock.yml | 3 ++ .../workflows/dependabot-go-checker.lock.yml | 3 ++ .../dependabot-project-manager.lock.yml | 3 ++ .github/workflows/dev-hawk.lock.yml | 3 ++ .github/workflows/dev.lock.yml | 3 ++ .../developer-docs-consolidator.lock.yml | 3 ++ .github/workflows/dictation-prompt.lock.yml | 3 ++ .../workflows/discussion-task-miner.lock.yml | 3 ++ .github/workflows/docs-noob-tester.lock.yml | 3 ++ .github/workflows/draft-pr-cleanup.lock.yml | 3 ++ .../duplicate-code-detector.lock.yml | 3 ++ .../example-custom-error-patterns.lock.yml | 3 ++ .../example-permissions-warning.lock.yml | 3 ++ .../example-workflow-analyzer.lock.yml | 3 ++ .github/workflows/firewall-escape.lock.yml | 3 ++ .github/workflows/firewall.lock.yml | 3 ++ .../workflows/functional-pragmatist.lock.yml | 3 ++ .../github-mcp-structural-analysis.lock.yml | 3 ++ .../github-mcp-tools-report.lock.yml | 3 ++ .../github-remote-mcp-auth-test.lock.yml | 3 ++ .../workflows/glossary-maintainer.lock.yml | 3 ++ .github/workflows/go-fan.lock.yml | 3 ++ .github/workflows/go-logger.lock.yml | 3 ++ .../workflows/go-pattern-detector.lock.yml | 3 ++ .github/workflows/grumpy-reviewer.lock.yml | 3 ++ .github/workflows/hourly-ci-cleaner.lock.yml | 3 ++ .../workflows/instructions-janitor.lock.yml | 3 ++ .github/workflows/issue-arborist.lock.yml | 3 ++ .github/workflows/issue-classifier.lock.yml | 3 ++ .github/workflows/issue-monster.lock.yml | 3 ++ .github/workflows/issue-triage-agent.lock.yml | 3 ++ .github/workflows/jsweep.lock.yml | 3 ++ .../workflows/layout-spec-maintainer.lock.yml | 3 ++ .github/workflows/lockfile-stats.lock.yml | 3 ++ .github/workflows/mcp-inspector.lock.yml | 3 ++ .github/workflows/mergefest.lock.yml | 3 ++ .github/workflows/metrics-collector.lock.yml | 3 ++ .../workflows/notion-issue-summary.lock.yml | 3 ++ .github/workflows/org-health-report.lock.yml | 3 ++ .github/workflows/pdf-summary.lock.yml | 3 ++ .github/workflows/plan.lock.yml | 3 ++ .github/workflows/poem-bot.lock.yml | 3 ++ .github/workflows/portfolio-analyst.lock.yml | 3 ++ .../workflows/pr-nitpick-reviewer.lock.yml | 3 ++ .github/workflows/pr-triage-agent.lock.yml | 3 ++ .../prompt-clustering-analysis.lock.yml | 3 ++ .github/workflows/python-data-charts.lock.yml | 3 ++ .github/workflows/q.lock.yml | 3 ++ .github/workflows/release.lock.yml | 3 ++ .../workflows/repo-audit-analyzer.lock.yml | 3 ++ .github/workflows/repo-tree-map.lock.yml | 3 ++ .../repository-quality-improver.lock.yml | 3 ++ .github/workflows/research.lock.yml | 3 ++ .github/workflows/safe-output-health.lock.yml | 3 ++ .../schema-consistency-checker.lock.yml | 3 ++ .github/workflows/scout.lock.yml | 3 ++ .../workflows/security-compliance.lock.yml | 3 ++ .github/workflows/security-guard.lock.yml | 3 ++ .github/workflows/security-review.lock.yml | 3 ++ .../semantic-function-refactor.lock.yml | 3 ++ .github/workflows/sergo.lock.yml | 3 ++ .../workflows/slide-deck-maintainer.lock.yml | 3 ++ .github/workflows/smoke-claude.lock.yml | 3 ++ .github/workflows/smoke-codex.lock.yml | 3 ++ .github/workflows/smoke-copilot.lock.yml | 3 ++ .github/workflows/smoke-opencode.lock.yml | 3 ++ .github/workflows/smoke-project.lock.yml | 3 ++ .github/workflows/smoke-test-tools.lock.yml | 3 ++ .../workflows/stale-repo-identifier.lock.yml | 3 ++ .../workflows/static-analysis-report.lock.yml | 3 ++ .../workflows/step-name-alignment.lock.yml | 3 ++ .github/workflows/sub-issue-closer.lock.yml | 3 ++ .github/workflows/super-linter.lock.yml | 3 ++ .../workflows/technical-doc-writer.lock.yml | 3 ++ .github/workflows/terminal-stylist.lock.yml | 3 ++ .../test-create-pr-error-handling.lock.yml | 3 ++ .github/workflows/test-dispatcher.lock.yml | 3 ++ .../test-project-url-default.lock.yml | 3 ++ .github/workflows/test-workflow.lock.yml | 3 ++ .github/workflows/tidy.lock.yml | 3 ++ .github/workflows/typist.lock.yml | 3 ++ .../workflows/ubuntu-image-analyzer.lock.yml | 3 ++ .github/workflows/unbloat-docs.lock.yml | 3 ++ .github/workflows/video-analyzer.lock.yml | 3 ++ .../workflows/weekly-issue-summary.lock.yml | 3 ++ .github/workflows/workflow-generator.lock.yml | 3 ++ .../workflow-health-manager.lock.yml | 3 ++ .../workflows/workflow-normalizer.lock.yml | 3 ++ .../workflow-skill-extractor.lock.yml | 3 ++ actions/setup/sh/clean_git_credentials.sh | 24 +++++------ actions/setup/sh/restore_git_credentials.sh | 41 ------------------- pkg/workflow/compiler_yaml_main_job.go | 7 ++-- pkg/workflow/yaml_generation.go | 10 ----- 152 files changed, 466 insertions(+), 71 deletions(-) delete mode 100755 actions/setup/sh/restore_git_credentials.sh diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 32bbae4ee9f..999c22be4a2 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -830,9 +830,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 16482c82fc8..dcafcce4bb4 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -704,6 +704,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 5e025cd6ac8..9385290648c 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -664,6 +664,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index e2bda722133..ed4580b5f76 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -668,6 +668,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 99b5e686d43..8deffd3840d 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -623,6 +623,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 9085a2dc8e4..1d0891e6318 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -879,6 +879,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 300000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index 4718f589dcf..fbcffacbdeb 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -674,6 +674,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 9f0a43faeb4..cf7b3d0bada 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -756,6 +756,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 1d742f82f86..bf074c9ee79 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -659,6 +659,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 9a86a71b67f..1e3b40a73cf 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -664,6 +664,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 902a34ad644..0aa45fb9072 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -751,6 +751,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/chroma-issue-indexer.lock.yml b/.github/workflows/chroma-issue-indexer.lock.yml index 0613c582099..13808f9c150 100644 --- a/.github/workflows/chroma-issue-indexer.lock.yml +++ b/.github/workflows/chroma-issue-indexer.lock.yml @@ -427,6 +427,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index cfa169b668f..dc95d56f235 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -701,6 +701,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 2752a880e65..a53b2279713 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -816,6 +816,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index fe9afb31d26..2c6b91db204 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -712,6 +712,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 0df7d7dcb32..f7efa3a2a75 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -638,6 +638,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 211e2217064..54453ea3a28 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -743,6 +743,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index a156721ed48..afadf4c4f97 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -1001,6 +1001,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index af805f9a2ec..146e53ac460 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -708,6 +708,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index a8f7b2421d1..0a3ab645e2b 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -634,6 +634,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index ad82799afaa..0e79e55fdd0 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -384,6 +384,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 91f7b9ebcbf..b1f6987e815 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -701,6 +701,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 95d88024253..e48e59cfffb 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -790,6 +790,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 63965212f39..7667e166557 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -680,6 +680,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 0b1f0d73a6b..d7077d16405 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -670,6 +670,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index e4fb3553b6e..d4f4494f692 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -753,6 +753,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index ecbddba854e..0829ca8a4de 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -689,6 +689,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 090f14aad65..a0f11f43b30 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -835,6 +835,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index c0432e1d2cd..007cfd6b30e 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -694,6 +694,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index e3ce55e33ec..c2a332b22f0 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -646,6 +646,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 2d2cff23355..97fdfb6e053 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -667,6 +667,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 17dcd23df42..b754ec115d2 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -853,6 +853,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index e4eff228100..38bce3c3273 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -704,6 +704,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index c5546cd45a6..7eeb0d2239f 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -809,6 +809,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 2d102ddff72..5bb7a47b9d9 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -665,6 +665,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index e10fa7c4238..6beb87af6de 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -763,6 +763,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 722f6e65810..25e9e930f14 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -742,6 +742,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 9e159210166..37f029e6c8e 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -612,6 +612,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index c4ededc93dc..18cd0382c12 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -677,6 +677,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index e7306d40cf1..f4c6ae507c6 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -763,6 +763,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 364bd83a297..fe59c6b32fb 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -801,6 +801,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 1ec1aa51280..bf2678123e8 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -661,6 +661,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 48dbb295eda..3a864e5c464 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -718,6 +718,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 595358e3f44..dcd8dc4c5e2 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -823,6 +823,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 1c861b043ce..387d694f6fa 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -824,6 +824,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 93253042d61..79705b8870a 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -776,6 +776,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 9ffb7f2d26a..5fb4059068b 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -1256,6 +1256,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index f5084d4e64b..4b3a217cfa3 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -1150,6 +1150,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 11a4c1db055..4d83f645b33 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -699,6 +699,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 6e5b484b433..609e06c1398 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -827,6 +827,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 300000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index ba3caa31ecb..401e4c7a7a2 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -679,6 +679,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 5b93b56a2f3..a587713c0ef 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -674,6 +674,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index d7daee35cfc..20d949182e5 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -663,6 +663,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index f303a6ae43d..ab5878be79f 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -696,6 +696,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index b7865af4842..07d8a6adc8a 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -649,6 +649,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 8707bc1f01b..59834355b6b 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -711,6 +711,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 38af3d9fc71..4512cf6ffa7 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -625,6 +625,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 7d43f6a1d04..f50570446e8 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -887,6 +887,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 21ffc9f642a..6bf517548c7 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -758,6 +758,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index 36b52f913b5..33c81b01f5b 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -892,6 +892,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 0f50d8439dd..b74583c673f 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -676,6 +676,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dependabot-project-manager.lock.yml b/.github/workflows/dependabot-project-manager.lock.yml index cef2e45f6fc..c042e9e0f03 100644 --- a/.github/workflows/dependabot-project-manager.lock.yml +++ b/.github/workflows/dependabot-project-manager.lock.yml @@ -940,6 +940,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 32d5f09b088..959053b84c5 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -714,6 +714,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index e2d0d8393c0..e67e4f636e7 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -622,6 +622,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 37cea095198..27581913244 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -818,6 +818,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index 45a2689730e..bf1425febb6 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -628,6 +628,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 7f0b23ccae1..2a567f85529 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -737,6 +737,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index be5e7ad022b..6e16ba2edf1 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -661,6 +661,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index 2bf5265ce17..f2e03ed06fa 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -675,6 +675,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index e05ac862a9b..16577e214b4 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -700,6 +700,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/example-custom-error-patterns.lock.yml b/.github/workflows/example-custom-error-patterns.lock.yml index 9c353e1b8f3..8aaa22bb62a 100644 --- a/.github/workflows/example-custom-error-patterns.lock.yml +++ b/.github/workflows/example-custom-error-patterns.lock.yml @@ -367,6 +367,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index 48fae89ef7b..f004d79b661 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -365,6 +365,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 3f59bad1468..3d0bcf773a4 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -757,6 +757,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index f2c3ce04015..a51943286bb 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -675,6 +675,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 95f777be7a1..48a3b2149a9 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -368,6 +368,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index 543d5324614..acb651d6ebe 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -630,6 +630,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index f17f3176ffb..b88304ac941 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -775,6 +775,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 991f6a7648a..73dcc1aa232 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -779,6 +779,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index fca2ff2bdaa..7b8f48e9df4 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -629,6 +629,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index f399e001b79..e536ab0b03f 