Add compile-time warnings for push-to-pull-request-branch with target: "*"#20580
Add compile-time warnings for push-to-pull-request-branch with target: "*"#20580
Conversation
…rget: * Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds compile-time warnings for safe-outputs.push-to-pull-request-branch when configured with target: "*" to catch common misconfigurations earlier (missing checkout ref fetching and missing gating constraints).
Changes:
- Introduces
validatePushToPullRequestBranchWarningsplushasWildcardFetchto emit two warnings fortarget: "*"configurations. - Hooks the new validation into
Compiler.validateWorkflowData. - Adds unit tests validating both warnings and the wildcard-fetch helper behavior.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| pkg/workflow/push_to_pull_request_branch_warning_test.go | Adds tests asserting the new warnings are (or aren’t) emitted under various workflow configs. |
| pkg/workflow/push_to_pull_request_branch_validation.go | Implements the new warning validation logic and a helper for detecting wildcard fetch configuration. |
| pkg/workflow/compiler.go | Invokes the new warning validation during workflow compilation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| "github.com/github/gh-aw/pkg/console" | ||
| ) | ||
|
|
||
| var pushToPullRequestBranchValidationLog = newValidationLogger("push_to_pull_request_branch_validation") |
There was a problem hiding this comment.
newValidationLogger already appends _validation to the logger name. Passing "push_to_pull_request_branch_validation" here produces a duplicated suffix (e.g., workflow:push_to_pull_request_branch_validation_validation) and diverges from the convention used by other *_validation.go files (e.g., agent_validation.go). Use a domain like "push_to_pull_request_branch" instead so the logger name is consistent.
| var pushToPullRequestBranchValidationLog = newValidationLogger("push_to_pull_request_branch_validation") | |
| var pushToPullRequestBranchValidationLog = newValidationLogger("push_to_pull_request_branch") |
| // hasWildcardFetch reports whether any checkout configuration includes a fetch pattern | ||
| // that contains a wildcard ("*"), such as fetch: ["*"] or fetch: ["feature/*"]. | ||
| func hasWildcardFetch(checkoutConfigs []*CheckoutConfig) bool { | ||
| for _, cfg := range checkoutConfigs { | ||
| for _, ref := range cfg.Fetch { | ||
| if strings.Contains(ref, "*") { | ||
| return true | ||
| } | ||
| } |
There was a problem hiding this comment.
hasWildcardFetch currently returns true for any pattern containing * (e.g., feature/*). That doesn’t satisfy the warning text (“requires that all PR branches are fetched”) and will suppress the warning even though many PR head branches would still be unavailable. Consider tightening the check to patterns that actually cover arbitrary PR branch names (e.g., "*", and possibly "refs/pulls/open/*" if that’s intended), and keep the warning message aligned with what the check guarantees.
| func hasWildcardFetch(checkoutConfigs []*CheckoutConfig) bool { | ||
| for _, cfg := range checkoutConfigs { | ||
| for _, ref := range cfg.Fetch { | ||
| if strings.Contains(ref, "*") { | ||
| return true | ||
| } | ||
| } |
There was a problem hiding this comment.
hasWildcardFetch dereferences each element of checkoutConfigs without a nil check (cfg.Fetch). While ParseCheckoutConfigs returns non-nil entries today, this helper is generic and is unit-tested independently; a nil entry in the slice would panic. Add if cfg == nil { continue } (and optionally trim/normalize refs) to make the helper robust.
| name: "target=* with wildcard glob fetch does not emit warning", | ||
| content: `--- | ||
| on: push | ||
| safe-outputs: | ||
| push-to-pull-request-branch: | ||
| target: "*" | ||
| title-prefix: "[bot] " | ||
| checkout: | ||
| fetch: ["feature/*"] | ||
| --- | ||
|
|
||
| # Test Workflow | ||
| `, | ||
| expectWarning: false, | ||
| warningText: "push-to-pull-request-branch: target: \"*\" requires that all PR branches are fetched at checkout", | ||
| }, |
There was a problem hiding this comment.
This test case asserts that checkout.fetch: ["feature/*"] suppresses the wildcard-fetch warning. Given the warning text is about fetching all PR branches when target: "*", a scoped glob like feature/* won’t cover arbitrary PR head branches and should likely still warn (unless the warning message/semantics are changed). Update the expectation (and/or the validator) so the test matches the intended behavior.
