From 12083e41ec2d5b6ce7d15c25319723424e135157 Mon Sep 17 00:00:00 2001 From: "anthropic-code-agent[bot]" <242468646+Claude@users.noreply.github.com> Date: Sat, 14 Mar 2026 18:27:44 +0000 Subject: [PATCH 1/5] Initial plan From 83c37f190c260792bdd51e63f665f05a1c43084c Mon Sep 17 00:00:00 2001 From: "anthropic-code-agent[bot]" <242468646+Claude@users.noreply.github.com> Date: Sat, 14 Mar 2026 18:41:19 +0000 Subject: [PATCH 2/5] Completing task Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> --- .../setup/sh/copilot_preflight_diagnostic.sh | 207 ++++++++++++++++++ pkg/workflow/copilot_engine_execution.go | 56 +++++ pkg/workflow/copilot_engine_test.go | 187 ++++++++++++---- pkg/workflow/engine_agent_import_test.go | 48 ++-- pkg/workflow/sandbox_mounts_test.go | 10 +- pkg/workflow/tools_timeout_test.go | 7 +- 6 files changed, 440 insertions(+), 75 deletions(-) create mode 100755 actions/setup/sh/copilot_preflight_diagnostic.sh diff --git a/actions/setup/sh/copilot_preflight_diagnostic.sh b/actions/setup/sh/copilot_preflight_diagnostic.sh new file mode 100755 index 00000000000..094810fb1aa --- /dev/null +++ b/actions/setup/sh/copilot_preflight_diagnostic.sh @@ -0,0 +1,207 @@ +#!/bin/bash +set -e + +# copilot_preflight_diagnostic.sh - Pre-flight diagnostic for Copilot engine on GHES +# +# This script performs diagnostic checks before executing Copilot CLI to provide +# clear error messages when Copilot is not properly configured on GHES instances. +# +# Checks performed: +# 1. Token exchange test - Validates COPILOT_GITHUB_TOKEN can exchange for Copilot access +# 2. GHES detection - Identifies GHES environments and validates configuration +# 3. API target validation - Ensures engine.api-target matches GITHUB_API_URL on GHES +# +# Exit codes: +# 0 - All checks passed, safe to proceed +# 1 - Critical failure, should fail the workflow + +# Check if we're on GHES (non-GitHub.com environment) +IS_GHES=false +if [ "$GITHUB_SERVER_URL" != "https://github.com" ]; then + IS_GHES=true + echo "🔍 Detected GitHub Enterprise Server environment" + echo " Server URL: $GITHUB_SERVER_URL" + echo " API URL: $GITHUB_API_URL" +fi + +# Test 1: Token exchange to Copilot inference API +echo "" +echo "🔍 Testing Copilot token exchange..." + +# Construct the token exchange endpoint +TOKEN_EXCHANGE_URL="${GITHUB_API_URL}/copilot_internal/v2/token" + +# Attempt token exchange using COPILOT_GITHUB_TOKEN +HTTP_STATUS=$(curl -s -o /tmp/copilot_token_exchange.json -w "%{http_code}" \ + -H "Authorization: Bearer ${COPILOT_GITHUB_TOKEN}" \ + -H "Accept: application/json" \ + "$TOKEN_EXCHANGE_URL" 2>&1 || echo "000") + +if [ "$HTTP_STATUS" = "200" ]; then + echo "✅ Token exchange successful (HTTP 200)" + echo " Copilot is licensed and accessible" +elif [ "$HTTP_STATUS" = "403" ]; then + # Parse error message from response + ERROR_MSG=$(cat /tmp/copilot_token_exchange.json 2>/dev/null | grep -o '"message":"[^"]*"' | cut -d'"' -f4 || echo "") + + echo "❌ Token exchange failed (HTTP 403)" + echo "" + + # Check for specific error messages + if echo "$ERROR_MSG" | grep -qi "not licensed"; then + { + echo "## ❌ Copilot Not Licensed" + echo "" + echo "The token exchange endpoint returned HTTP 403 with message:" + echo "\`\`\`" + echo "$ERROR_MSG" + echo "\`\`\`" + echo "" + echo "**This means Copilot is not licensed for this user/organization on GHES.**" + echo "" + echo "### How to fix:" + echo "1. Ask your GHES administrator to enable Copilot at the **enterprise level**" + echo "2. Ensure a Copilot seat is assigned to your user account" + echo "3. Verify your organization has Copilot enabled" + echo "" + echo "### GHES Admin Steps:" + echo "- Navigate to Enterprise settings → Copilot" + echo "- Enable Copilot for the enterprise" + echo "- Assign licenses to organizations" + echo "- Ensure users have seats assigned" + echo "" + echo "**Note:** This is a licensing issue, not a configuration problem with gh-aw." + } >> "$GITHUB_STEP_SUMMARY" + + echo "Copilot is not licensed for this user/org on GHES." >&2 + echo "Ask your GHES admin to enable Copilot at the enterprise level and assign a seat." >&2 + exit 1 + + elif echo "$ERROR_MSG" | grep -qi "not accessible by personal access token\|token type"; then + { + echo "## ❌ Incorrect Token Type" + echo "" + echo "The token exchange endpoint returned HTTP 403 with message:" + echo "\`\`\`" + echo "$ERROR_MSG" + echo "\`\`\`" + echo "" + echo "**The token type is not supported for Copilot access.