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -696,6 +696,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index f1ef731d7e5..92e09dada8f 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -749,6 +749,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index 69dbcf5e58f..7a4d7393657 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -899,6 +899,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index 84f8d0e5b8a..fad686cf261 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -726,6 +726,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 9d8a92504b9..93f206ed919 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -735,6 +735,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 3869f649c0f..6d94ffd9431 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -678,6 +678,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index d0db54169eb..78f9a7fdd26 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -741,6 +741,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 4b0675a9c25..e0cdd2ce3f4 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -767,6 +767,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml index 946124863a1..e302831e39a 100644 --- a/.github/workflows/issue-classifier.lock.yml +++ b/.github/workflows/issue-classifier.lock.yml @@ -616,6 +616,9 @@ jobs: run: | echo "Custom steps execution completed" >> /tmp/gh-aw/agent-stdio.log touch /tmp/gh-aw/agent-stdio.log + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index b6f9a4da723..3daf3f2ce0b 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -665,6 +665,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index aeafdfbea08..a5a6403e552 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -621,6 +621,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index d21bd0245e1..50348613ae8 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -661,6 +661,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index ee7c190f765..49a13aea42d 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -662,6 +662,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index c93904f5e1e..d7090638734 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -713,6 +713,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 81bf96ff407..999c5738b35 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -1005,6 +1005,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 06a452ce14f..04eaa91cf61 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -681,6 +681,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 9d5829214b4..d0bf9648612 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -473,6 +473,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 9720f7791af..0f1f467ce68 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -604,6 +604,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 1a4adcb13c6..6032a71c085 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -691,6 +691,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index ab57443cbec..5052ef79e73 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -751,6 +751,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 978abbe184e..7eba1fb4b5b 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -741,6 +741,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 281f4a473d1..336f5903646 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -1258,6 +1258,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index bc4c16187bc..e5f325f7e8d 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -774,6 +774,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 4c20c66841e..84f81850c2c 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -807,6 +807,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 79d701d65a3..dce9ee80368 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -742,6 +742,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index a2ff31da93a..6e7b0e74eae 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -843,6 +843,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index c068ed7c9f5..2a1fa165fc5 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -763,6 +763,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 48c4a3ac4a2..18340180a51 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -829,6 +829,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 02e1bbef405..1c005975c6b 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -644,6 +644,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index edbfcaf1864..e977254e4e4 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -661,6 +661,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index cf1b6151487..036ee2a41ed 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -619,6 +619,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 6efcfa77d32..9ae0da574a4 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -662,6 +662,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 03012ca2fde..b0a00156c9f 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -646,6 +646,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index b2b5c58001e..3b4f35e6437 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -803,6 +803,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 300000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index a31b3e4126f..38ae0655264 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -716,6 +716,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index d1ca08a6389..bce1eee52ec 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -856,6 +856,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index c2edd1d083c..2adf7c1f0bc 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -689,6 +689,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/security-guard.lock.yml b/.github/workflows/security-guard.lock.yml index 38b8dd3a4d1..8b73d41662d 100644 --- a/.github/workflows/security-guard.lock.yml +++ b/.github/workflows/security-guard.lock.yml @@ -608,6 +608,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 201b96d4aa2..fb58d78d030 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -804,6 +804,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index 3e140da15a0..9e71a06c9ec 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -788,6 +788,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 4dae3b30e5f..4626d44a019 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -748,6 +748,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index cfb1a51662b..35ee13bb89a 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -717,6 +717,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 8fd231d6e73..ff35fed381b 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -1559,6 +1559,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 8682790998f..5b899c32835 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1022,6 +1022,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 643179790db..33ee52fcdfd 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1416,6 +1416,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml index 8dd617c4050..0df334d5d2c 100644 --- a/.github/workflows/smoke-opencode.lock.yml +++ b/.github/workflows/smoke-opencode.lock.yml @@ -1316,6 +1316,9 @@ jobs: run: | echo "Custom steps execution completed" >> /tmp/gh-aw/agent-stdio.log touch /tmp/gh-aw/agent-stdio.log + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index 28519a055ce..4b20c32618b 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -1058,6 +1058,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 30f22652aad..e201a7bb301 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -623,6 +623,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 60e28445e46..2485d460a44 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -760,6 +760,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 3d6012ad9cf..da49c176425 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -786,6 +786,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 600000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index 17a7958dc17..b720fc18f66 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -745,6 +745,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 25669a8fbb0..57054630d49 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -688,6 +688,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 49173265913..28b8ae1f4c1 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -671,6 +671,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index e2317a7499a..042f134910e 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -750,6 +750,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 67d4793af92..5dd18a080f2 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -623,6 +623,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index 687f463ddca..f93bcfde91b 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -715,6 +715,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 367800fef92..926fbb96bca 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -575,6 +575,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index d1a6297097f..3b4ad0256b0 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -806,6 +806,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index faa826dc7af..2a7c29ca32d 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -368,6 +368,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 91a036a113e..7125c5cc2f3 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -750,6 +750,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index ec677a6dde7..1793493c0ec 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -728,6 +728,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index c577e45eeaa..1a76335f7b4 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -655,6 +655,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 3f35857fcff..b1ec9f3ac7b 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -914,6 +914,9 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 32764ccf734..4f4ac1f8ce7 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -673,6 +673,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 6aa280bf417..797123e4c1c 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -682,6 +682,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 33bc444e209..5dea6edd187 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -727,6 +727,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index 6ff72121964..7584b6a97fb 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -802,6 +802,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index a3bf6ab338c..c72eaef64db 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -707,6 +707,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 9d36b81dc08..aa8c0ae5ef2 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -713,6 +713,9 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner + - name: Restore git credentials + if: always() + run: bash /opt/gh-aw/actions/restore_git_credentials.sh - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/actions/setup/sh/clean_git_credentials.sh b/actions/setup/sh/clean_git_credentials.sh index dee356b246b..801f8d71f3c 100755 --- a/actions/setup/sh/clean_git_credentials.sh +++ b/actions/setup/sh/clean_git_credentials.sh @@ -1,11 +1,14 @@ #!/usr/bin/env bash # -# clean_git_credentials.sh - Temporarily remove git credentials from .git/config +# clean_git_credentials.sh - Remove git credentials from .git/config # -# This script temporarily removes any git credentials that may have been left on disk -# accidentally by an injected step. It backs up the configuration so it can be restored -# after agent execution. This prevents the agent from accessing or exfiltrating credentials -# while still allowing safe-outputs operations that need git to work after agent execution. +# This script removes any git credentials that may have been left on disk +# accidentally by an injected step. It specifically targets the credentials +# in $GITHUB_WORKSPACE/.git/config to prevent credential leakage. +# +# This is a security measure to ensure that git credentials configured by +# custom steps or other workflow steps are removed before the agentic engine +# executes, preventing the agent from accessing or exfiltrating credentials. # # Exit codes: # 0 - Success (credentials cleaned or no .git/config found) @@ -16,10 +19,8 @@ set -euo pipefail # Get the workspace directory (defaults to current GITHUB_WORKSPACE) WORKSPACE="${GITHUB_WORKSPACE:-.}" GIT_CONFIG_PATH="${WORKSPACE}/.git/config" -BACKUP_DIR="/tmp/gh-aw/git-credentials-backup" -BACKUP_PATH="${BACKUP_DIR}/config.backup" -echo "Backing up and cleaning git credentials from ${GIT_CONFIG_PATH}" +echo "Cleaning git credentials from ${GIT_CONFIG_PATH}" # Check if .git/config exists if [ ! -f "${GIT_CONFIG_PATH}" ]; then @@ -27,11 +28,6 @@ if [ ! -f "${GIT_CONFIG_PATH}" ]; then exit 0 fi -# Create backup directory and save current config -mkdir -p "${BACKUP_DIR}" -cp "${GIT_CONFIG_PATH}" "${BACKUP_PATH}" -echo "Backed up git config to ${BACKUP_PATH}" - # Remove credential helper configuration # This removes lines like: # [credential] @@ -73,7 +69,7 @@ if git config --file "${GIT_CONFIG_PATH}" --get-regexp '^remote\..*\.url$' 2>/de done || true fi -echo "✓ Git credentials cleaned successfully (backed up for restoration)" +echo "✓ Git credentials cleaned successfully" # Verify the file is still valid git config if ! git config --file "${GIT_CONFIG_PATH}" --list >/dev/null 2>&1; then diff --git a/actions/setup/sh/restore_git_credentials.sh b/actions/setup/sh/restore_git_credentials.sh deleted file mode 100755 index 6a878d7df9d..00000000000 --- a/actions/setup/sh/restore_git_credentials.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/env bash -# -# restore_git_credentials.sh - Restore git credentials from backup -# -# This script restores git credentials that were backed up by clean_git_credentials.sh -# before agent execution. This allows safe-outputs operations that need git to work -# properly after the agent has completed its execution. -# -# Exit codes: -# 0 - Success (credentials restored or no backup found) -# 1 - Error (failed to restore credentials) - -set -euo pipefail - -# Get the workspace directory (defaults to current GITHUB_WORKSPACE) -WORKSPACE="${GITHUB_WORKSPACE:-.}" -GIT_CONFIG_PATH="${WORKSPACE}/.git/config" -BACKUP_DIR="/tmp/gh-aw/git-credentials-backup" -BACKUP_PATH="${BACKUP_DIR}/config.backup" - -echo "Restoring git credentials to ${GIT_CONFIG_PATH}" - -# Check if backup exists -if [ ! -f "${BACKUP_PATH}" ]; then - echo "No backup found at ${BACKUP_PATH}, nothing to restore" - exit 0 -fi - -# Restore the backup -cp "${BACKUP_PATH}" "${GIT_CONFIG_PATH}" -echo "Restored git config from ${BACKUP_PATH}" - -# Verify the file is still valid git config -if ! git config --file "${GIT_CONFIG_PATH}" --list >/dev/null 2>&1; then - echo "ERROR: Restored git config file is corrupted" - exit 1 -fi - -echo "✓ Git credentials restored successfully" - -exit 0 diff --git a/pkg/workflow/compiler_yaml_main_job.go b/pkg/workflow/compiler_yaml_main_job.go index ea8d1537f65..a35f2308720 100644 --- a/pkg/workflow/compiler_yaml_main_job.go +++ b/pkg/workflow/compiler_yaml_main_job.go @@ -245,10 +245,11 @@ func (c *Compiler) generateMainJobSteps(yaml *strings.Builder, data *WorkflowDat // Mark that we've completed agent execution - step order validation starts from here c.stepOrderTracker.MarkAgentExecutionComplete() - // Restore git credentials after agent execution + // Regenerate git credentials after agent execution // This allows safe-outputs operations (like create_pull_request) to work properly - gitRestoreSteps := c.generateGitCredentialsRestoreStep() - for _, line := range gitRestoreSteps { + // We regenerate the credentials rather than restoring from backup + gitConfigStepsAfterAgent := c.generateGitConfigurationSteps() + for _, line := range gitConfigStepsAfterAgent { yaml.WriteString(line) } diff --git a/pkg/workflow/yaml_generation.go b/pkg/workflow/yaml_generation.go index ebdb4267a3b..49f9b27ad1d 100644 --- a/pkg/workflow/yaml_generation.go +++ b/pkg/workflow/yaml_generation.go @@ -32,13 +32,3 @@ func (c *Compiler) generateGitCredentialsCleanerStep() []string { " run: bash /opt/gh-aw/actions/clean_git_credentials.sh\n", } } - -// generateGitCredentialsRestoreStep generates a step that restores git credentials from backup -// This allows safe-outputs operations that need git to work after agent execution -func (c *Compiler) generateGitCredentialsRestoreStep() []string { - return []string{ - " - name: Restore git credentials\n", - " if: always()\n", - " run: bash /opt/gh-aw/actions/restore_git_credentials.sh\n", - } -} From bb68eee92d1433288c34dd383c3c1f860a2713ff Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 01:24:32 +0000 Subject: [PATCH 8/9] Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/agent-persona-explorer.lock.yml | 14 +++++++++++--- .github/workflows/ai-moderator.lock.yml | 14 +++++++++++--- .github/workflows/archie.lock.yml | 14 +++++++++++--- .github/workflows/artifacts-summary.lock.yml | 14 +++++++++++--- .github/workflows/audit-workflows.lock.yml | 14 +++++++++++--- .github/workflows/auto-triage-issues.lock.yml | 14 +++++++++++--- .github/workflows/blog-auditor.lock.yml | 14 +++++++++++--- .github/workflows/brave.lock.yml | 14 +++++++++++--- .github/workflows/breaking-change-checker.lock.yml | 14 +++++++++++--- .github/workflows/changeset.lock.yml | 14 +++++++++++--- .github/workflows/chroma-issue-indexer.lock.yml | 14 +++++++++++--- .github/workflows/ci-coach.lock.yml | 14 +++++++++++--- .github/workflows/ci-doctor.lock.yml | 14 +++++++++++--- .../claude-code-user-docs-review.lock.yml | 14 +++++++++++--- .github/workflows/cli-consistency-checker.lock.yml | 14 +++++++++++--- .github/workflows/cli-version-checker.lock.yml | 14 +++++++++++--- .github/workflows/cloclo.lock.yml | 14 +++++++++++--- .github/workflows/code-scanning-fixer.lock.yml | 14 +++++++++++--- .github/workflows/code-simplifier.lock.yml | 14 +++++++++++--- .../codex-github-remote-mcp-test.lock.yml | 14 +++++++++++--- .github/workflows/commit-changes-analyzer.lock.yml | 14 +++++++++++--- .github/workflows/copilot-agent-analysis.lock.yml | 14 +++++++++++--- .../workflows/copilot-cli-deep-research.lock.yml | 14 +++++++++++--- .../workflows/copilot-pr-merged-report.lock.yml | 14 +++++++++++--- .github/workflows/copilot-pr-nlp-analysis.lock.yml | 14 +++++++++++--- .../workflows/copilot-pr-prompt-analysis.lock.yml | 14 +++++++++++--- .../workflows/copilot-session-insights.lock.yml | 14 +++++++++++--- .github/workflows/craft.lock.yml | 14 +++++++++++--- .../workflows/daily-assign-issue-to-user.lock.yml | 14 +++++++++++--- .github/workflows/daily-choice-test.lock.yml | 14 +++++++++++--- .github/workflows/daily-cli-performance.lock.yml | 14 +++++++++++--- .github/workflows/daily-cli-tools-tester.lock.yml | 14 +++++++++++--- .github/workflows/daily-code-metrics.lock.yml | 14 +++++++++++--- .github/workflows/daily-compiler-quality.lock.yml | 14 +++++++++++--- .../workflows/daily-copilot-token-report.lock.yml | 14 +++++++++++--- .github/workflows/daily-doc-updater.lock.yml | 14 +++++++++++--- .github/workflows/daily-fact.lock.yml | 14 +++++++++++--- .github/workflows/daily-file-diet.lock.yml | 14 +++++++++++--- .github/workflows/daily-firewall-report.lock.yml | 14 +++++++++++--- .github/workflows/daily-issues-report.lock.yml | 14 +++++++++++--- .../workflows/daily-malicious-code-scan.lock.yml | 14 +++++++++++--- .../daily-mcp-concurrency-analysis.lock.yml | 14 +++++++++++--- .../daily-multi-device-docs-tester.lock.yml | 14 +++++++++++--- .github/workflows/daily-news.lock.yml | 14 +++++++++++--- .../workflows/daily-observability-report.lock.yml | 14 +++++++++++--- .../workflows/daily-performance-summary.lock.yml | 14 +++++++++++--- .github/workflows/daily-regulatory.lock.yml | 14 +++++++++++--- .github/workflows/daily-repo-chronicle.lock.yml | 14 +++++++++++--- .../workflows/daily-safe-output-optimizer.lock.yml | 14 +++++++++++--- .github/workflows/daily-secrets-analysis.lock.yml | 14 +++++++++++--- .github/workflows/daily-semgrep-scan.lock.yml | 14 +++++++++++--- .../workflows/daily-syntax-error-quality.lock.yml | 14 +++++++++++--- .../daily-team-evolution-insights.lock.yml | 14 +++++++++++--- .github/workflows/daily-team-status.lock.yml | 14 +++++++++++--- .../daily-testify-uber-super-expert.lock.yml | 14 +++++++++++--- .github/workflows/daily-workflow-updater.lock.yml | 14 +++++++++++--- .github/workflows/deep-report.lock.yml | 14 +++++++++++--- .github/workflows/delight.lock.yml | 14 +++++++++++--- .github/workflows/dependabot-burner.lock.yml | 14 +++++++++++--- .github/workflows/dependabot-go-checker.lock.yml | 14 +++++++++++--- .../workflows/dependabot-project-manager.lock.yml | 14 +++++++++++--- .github/workflows/dev-hawk.lock.yml | 14 +++++++++++--- .github/workflows/dev.lock.yml | 14 +++++++++++--- .../workflows/developer-docs-consolidator.lock.yml | 14 +++++++++++--- .github/workflows/dictation-prompt.lock.yml | 14 +++++++++++--- .github/workflows/discussion-task-miner.lock.yml | 14 +++++++++++--- .github/workflows/docs-noob-tester.lock.yml | 14 +++++++++++--- .github/workflows/draft-pr-cleanup.lock.yml | 14 +++++++++++--- .github/workflows/duplicate-code-detector.lock.yml | 14 +++++++++++--- .../example-custom-error-patterns.lock.yml | 14 +++++++++++--- .../workflows/example-permissions-warning.lock.yml | 14 +++++++++++--- .../workflows/example-workflow-analyzer.lock.yml | 14 +++++++++++--- .github/workflows/firewall-escape.lock.yml | 14 +++++++++++--- .github/workflows/firewall.lock.yml | 14 +++++++++++--- .github/workflows/functional-pragmatist.lock.yml | 14 +++++++++++--- .../github-mcp-structural-analysis.lock.yml | 14 +++++++++++--- .github/workflows/github-mcp-tools-report.lock.yml | 14 +++++++++++--- .../workflows/github-remote-mcp-auth-test.lock.yml | 14 +++++++++++--- .github/workflows/glossary-maintainer.lock.yml | 14 +++++++++++--- .github/workflows/go-fan.lock.yml | 14 +++++++++++--- .github/workflows/go-logger.lock.yml | 14 +++++++++++--- .github/workflows/go-pattern-detector.lock.yml | 14 +++++++++++--- .github/workflows/grumpy-reviewer.lock.yml | 14 +++++++++++--- .github/workflows/hourly-ci-cleaner.lock.yml | 14 +++++++++++--- .github/workflows/instructions-janitor.lock.yml | 14 +++++++++++--- .github/workflows/issue-arborist.lock.yml | 14 +++++++++++--- .github/workflows/issue-classifier.lock.yml | 14 +++++++++++--- .github/workflows/issue-monster.lock.yml | 14 +++++++++++--- .github/workflows/issue-triage-agent.lock.yml | 14 +++++++++++--- .github/workflows/jsweep.lock.yml | 14 +++++++++++--- .github/workflows/layout-spec-maintainer.lock.yml | 14 +++++++++++--- .github/workflows/lockfile-stats.lock.yml | 14 +++++++++++--- .github/workflows/mcp-inspector.lock.yml | 14 +++++++++++--- .github/workflows/mergefest.lock.yml | 14 +++++++++++--- .github/workflows/metrics-collector.lock.yml | 14 +++++++++++--- .github/workflows/notion-issue-summary.lock.yml | 14 +++++++++++--- .github/workflows/org-health-report.lock.yml | 14 +++++++++++--- .github/workflows/pdf-summary.lock.yml | 14 +++++++++++--- .github/workflows/plan.lock.yml | 14 +++++++++++--- .github/workflows/poem-bot.lock.yml | 14 +++++++++++--- .github/workflows/portfolio-analyst.lock.yml | 14 +++++++++++--- .github/workflows/pr-nitpick-reviewer.lock.yml | 14 +++++++++++--- .github/workflows/pr-triage-agent.lock.yml | 14 +++++++++++--- .../workflows/prompt-clustering-analysis.lock.yml | 14 +++++++++++--- .github/workflows/python-data-charts.lock.yml | 14 +++++++++++--- .github/workflows/q.lock.yml | 14 +++++++++++--- .github/workflows/release.lock.yml | 14 +++++++++++--- .github/workflows/repo-audit-analyzer.lock.yml | 14 +++++++++++--- .github/workflows/repo-tree-map.lock.yml | 14 +++++++++++--- .../workflows/repository-quality-improver.lock.yml | 14 +++++++++++--- .github/workflows/research.lock.yml | 14 +++++++++++--- .github/workflows/safe-output-health.lock.yml | 14 +++++++++++--- .../workflows/schema-consistency-checker.lock.yml | 14 +++++++++++--- .github/workflows/scout.lock.yml | 14 +++++++++++--- .github/workflows/security-compliance.lock.yml | 14 +++++++++++--- .github/workflows/security-guard.lock.yml | 14 +++++++++++--- .github/workflows/security-review.lock.yml | 14 +++++++++++--- .../workflows/semantic-function-refactor.lock.yml | 14 +++++++++++--- .github/workflows/sergo.lock.yml | 14 +++++++++++--- .github/workflows/slide-deck-maintainer.lock.yml | 14 +++++++++++--- .github/workflows/smoke-claude.lock.yml | 14 +++++++++++--- .github/workflows/smoke-codex.lock.yml | 14 +++++++++++--- .github/workflows/smoke-copilot.lock.yml | 14 +++++++++++--- .github/workflows/smoke-opencode.lock.yml | 14 +++++++++++--- .github/workflows/smoke-project.lock.yml | 14 +++++++++++--- .github/workflows/smoke-test-tools.lock.yml | 14 +++++++++++--- .github/workflows/stale-repo-identifier.lock.yml | 14 +++++++++++--- .github/workflows/static-analysis-report.lock.yml | 14 +++++++++++--- .github/workflows/step-name-alignment.lock.yml | 14 +++++++++++--- .github/workflows/sub-issue-closer.lock.yml | 14 +++++++++++--- .github/workflows/super-linter.lock.yml | 14 +++++++++++--- .github/workflows/technical-doc-writer.lock.yml | 14 +++++++++++--- .github/workflows/terminal-stylist.lock.yml | 14 +++++++++++--- .../test-create-pr-error-handling.lock.yml | 14 +++++++++++--- .github/workflows/test-dispatcher.lock.yml | 14 +++++++++++--- .../workflows/test-project-url-default.lock.yml | 14 +++++++++++--- .github/workflows/test-workflow.lock.yml | 14 +++++++++++--- .github/workflows/tidy.lock.yml | 14 +++++++++++--- .github/workflows/typist.lock.yml | 14 +++++++++++--- .github/workflows/ubuntu-image-analyzer.lock.yml | 14 +++++++++++--- .github/workflows/unbloat-docs.lock.yml | 14 +++++++++++--- .github/workflows/video-analyzer.lock.yml | 14 +++++++++++--- .github/workflows/weekly-issue-summary.lock.yml | 14 +++++++++++--- .github/workflows/workflow-generator.lock.yml | 14 +++++++++++--- .github/workflows/workflow-health-manager.lock.yml | 14 +++++++++++--- .github/workflows/workflow-normalizer.lock.yml | 14 +++++++++++--- .../workflows/workflow-skill-extractor.lock.yml | 14 +++++++++++--- 147 files changed, 1617 insertions(+), 441 deletions(-) diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index dcafcce4bb4..cf2b8b5636e 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -704,9 +704,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 9385290648c..3b9bd3caf8b 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -664,9 +664,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index ed4580b5f76..41f0368c77f 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -668,9 +668,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 8deffd3840d..eeb7f83bea7 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -623,9 +623,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 1d0891e6318..07ad85ed9af 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -879,9 +879,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 300000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index fbcffacbdeb..ecc503eb749 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -674,9 +674,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index cf7b3d0bada..7c8b2298a10 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -756,9 +756,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index bf074c9ee79..a76445c22ee 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -659,9 +659,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 1e3b40a73cf..6e5aba55a5d 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -664,9 +664,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 0aa45fb9072..b46adbbadbd 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -751,9 +751,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/chroma-issue-indexer.lock.yml b/.github/workflows/chroma-issue-indexer.lock.yml index 13808f9c150..6409995142d 100644 --- a/.github/workflows/chroma-issue-indexer.lock.yml +++ b/.github/workflows/chroma-issue-indexer.lock.yml @@ -427,9 +427,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index dc95d56f235..87bb0c464f7 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -701,9 +701,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index a53b2279713..a2d7cece8d1 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -816,9 +816,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index 2c6b91db204..a2a633e2a87 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -712,9 +712,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index f7efa3a2a75..6165f89d33e 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -638,9 +638,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 54453ea3a28..9fc696391bf 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -743,9 +743,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index afadf4c4f97..c272bc99d69 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -1001,9 +1001,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index 146e53ac460..a84a9eeb6d1 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -708,9 +708,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index 0a3ab645e2b..f8044d1e0a6 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -634,9 +634,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index 0e79e55fdd0..703e6e4f5db 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -384,9 +384,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index b1f6987e815..4af067ca071 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -701,9 +701,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index e48e59cfffb..054e7ca32d0 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -790,9 +790,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 7667e166557..6b465aa250b 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -680,9 +680,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index d7077d16405..50bb70cabed 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -670,9 +670,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index d4f4494f692..a461c2749b2 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -753,9 +753,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 0829ca8a4de..0387e433dc1 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -689,9 +689,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index a0f11f43b30..65cb9187bde 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -835,9 +835,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index 007cfd6b30e..9a63ecf1e3f 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -694,9 +694,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index c2a332b22f0..481888b6816 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -646,9 +646,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 97fdfb6e053..3229ff666a3 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -667,9 +667,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index b754ec115d2..b483f6d2d7d 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -853,9 +853,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 38bce3c3273..7c053e6d3f3 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -704,9 +704,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 7eeb0d2239f..76684e32bd2 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -809,9 +809,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 5bb7a47b9d9..ea17ca39f34 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -665,9 +665,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index 6beb87af6de..360287f56d1 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -763,9 +763,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 25e9e930f14..08952d0e21f 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -742,9 +742,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 37f029e6c8e..c92bc40f795 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -612,9 +612,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 18cd0382c12..12cb3c1f228 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -677,9 +677,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index f4c6ae507c6..5dbe1e38627 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -763,9 +763,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index fe59c6b32fb..ad9c44de65b 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -801,9 +801,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index bf2678123e8..bd85aef2a37 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -661,9 +661,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 3a864e5c464..3367d7dcffa 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -718,9 +718,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index dcd8dc4c5e2..584bd73c262 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -823,9 +823,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 387d694f6fa..15af2ef6949 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -824,9 +824,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 79705b8870a..a43772ca735 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -776,9 +776,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 5fb4059068b..63b04f4a7b7 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -1256,9 +1256,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 4b3a217cfa3..b9a928fef47 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -1150,9 +1150,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 4d83f645b33..a31d0538207 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -699,9 +699,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 609e06c1398..125b657f795 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -827,9 +827,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 