- Add add-wizard command to CLI reference with --skip-secret flag (#20598) - Document that Codex web-search is disabled by default (#20607) - Clarify that draft is a configuration policy in create-pull-request (#20608) - Document compile-time warnings for push-to-pull-request-branch with target: "*" (#20580) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When
push-to-pull-request-branchis used withtarget: "*", two common misconfigurations cause silent runtime failures or overly broad permissions. This adds compile-time warnings for both.Warnings added
Missing wildcard fetch — warns when no checkout config includes a wildcard
fetchpattern (e.g.,fetch: ["*"]). Without this, the agent can't access arbitrary PR branches at runtime and will fail with confusing permission-like errors.No constraints — warns when neither
title-prefixnorlabelsis set, meaning any PR in the repo is a valid push target with no additional gating.Example
A workflow like this triggers both warnings:
Adding the recommended config suppresses both warnings:
Implementation
push_to_pull_request_branch_validation.go— newvalidatePushToPullRequestBranchWarningscompiler method andhasWildcardFetchhelpercompiler.go— calls new validation invalidateWorkflowDataafter existing safe-outputs checksWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git ache/uv/0.10.9/x--show-toplevel git(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel /tmp/go-build1028333668/b389/_testmain.go /usr/bin/unpigz -json GO111MODULE 64/bin/go /usr/bin/unpigz -d -c go /opt/hostedtoolcache/node/24.14.0/x64/bin/node -json GO111MODULE 64/bin/go node(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel infocmp rgo/bin/bash xterm-color go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git nfig/composer/vendor/bin/bash --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git node(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha prettier --check ache/node/24.14.0/x64/bin/node **/*.ts **/*.json --ignore-path golangci-lint t-36�� sistency_GoAndJavaScript1597055826/001/test-simple-frontmatter.md go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet tierignore GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel infocmp /usr/bin/git xterm-color go(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel gh 0/x64/bin/node /repos/actions/ggit --jq /usr/bin/git git arne�� --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/lib/sysstat--show-toplevel infocmp(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 0/x6�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git init�� GOMODCACHE go /usr/bin/infocmp on' --ignore-patgit GO111MODULE x_amd64/asm infocmp(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json .cfg k/gh-aw/gh-aw/ac--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/ace-editor.md rev-parse ache/node/24.14.0/x64/bin/node -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet t-82�� k/gh-aw/gh-aw/.github/workflows/audit-workflows.md -buildtags /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/gh-aw-test-runs/20260311-200232-50041/test-3194470180/.github/workflows config /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile remote.origin.urgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build1028333668/b422/_pkg_.a l ache/node/24.14.0/x64/bin/node -p main -lang=go1.25 ache/node/24.14.0/x64/bin/node(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git */*.ts' '**/*.jsgit GO111MODULE de/node/bin/bash--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE /usr/lib/git-cor**/*.cjs stat�� ath ../../../.pr**/*.json GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build1028333668/b389/importcfg -pack /tmp/go-build1028333668/b389/_testmain.go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/gh-aw-test-runs/20260311-200232-50041/test-2817916558/.github/workflows rev-parse /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -json GO111MODULE modules/@npmcli/--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build1028333668/b418/_pkg_.a -trimpath /usr/bin/git -p github.com/githurev-parse -lang=go1.25 git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git user.email test@example.comrev-parse /usr/bin/gh git rev-�� --show-toplevel gh /usr/bin/git list --json /usr/bin/git git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git git _inc�� --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel -tests /tmp/go-build1028333668/b413/repoutil.test -json GO111MODULE 64/bin/go /tmp/go-build1028333668/b413/repoutil.test -tes�� -test.paniconexit0 -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git GOMODCACHE go /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/node/24.14.0/x64/bin/node /usr/bin/git Secret: ${{ secrgit go /usr/bin/git git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git git _inc�� --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha vaScript1597055826/001/test-frontmatter-with-nested-objects.md GO111MODULE ache/go/1.25.0/x64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/link env 0232-50041/test-3164434626 GO111MODULE 8333668/b405/importcfg.link GOINSECURE GOMOD GOMODCACHE NVNgnGPLEQds7/eMdwFO3cBOLj36ZOwlHC/wPHmRHH07drGotDxh6_4/9rUbv3kNremote.origin.url(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel e/git /opt/hostedtoolcache/go/1.25.0/x64/bin/node -bool -buildtags /opt/hostedtoolc--show-toplevel node /opt�� install --package-lock-only /usr/bin/git /tmp/go-build102git -importcfg /usr/bin/git git(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel gh /usr/bin/git git comm�� -m Branch commit 0/x64/bin/node --show-toplevel git /usr/bin/git git(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel nly /usr/bin/git --show-toplevel node 0/x64/bin/node git rev-�� --show-toplevel git /usr/bin/git --show-toplevel node /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE n-dir/sh GOINSECURE GOMOD GOMODCACHE ZW/tWPxxXtalV18u1lBqPdQ/-G3FvrU0-trimpath(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE tions/setup/js/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE tions/setup/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 86_64/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE 64/bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE tail -10 ath ../../../.pr**/*.json GOPROXY 64/bin/go GOSUMDB GOWORK ache/go/1.25.0/x--show-toplevel go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha --show-toplevel nly /usr/bin/git --show-toplevel node 0/x64/bin/node git rev-�� --show-toplevel git /usr/bin/git --show-toplevel node ache/node/24.14.graphql git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE bin/sh GOINSECURE GOMOD GOMODCACHE go env '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json GO111MODULE de/node/bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha .*/\1/p Fj/loOf-cgjR6MKz--jq /usr/bin/git -json GO111MODULE cal/bin/node git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 0/x64/bin/node git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha h ../../../.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha h ../../../.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha h ../../../.pret.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha h ../../../.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags//usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel node /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git ache/node/24.14.graphql git(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 339599269/.github/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel go /usr/bin/git 3164434626 GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/uv/0.10.9/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcjs/fuzz_mentions_harness.cjs /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 0/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo modules/@npmcli/run-script/lib/node-gyp-bin/node GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build1028333668/b383/cli.test /tmp/go-build1028333668/b383/cli.test -test.testlogfile=/tmp/go-build1028333668/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE bash --no�� ath ../../../.pr**/*.json GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go go(http block)If you need me to access, download, or install something from one of these locations, you can either:
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.