**" + echo "" + echo "### How to fix:" + echo "- Ensure you're using a **fine-grained Personal Access Token** (starts with \`github_pat_\`)" + echo "- Configure the token with **Copilot Requests: Read-only** permission" + echo "- Do NOT use classic PATs (\`ghp_\`) or OAuth tokens (\`gho_\`)" + echo "" + echo "Create a fine-grained PAT at: https://${GITHUB_SERVER_URL#https://}/settings/personal-access-tokens/new" + } >> "$GITHUB_STEP_SUMMARY" + + echo "Token type is not supported for Copilot." >&2 + echo "Use a fine-grained PAT with Copilot Requests permission." >&2 + exit 1 + + else + # Generic 403 error + { + echo "## ❌ Copilot Access Denied" + echo "" + echo "The token exchange endpoint returned HTTP 403:" + echo "\`\`\`" + echo "$ERROR_MSG" + echo "\`\`\`" + echo "" + echo "**Common causes:**" + echo "- Copilot not licensed for this user/organization" + echo "- Incorrect token permissions" + echo "- Token type not supported" + echo "" + echo "Contact your GHES administrator for assistance." + } >> "$GITHUB_STEP_SUMMARY" + + echo "Token exchange failed with HTTP 403: $ERROR_MSG" >&2 + exit 1 + fi + +elif [ "$HTTP_STATUS" = "401" ]; then + { + echo "## ❌ Invalid or Expired Token" + echo "" + echo "The token exchange endpoint returned HTTP 401 (Unauthorized)." + echo "" + echo "**This means COPILOT_GITHUB_TOKEN is invalid or expired.**" + echo "" + echo "### How to fix:" + echo "1. Verify the secret is correctly configured in repository settings" + echo "2. Check if the token has expired (fine-grained PATs have expiration dates)" + echo "3. Regenerate the token if needed" + echo "4. Ensure the token has **Copilot Requests: Read-only** permission" + } >> "$GITHUB_STEP_SUMMARY" + + echo "COPILOT_GITHUB_TOKEN is invalid or expired (HTTP 401)" >&2 + exit 1 + +elif [ "$HTTP_STATUS" = "404" ]; then + { + echo "## ❌ Copilot Endpoint Not Found" + echo "" + echo "The token exchange endpoint returned HTTP 404 (Not Found)." + echo "" + echo "**This may indicate:**" + echo "- GHES version does not support Copilot" + echo "- Copilot infrastructure is not enabled on this instance" + echo "" + echo "### How to fix:" + echo "- Verify GHES version supports GitHub Copilot" + echo "- Ask your GHES admin to enable Copilot infrastructure" + echo "- Check endpoint URL: \`$TOKEN_EXCHANGE_URL\`" + } >> "$GITHUB_STEP_SUMMARY" + + echo "Copilot endpoint not found (HTTP 404) - GHES may not support Copilot" >&2 + exit 1 + +elif [ "$HTTP_STATUS" = "000" ] || [ -z "$HTTP_STATUS" ]; then + echo "⚠ī¸ Could not connect to token exchange endpoint" + echo " This may indicate network issues or firewall blocking" + echo " Proceeding with Copilot execution (will fail if endpoint is truly unavailable)" + # Don't exit - let Copilot CLI fail with its own error if needed + +else + echo "⚠ī¸ Unexpected response from token exchange endpoint (HTTP $HTTP_STATUS)" + echo " Proceeding with Copilot execution" + # Don't exit - unexpected statuses should not block execution +fi + +# Test 2: GHES-specific validation +if [ "$IS_GHES" = true ]; then + echo "" + echo "🔍 Running GHES-specific checks..." + + # Check if engine.api-target is set (should match GITHUB_API_URL) + # This env var would be set by the compiler if engine.api-target is configured + if [ -n "$COPILOT_API_TARGET" ]; then + if [ "$COPILOT_API_TARGET" != "$GITHUB_API_URL" ]; then + echo "⚠ī¸ Warning: engine.api-target ($COPILOT_API_TARGET) does not match GITHUB_API_URL ($GITHUB_API_URL)" + echo " This may cause API routing issues" + else + echo "✅ engine.api-target matches GITHUB_API_URL" + fi + else + echo "ℹī¸ engine.api-target not configured (using default GITHUB_API_URL)" + fi + + # Verify GHES API domain is accessible + GHES_DOMAIN=$(echo "$GITHUB_API_URL" | sed -E 's|https?://([^/]+).*|\1|') + if [ -n "$GHES_DOMAIN" ]; then + echo "ℹī¸ GHES API domain: $GHES_DOMAIN" + echo " Ensure this domain is in network.allowed if using firewall" + fi +fi + +echo "" +echo "✅ Pre-flight diagnostic completed" +echo " Proceeding with Copilot CLI execution..." + +# Clean up temporary files +rm -f /tmp/copilot_token_exchange.json + +exit 0 diff --git a/pkg/workflow/copilot_engine_execution.go b/pkg/workflow/copilot_engine_execution.go index ceeeb0d406e..7d13b1218c7 100644 --- a/pkg/workflow/copilot_engine_execution.go +++ b/pkg/workflow/copilot_engine_execution.go @@ -40,6 +40,14 @@ func (e *CopilotEngine) GetExecutionSteps(workflowData *WorkflowData, logFile st var steps []GitHubActionStep + // Add pre-flight diagnostic step before Copilot CLI execution + // This helps diagnose licensing and configuration issues on GHES + preflightStep := generateCopilotPreflightDiagnosticStep(workflowData) + if len(preflightStep) > 0 { + steps = append(steps, preflightStep) + copilotExecLog.Print("Added pre-flight diagnostic step") + } + // Build copilot CLI arguments based on configuration var copilotArgs []string sandboxEnabled := isFirewallEnabled(workflowData) @@ -446,3 +454,51 @@ func generateCopilotSessionFileCopyStep() GitHubActionStep { return GitHubActionStep(step) } + +// generateCopilotPreflightDiagnosticStep generates a pre-flight diagnostic step that runs +// before Copilot CLI execution to detect and report licensing/configuration issues early. +// This is especially helpful on GHES where errors are often opaque. +// +// The diagnostic checks: +// 1. Token