300000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 401e4c7a7a2..e126666026f 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -679,9 +679,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index a587713c0ef..7065099a654 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -674,9 +674,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 20d949182e5..973f88be398 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -663,9 +663,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index ab5878be79f..e79181ed09f 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -696,9 +696,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 07d8a6adc8a..ada1139d46a 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -649,9 +649,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 59834355b6b..564ae92b763 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -711,9 +711,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 4512cf6ffa7..573a112c878 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -625,9 +625,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index f50570446e8..5b9a52ec47a 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -887,9 +887,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 6bf517548c7..3155e1dcae6 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -758,9 +758,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index 33c81b01f5b..9700742b517 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -892,9 +892,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index b74583c673f..193155e0937 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -676,9 +676,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dependabot-project-manager.lock.yml b/.github/workflows/dependabot-project-manager.lock.yml index c042e9e0f03..60f4318e007 100644 --- a/.github/workflows/dependabot-project-manager.lock.yml +++ b/.github/workflows/dependabot-project-manager.lock.yml @@ -940,9 +940,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 959053b84c5..6ff81ba8e35 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -714,9 +714,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index e67e4f636e7..589e99aeffb 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -622,9 +622,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 27581913244..91211e65a51 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -818,9 +818,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index bf1425febb6..22dd8bfa683 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -628,9 +628,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 2a567f85529..aaa715a3152 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -737,9 +737,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 6e16ba2edf1..251f2563368 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -661,9 +661,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index f2e03ed06fa..e97236b58c2 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -675,9 +675,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 16577e214b4..ce8bcb4140a 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -700,9 +700,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/example-custom-error-patterns.lock.yml b/.github/workflows/example-custom-error-patterns.lock.yml index 8aaa22bb62a..9e07b078f47 100644 --- a/.github/workflows/example-custom-error-patterns.lock.yml +++ b/.github/workflows/example-custom-error-patterns.lock.yml @@ -367,9 +367,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index f004d79b661..6b2854b336f 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -365,9 +365,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 3d0bcf773a4..d3e2ec010b0 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -757,9 +757,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index a51943286bb..6ec8a02dbe1 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -675,9 +675,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 48a3b2149a9..339958b393b 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -368,9 +368,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index acb651d6ebe..8d1ecab7342 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -630,9 +630,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index b88304ac941..18e5a47b649 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -775,9 +775,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 73dcc1aa232..2a8f647fa87 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -779,9 +779,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 7b8f48e9df4..5a33f52e043 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -629,9 +629,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index e536ab0b03f..614a79063fd 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -696,9 +696,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index 92e09dada8f..45a82ceefd7 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -749,9 +749,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index 7a4d7393657..c4388629cfc 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -899,9 +899,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index fad686cf261..2c59ec321c5 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -726,9 +726,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 93f206ed919..096a7de7bae 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -735,9 +735,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 6d94ffd9431..2a7e2ee3245 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -678,9 +678,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 78f9a7fdd26..41386e1216e 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -741,9 +741,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index e0cdd2ce3f4..1d94c3ad066 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -767,9 +767,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml index e302831e39a..6cae8db6dbe 100644 --- a/.github/workflows/issue-classifier.lock.yml +++ b/.github/workflows/issue-classifier.lock.yml @@ -616,9 +616,17 @@ jobs: run: | echo "Custom steps execution completed" >> /tmp/gh-aw/agent-stdio.log touch /tmp/gh-aw/agent-stdio.log - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 3daf3f2ce0b..1f37fadbce0 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -665,9 +665,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index a5a6403e552..f41bcbc8f00 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -621,9 +621,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 50348613ae8..4e25de12b08 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -661,9 +661,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 49a13aea42d..065f08aa417 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -662,9 +662,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index d7090638734..8e5f55ef6a0 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -713,9 +713,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 999c5738b35..c396e9e4a01 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -1005,9 +1005,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 04eaa91cf61..f8f016e3285 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -681,9 +681,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index d0bf9648612..ab9241d923f 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -473,9 +473,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 0f1f467ce68..ebb6115e987 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -604,9 +604,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 6032a71c085..4182105f860 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -691,9 +691,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 5052ef79e73..455d7c4ac5a 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -751,9 +751,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 7eba1fb4b5b..f9b1a3b5367 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -741,9 +741,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 336f5903646..62fc94dceb6 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -1258,9 +1258,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index e5f325f7e8d..270a700bc32 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -774,9 +774,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 84f81850c2c..76a215ffc9e 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -807,9 +807,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index dce9ee80368..acabb800702 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -742,9 +742,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 6e7b0e74eae..c67492f0308 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -843,9 +843,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 2a1fa165fc5..28f48ec2b0e 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -763,9 +763,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 18340180a51..4a57b7356d7 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -829,9 +829,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 1c005975c6b..f7d5da3febc 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -644,9 +644,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index e977254e4e4..3082e7acb9e 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -661,9 +661,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index 036ee2a41ed..c70a85b52bb 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -619,9 +619,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 9ae0da574a4..d51e0ea4150 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -662,9 +662,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index b0a00156c9f..2f9a152d7e6 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -646,9 +646,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 3b4f35e6437..9cc4abd7f1e 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -803,9 +803,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 300000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 38ae0655264..c6de654d551 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -716,9 +716,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index bce1eee52ec..5b86c4a9072 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -856,9 +856,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index 2adf7c1f0bc..a8db38e6e2d 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -689,9 +689,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/security-guard.lock.yml b/.github/workflows/security-guard.lock.yml index 8b73d41662d..b7a68043412 100644 --- a/.github/workflows/security-guard.lock.yml +++ b/.github/workflows/security-guard.lock.yml @@ -608,9 +608,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index fb58d78d030..a8b02adacef 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -804,9 +804,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index 9e71a06c9ec..6d2ec92eb02 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -788,9 +788,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 4626d44a019..94d1a61e2b1 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -748,9 +748,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 35ee13bb89a..08f02b7e5da 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -717,9 +717,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index ff35fed381b..d5ac9107fa8 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -1559,9 +1559,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 5b899c32835..314551e9a0f 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1022,9 +1022,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} OPENAI_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} RUST_LOG: trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 33ee52fcdfd..86319c284fe 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1416,9 +1416,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml index 0df334d5d2c..2afd56efae5 100644 --- a/.github/workflows/smoke-opencode.lock.yml +++ b/.github/workflows/smoke-opencode.lock.yml @@ -1316,9 +1316,17 @@ jobs: run: | echo "Custom steps execution completed" >> /tmp/gh-aw/agent-stdio.log touch /tmp/gh-aw/agent-stdio.log - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index 4b20c32618b..f511459e269 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -1058,9 +1058,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index e201a7bb301..d26df2842cb 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -623,9 +623,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 2485d460a44..b36a63192d8 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -760,9 +760,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index da49c176425..2a43c0f5cc8 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -786,9 +786,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 600000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index b720fc18f66..b590eaac0da 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -745,9 +745,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 57054630d49..f8dd7e039c8 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -688,9 +688,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 28b8ae1f4c1..570961121bd 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -671,9 +671,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 042f134910e..4e51e34cf86 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -750,9 +750,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 5dd18a080f2..58e30769b71 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -623,9 +623,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index f93bcfde91b..e76c401f610 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -715,9 +715,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 926fbb96bca..5112f177c84 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -575,9 +575,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index 3b4ad0256b0..a2992d3c44e 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -806,9 +806,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index 2a7c29ca32d..6d7a20ce45a 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -368,9 +368,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 7125c5cc2f3..6b42fa73a71 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -750,9 +750,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 1793493c0ec..67f175acada 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -728,9 +728,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index 1a76335f7b4..1af09b156b3 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -655,9 +655,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index b1ec9f3ac7b..56527b6285c 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -914,9 +914,17 @@ jobs: GITHUB_WORKSPACE: ${{ github.workspace }} MCP_TIMEOUT: 120000 MCP_TOOL_TIMEOUT: 60000 - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Stop MCP gateway if: always() continue-on-error: true diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 4f4ac1f8ce7..d1dd1be2f34 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -673,9 +673,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 797123e4c1c..ab6eab2bbf9 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -682,9 +682,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 5dea6edd187..601538c5523 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -727,9 +727,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index 7584b6a97fb..dc787aa8469 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -802,9 +802,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index c72eaef64db..c435f234452 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -707,9 +707,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index aa8c0ae5ef2..34010fcbaa7 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -713,9 +713,17 @@ jobs: GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} XDG_CONFIG_HOME: /home/runner - - name: Restore git credentials - if: always() - run: bash /opt/gh-aw/actions/restore_git_credentials.sh + - name: Configure Git credentials + env: + REPO_NAME: ${{ github.repository }} + SERVER_URL: ${{ github.server_url }} + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + # Re-authenticate git with GitHub token + SERVER_URL_STRIPPED="${SERVER_URL#https://}" + git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true From e3d763a35668af019d3f11259cfd520beac396f5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 10 Feb 2026 01:38:41 +0000 Subject: [PATCH 9/9] Add changeset [skip-ci] --- .changeset/patch-clean-git-credentials.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/patch-clean-git-credentials.md diff --git a/.changeset/patch-clean-git-credentials.md b/.changeset/patch-clean-git-credentials.md new file mode 100644 index 00000000000..26e04c7812a --- /dev/null +++ b/.changeset/patch-clean-git-credentials.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Clean git credentials before agent execution so agents no longer inherit credentials from earlier steps.