exchange to Copilot inference API (validates licensing and token validity) +// 2. GHES-specific configuration validation (api-target, network domains) +// +// The step is skipped when: +// - copilot-requests feature is enabled (uses GitHub Actions token, no separate token needed) +// - custom command is specified (non-standard Copilot setup) +func generateCopilotPreflightDiagnosticStep(workflowData *WorkflowData) GitHubActionStep { + // Skip if copilot-requests feature is enabled (uses GitHub Actions token) + if isFeatureEnabled(constants.CopilotRequestsFeatureFlag, workflowData) { + copilotExecLog.Print("Skipping pre-flight diagnostic: copilot-requests feature enabled") + return GitHubActionStep{} + } + + // Skip if custom command is specified (non-standard setup) + if workflowData.EngineConfig != nil && workflowData.EngineConfig.Command != "" { + copilotExecLog.Print("Skipping pre-flight diagnostic: custom command specified") + return GitHubActionStep{} + } + + copilotExecLog.Print("Generating Copilot pre-flight diagnostic step") + + var step []string + step = append(step, " - name: Copilot pre-flight diagnostic") + step = append(step, " id: copilot-preflight") + step = append(step, " continue-on-error: true") + step = append(step, " env:") + + // Use COPILOT_GITHUB_TOKEN for the diagnostic + // #nosec G101 -- This is a GitHub Actions expression template, not a hardcoded credential + step = append(step, " COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}") + step = append(step, " GITHUB_SERVER_URL: ${{ github.server_url }}") + step = append(step, " GITHUB_API_URL: ${{ github.api_url }}") + + // Pass engine.api-target if configured + if workflowData.EngineConfig != nil && workflowData.EngineConfig.APITarget != "" { + step = append(step, " COPILOT_API_TARGET: "+workflowData.EngineConfig.APITarget) + } + + step = append(step, " run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh") + + return GitHubActionStep(step) +} diff --git a/pkg/workflow/copilot_engine_test.go b/pkg/workflow/copilot_engine_test.go index 82397781e2b..7f9a2caa907 100644 --- a/pkg/workflow/copilot_engine_test.go +++ b/pkg/workflow/copilot_engine_test.go @@ -126,13 +126,13 @@ func TestCopilotEngineExecutionSteps(t *testing.T) { } steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - // GetExecutionSteps only returns the execution step, not Squid logs or cleanup - if len(steps) != 1 { - t.Fatalf("Expected 1 step (copilot execution), got %d", len(steps)) + // GetExecutionSteps now returns 2 steps: preflight diagnostic + copilot execution + if len(steps) != 2 { + t.Fatalf("Expected 2 steps (preflight + copilot execution), got %d", len(steps)) } - // Check the execution step - stepContent := strings.Join([]string(steps[0]), "\n") + // Check the execution step (second step, after preflight) + stepContent := strings.Join([]string(steps[1]), "\n") if !strings.Contains(stepContent, "name: Execute GitHub Copilot CLI") { t.Errorf("Expected step name 'Execute GitHub Copilot CLI' in step content:\n%s", stepContent) @@ -206,13 +206,13 @@ func TestCopilotEngineExecutionStepsWithOutput(t *testing.T) { } steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step (copilot execution), got %d", len(steps)) + // GetExecutionSteps now returns 2 steps: preflight + execution + if len(steps) != 2 { + t.Fatalf("Expected 2 steps (preflight + execution), got %d", len(steps)) } - // Check the execution step - stepContent := strings.Join([]string(steps[0]), "\n") + // Check the execution step (second step) + stepContent := strings.Join([]string(steps[1]), "\n") // Test that GH_AW_SAFE_OUTPUTS is present when SafeOutputs is not nil if !strings.Contains(stepContent, "GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }}") { @@ -571,12 +571,12 @@ func TestCopilotEngineExecutionStepsWithToolArguments(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step (copilot execution), got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps (preflight + execution), got %d", len(steps)) } // Check the execution step contains tool arguments - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Should contain the tool arguments in the command line if !strings.Contains(stepContent, "--allow-tool shell(echo)") { @@ -657,11 +657,11 @@ func TestCopilotEngineEditToolAddsAllowAllPaths(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Check for --allow-all-paths flag hasAllowAllPaths := strings.Contains(stepContent, "--allow-all-paths") @@ -704,12 +704,12 @@ func TestCopilotEngineShellEscaping(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } // Get the full command from the execution step - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Find the line that contains the copilot command // When firewall is disabled, it uses 'copilot' instead of 'npx' @@ -751,12 +751,12 @@ func TestCopilotEngineInstructionPromptNotEscaped(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } // Get the full command from the execution step - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Find the line that contains the copilot command // When firewall is disabled, it uses 'copilot' instead of 'npx' @@ -882,12 +882,12 @@ func TestCopilotEngineGitHubToolsShellEscaping(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } // Get the full command from the execution step - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Find the line that contains the copilot command // When firewall is disabled, it uses 'copilot' instead of 'npx' @@ -1042,11 +1042,11 @@ func TestCopilotEngineExecutionStepsWithCacheMemory(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Test that mkdir commands are present for cache-memory directories if !strings.Contains(stepContent, "mkdir -p /tmp/gh-aw/cache-memory/") { @@ -1082,11 +1082,11 @@ func TestCopilotEngineExecutionStepsWithCustomAddDirArgs(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Test that mkdir commands are present for custom --add-dir path if !strings.Contains(stepContent, "mkdir -p /custom/path/") { @@ -1497,11 +1497,11 @@ func TestCopilotEnginePluginDiscoveryInSandboxMode(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Check for --add-dir /home/runner/.copilot/ in the copilot command hasCopilotDir := strings.Contains(stepContent, "--add-dir /home/runner/.copilot/") @@ -1548,11 +1548,11 @@ func TestCopilotEnginePluginDiscoveryWithSRT(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // GetExecutionSteps only returns the execution step - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Should include --add-dir /home/runner/.copilot/ when SRT is enabled with plugins if !strings.Contains(stepContent, "--add-dir /home/runner/.copilot/") { @@ -1596,11 +1596,11 @@ func TestCopilotEngineEnvOverridesTokenExpression(t *testing.T) { } steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // engine.env override should replace the default token expression if !strings.Contains(stepContent, "COPILOT_GITHUB_TOKEN: ${{ secrets.MY_ORG_COPILOT_TOKEN }}") { @@ -1622,14 +1622,115 @@ func TestCopilotEngineEnvOverridesTokenExpression(t *testing.T) { } steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 steps, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") if !strings.Contains(stepContent, "CUSTOM_VAR: custom-value") { t.Errorf("Expected engine.env to add CUSTOM_VAR, got:\n%s", stepContent) } }) } + +func TestCopilotPreflightDiagnosticStep(t *testing.T) { + engine := NewCopilotEngine() + + t.Run("includes preflight diagnostic by default", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + + // Should have 2 steps: preflight + execution + if len(steps) != 2 { + t.Fatalf("Expected 2 steps (preflight + execution), got %d", len(steps)) + } + + // First step should be preflight diagnostic + preflightContent := strings.Join([]string(steps[0]), "\n") + if !strings.Contains(preflightContent, "Copilot pre-flight diagnostic") { + t.Errorf("Expected first step to be preflight diagnostic, got:\n%s", preflightContent) + } + + if !strings.Contains(preflightContent, "copilot_preflight_diagnostic.sh") { + t.Errorf("Expected preflight step to call diagnostic script, got:\n%s", preflightContent) + } + + if !strings.Contains(preflightContent, "COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}") { + t.Errorf("Expected preflight step to pass COPILOT_GITHUB_TOKEN, got:\n%s", preflightContent) + } + + if !strings.Contains(preflightContent, "GITHUB_API_URL: ${{ github.api_url }}") { + t.Errorf("Expected preflight step to pass GITHUB_API_URL, got:\n%s", preflightContent) + } + }) + + t.Run("skips preflight when copilot-requests feature enabled", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + Features: map[string]any{ + "copilot-requests": true, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + + // Should have only 1 step: execution (no preflight) + if len(steps) != 2 { + t.Fatalf("Expected 1 step (execution only), got %d", len(steps)) + } + + // Step should be execution, not preflight + stepContent := strings.Join([]string(steps[0]), "\n") + if strings.Contains(stepContent, "Copilot pre-flight diagnostic") { + t.Errorf("Expected preflight to be skipped with copilot-requests feature, but found it:\n%s", stepContent) + } + }) + + t.Run("skips preflight when custom command specified", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Command: "/custom/copilot", + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + + // Should have only 1 step: execution (no preflight) + if len(steps) != 2 { + t.Fatalf("Expected 1 step (execution only), got %d", len(steps)) + } + + // Step should be execution, not preflight + stepContent := strings.Join([]string(steps[0]), "\n") + if strings.Contains(stepContent, "Copilot pre-flight diagnostic") { + t.Errorf("Expected preflight to be skipped with custom command, but found it:\n%s", stepContent) + } + }) + + t.Run("includes api-target in preflight when configured", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + APITarget: "https://ghe.example.com/api/v3", + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + + // Should have 2 steps: preflight + execution + if len(steps) != 2 { + t.Fatalf("Expected 2 steps (preflight + execution), got %d", len(steps)) + } + + // First step should include COPILOT_API_TARGET + preflightContent := strings.Join([]string(steps[0]), "\n") + if !strings.Contains(preflightContent, "COPILOT_API_TARGET: https://ghe.example.com/api/v3") { + t.Errorf("Expected preflight to include COPILOT_API_TARGET, got:\n%s", preflightContent) + } + }) +} diff --git a/pkg/workflow/engine_agent_import_test.go b/pkg/workflow/engine_agent_import_test.go index 3f3f1b538ce..3dcb4067d9f 100644 --- a/pkg/workflow/engine_agent_import_test.go +++ b/pkg/workflow/engine_agent_import_test.go @@ -22,11 +22,11 @@ func TestCopilotEngineWithAgentFromEngineConfig(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Copilot CLI expects agent identifier if !strings.Contains(stepContent, `--agent my-custom-agent`) { @@ -48,11 +48,11 @@ func TestCopilotEngineWithAgentFromImports(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Agent imports should NOT set --agent flag (only engine.agent does) if strings.Contains(stepContent, `--agent`) { @@ -74,11 +74,11 @@ func TestCopilotEngineAgentOnlyFromEngineConfig(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Should only use explicit agent from engine.agent if !strings.Contains(stepContent, `--agent explicit-agent`) { @@ -102,11 +102,11 @@ func TestCopilotEngineWithoutAgentFlag(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") if strings.Contains(stepContent, "--agent") { t.Errorf("Did not expect '--agent' flag when agent file is not specified, got:\n%s", stepContent) @@ -126,11 +126,11 @@ func TestClaudeEngineWithAgentFromImports(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Check that custom agent content extraction is present if !strings.Contains(stepContent, `AGENT_CONTENT="$(awk`) { @@ -160,11 +160,11 @@ func TestClaudeEngineWithoutAgentFile(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Should not have agent content extraction if strings.Contains(stepContent, "AGENT_CONTENT") { @@ -190,11 +190,11 @@ func TestCodexEngineWithAgentFromImports(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Check that agent content extraction is present if !strings.Contains(stepContent, `AGENT_CONTENT="$(awk`) { @@ -228,11 +228,11 @@ func TestCodexEngineWithoutAgentFile(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 1 { - t.Fatalf("Expected 1 execution step, got %d", len(steps)) + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) } - stepContent := strings.Join([]string(steps[0]), "\n") + stepContent := strings.Join([]string(steps[1]), "\n") // Should not have agent content extraction if strings.Contains(stepContent, "AGENT_CONTENT") { diff --git a/pkg/workflow/sandbox_mounts_test.go b/pkg/workflow/sandbox_mounts_test.go index 30e224d640c..196045294ea 100644 --- a/pkg/workflow/sandbox_mounts_test.go +++ b/pkg/workflow/sandbox_mounts_test.go @@ -264,11 +264,11 @@ func TestCopilotEngineWithCustomMounts(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") + if len(steps) < 2 { + t.Fatal("Expected at least 2 execution steps (preflight + execution)") } - stepContent := strings.Join(steps[0], "\n") + stepContent := strings.Join(steps[1], "\n") // Check that custom mounts are included if !strings.Contains(stepContent, "--mount /host/data:/data:ro") { @@ -305,7 +305,7 @@ func TestCopilotEngineWithCustomMounts(t *testing.T) { t.Fatal("Expected at least one execution step") } - stepContent := strings.Join(steps[0], "\n") + stepContent := strings.Join(steps[1], "\n") // Verify AWF is present (chroot mode is default in v0.15.0+) if !strings.Contains(stepContent, "sudo -E awf") { @@ -349,7 +349,7 @@ func TestCopilotEngineWithCustomMounts(t *testing.T) { t.Fatal("Expected at least one execution step") } - stepContent := strings.Join(steps[0], "\n") + stepContent := strings.Join(steps[1], "\n") // Find the positions of each mount in the output dataPos := strings.Index(stepContent, "--mount /data:/data:rw") diff --git a/pkg/workflow/tools_timeout_test.go b/pkg/workflow/tools_timeout_test.go index e52fd8b40b2..a3deeaa0db4 100644 --- a/pkg/workflow/tools_timeout_test.go +++ b/pkg/workflow/tools_timeout_test.go @@ -308,11 +308,12 @@ func TestCopilotEngineWithToolsTimeout(t *testing.T) { // Get execution steps executionSteps := engine.GetExecutionSteps(workflowData, "/tmp/test.log") - if len(executionSteps) == 0 { - t.Fatal("Expected at least one execution step") + if len(executionSteps) < 2 { + t.Fatal("Expected at least 2 execution steps (preflight + execution)") } - stepContent := strings.Join([]string(executionSteps[0]), "\n") + // Get the execution step (second step, after preflight) + stepContent := strings.Join([]string(executionSteps[1]), "\n") // Check for GH_AW_TOOL_TIMEOUT if expected if tt.expectedEnvVar != "" { From de9842ff8f1c670632bdcc1d87657478e6518030 Mon Sep 17 00:00:00 2001 From: "anthropic-code-agent[bot]" <242468646+Claude@users.noreply.github.com> Date: Sat, 14 Mar 2026 19:02:15 +0000 Subject: [PATCH 3/5] Add Copilot pre-flight diagnostic for GHES environments Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> --- .github/workflows/ace-editor.lock.yml | 8 ++++++++ .../workflows/agent-persona-explorer.lock.yml | 17 +++++++++++++++++ .github/workflows/bot-detection.lock.yml | 8 ++++++++ .github/workflows/chroma-issue-indexer.lock.yml | 8 ++++++++ .github/workflows/ci-doctor.lock.yml | 17 +++++++++++++++++ .github/workflows/code-simplifier.lock.yml | 17 +++++++++++++++++ .../workflows/constraint-solving-potd.lock.yml | 17 +++++++++++++++++ .github/workflows/contribution-check.lock.yml | 17 +++++++++++++++++ .../workflows/daily-cli-tools-tester.lock.yml | 17 +++++++++++++++++ .../workflows/daily-firewall-report.lock.yml | 17 +++++++++++++++++ .../daily-performance-summary.lock.yml | 17 +++++++++++++++++ .github/workflows/daily-regulatory.lock.yml | 17 +++++++++++++++++ .github/workflows/daily-semgrep-scan.lock.yml | 17 +++++++++++++++++ .github/workflows/daily-team-status.lock.yml | 17 +++++++++++++++++ .github/workflows/dependabot-burner.lock.yml | 17 +++++++++++++++++ .../workflows/dependabot-go-checker.lock.yml | 17 +++++++++++++++++ .../example-permissions-warning.lock.yml | 8 ++++++++ .github/workflows/firewall.lock.yml | 8 ++++++++ .../workflows/functional-pragmatist.lock.yml | 17 +++++++++++++++++ .../github-remote-mcp-auth-test.lock.yml | 17 +++++++++++++++++ .github/workflows/glossary-maintainer.lock.yml | 17 +++++++++++++++++ .github/workflows/gpclean.lock.yml | 17 +++++++++++++++++ .github/workflows/grumpy-reviewer.lock.yml | 17 +++++++++++++++++ .github/workflows/hourly-ci-cleaner.lock.yml | 17 +++++++++++++++++ .github/workflows/issue-monster.lock.yml | 17 +++++++++++++++++ .github/workflows/issue-triage-agent.lock.yml | 17 +++++++++++++++++ .github/workflows/jsweep.lock.yml | 17 +++++++++++++++++ .../workflows/layout-spec-maintainer.lock.yml | 17 +++++++++++++++++ .github/workflows/mcp-inspector.lock.yml | 17 +++++++++++++++++ .github/workflows/mergefest.lock.yml | 17 +++++++++++++++++ .github/workflows/metrics-collector.lock.yml | 8 ++++++++ .github/workflows/notion-issue-summary.lock.yml | 8 ++++++++ .github/workflows/org-health-report.lock.yml | 17 +++++++++++++++++ .github/workflows/pdf-summary.lock.yml | 17 +++++++++++++++++ .github/workflows/plan.lock.yml | 17 +++++++++++++++++ .github/workflows/poem-bot.lock.yml | 17 +++++++++++++++++ .github/workflows/portfolio-analyst.lock.yml | 17 +++++++++++++++++ .github/workflows/pr-nitpick-reviewer.lock.yml | 17 +++++++++++++++++ .github/workflows/pr-triage-agent.lock.yml | 17 +++++++++++++++++ .github/workflows/python-data-charts.lock.yml | 17 +++++++++++++++++ .github/workflows/q.lock.yml | 17 +++++++++++++++++ .github/workflows/refiner.lock.yml | 17 +++++++++++++++++ .github/workflows/release.lock.yml | 17 +++++++++++++++++ .github/workflows/repo-audit-analyzer.lock.yml | 17 +++++++++++++++++ .github/workflows/repo-tree-map.lock.yml | 17 +++++++++++++++++ .../repository-quality-improver.lock.yml | 17 +++++++++++++++++ .github/workflows/research.lock.yml | 17 +++++++++++++++++ .github/workflows/security-compliance.lock.yml | 17 +++++++++++++++++ .github/workflows/security-review.lock.yml | 17 +++++++++++++++++ .../workflows/slide-deck-maintainer.lock.yml | 17 +++++++++++++++++ .github/workflows/smoke-copilot-arm.lock.yml | 17 +++++++++++++++++ .github/workflows/smoke-copilot.lock.yml | 17 +++++++++++++++++ .github/workflows/smoke-multi-pr.lock.yml | 17 +++++++++++++++++ .github/workflows/smoke-project.lock.yml | 17 +++++++++++++++++ .github/workflows/smoke-temporary-id.lock.yml | 17 +++++++++++++++++ .github/workflows/smoke-test-tools.lock.yml | 17 +++++++++++++++++ .../smoke-workflow-call-with-inputs.lock.yml | 17 +++++++++++++++++ .github/workflows/smoke-workflow-call.lock.yml | 17 +++++++++++++++++ .../workflows/stale-repo-identifier.lock.yml | 17 +++++++++++++++++ .github/workflows/sub-issue-closer.lock.yml | 17 +++++++++++++++++ .github/workflows/super-linter.lock.yml | 17 +++++++++++++++++ .github/workflows/technical-doc-writer.lock.yml | 17 +++++++++++++++++ .github/workflows/terminal-stylist.lock.yml | 17 +++++++++++++++++ .github/workflows/test-dispatcher.lock.yml | 17 +++++++++++++++++ .../workflows/test-project-url-default.lock.yml | 17 +++++++++++++++++ .github/workflows/test-workflow.lock.yml | 8 ++++++++ .github/workflows/tidy.lock.yml | 17 +++++++++++++++++ .../workflows/ubuntu-image-analyzer.lock.yml | 17 +++++++++++++++++ .github/workflows/video-analyzer.lock.yml | 17 +++++++++++++++++ .../weekly-editors-health-check.lock.yml | 17 +++++++++++++++++ .github/workflows/weekly-issue-summary.lock.yml | 17 +++++++++++++++++ .../weekly-safe-outputs-spec-review.lock.yml | 17 +++++++++++++++++ .github/workflows/workflow-generator.lock.yml | 17 +++++++++++++++++ .../workflows/workflow-health-manager.lock.yml | 17 +++++++++++++++++ .github/workflows/workflow-normalizer.lock.yml | 17 +++++++++++++++++ .../workflows/workflow-skill-extractor.lock.yml | 17 +++++++++++++++++ 76 files changed, 1220 insertions(+) diff --git a/.github/workflows/ace-editor.lock.yml b/.github/workflows/ace-editor.lock.yml index c8d14faf792..e1c477a8d3e 100644 --- a/.github/workflows/ace-editor.lock.yml +++ b/.github/workflows/ace-editor.lock.yml @@ -377,6 +377,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 4b31404d536..bf75bbcb485 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -746,6 +746,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -967,6 +975,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml index 299e13ab6e2..2867e850a82 100644 --- a/.github/workflows/bot-detection.lock.yml +++ b/.github/workflows/bot-detection.lock.yml @@ -817,6 +817,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/chroma-issue-indexer.lock.yml b/.github/workflows/chroma-issue-indexer.lock.yml index 039f1f3ae4e..16e2d2f7094 100644 --- a/.github/workflows/chroma-issue-indexer.lock.yml +++ b/.github/workflows/chroma-issue-indexer.lock.yml @@ -401,6 +401,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 65b86e70288..8676e675d42 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -918,6 +918,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1139,6 +1147,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index 01bfb0f22bb..731940e9d44 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -695,6 +695,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -911,6 +919,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index 29d87c7c872..784c9666557 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -649,6 +649,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -871,6 +879,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index c1df4427c5c..214f9e553a9 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -769,6 +769,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -984,6 +992,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 6e38c343278..22336b41217 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -748,6 +748,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -963,6 +971,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index f62b96f7dfc..79bbd753883 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -809,6 +809,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1042,6 +1050,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index d233b61ca76..71a74093e43 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -1282,6 +1282,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1526,6 +1534,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index e67062d700d..e310e9b5b47 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -1199,6 +1199,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1425,6 +1433,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 3a42e2bf9fe..636dda05fac 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -711,6 +711,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -926,6 +934,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 90755f51a51..0b94bb648de 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -689,6 +689,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -904,6 +912,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index ad79af431d5..9d753df7784 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -681,6 +681,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -896,6 +904,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 3bd21f3967c..e39ad03d940 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -730,6 +730,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -945,6 +953,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index 28e28c6e82f..0af0936a778 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -350,6 +350,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index e82cb923827..6704ef3f405 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -352,6 +352,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index b882ac07cfc..0b0ac8e1825 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -685,6 +685,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -901,6 +909,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 70e32d48eac..15ffc6795e1 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -664,6 +664,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -879,6 +887,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 230ac87413f..5b0666fbcf6 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -897,6 +897,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1167,6 +1175,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index e846a6b041f..68c714f10ae 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -702,6 +702,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -923,6 +931,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 49d838f730e..ab0f389c375 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -785,6 +785,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1007,6 +1015,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 83b13e34296..973ec8dc103 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -735,6 +735,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -951,6 +959,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index b0a0c06180d..5bc14852084 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -733,6 +733,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -948,6 +956,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 076412694b2..9504d63e2cd 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -674,6 +674,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -889,6 +897,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 9217156a890..00ef5bffb77 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -714,6 +714,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -936,6 +944,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index f5478f9801a..890978493a0 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -685,6 +685,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -930,6 +938,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 0eaf608e316..e2c55cc5478 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -1046,6 +1046,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1283,6 +1291,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 04d49795f3c..483d61211de 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -695,6 +695,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -951,6 +959,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index a18906ede36..d06969ca1cf 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -453,6 +453,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 48fbb5836ef..2eaffc71f4b 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -629,6 +629,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 281b157f834..fa2d7752d65 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -739,6 +739,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -972,6 +980,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index aa62402cbfe..e818d4cbeaa 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -814,6 +814,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1036,6 +1044,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 86fcb48520c..4f087cdba41 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -782,6 +782,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -998,6 +1006,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 5179520898e..b419e52a1e1 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -1461,6 +1461,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1722,6 +1730,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index f6021201a19..b4fdfe284cf 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -820,6 +820,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1053,6 +1061,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 96f1b2e73ef..19a5f71e5aa 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -886,6 +886,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1108,6 +1116,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 827eadc2a5b..eae68317f63 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -806,6 +806,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1030,6 +1038,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index f4e64536967..5ac7ad619ee 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -808,6 +808,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1041,6 +1049,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 95c2dca273f..020143cec54 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -924,6 +924,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1147,6 +1155,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index ec239586b5f..db4b5444e13 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -755,6 +755,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -971,6 +979,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 17c7d98b3eb..e266e582393 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -678,6 +678,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -893,6 +901,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index dcc8abdff1e..e45f27b85df 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -680,6 +680,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -901,6 +909,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index e47097adb82..7d8c1b9390d 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -656,6 +656,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -871,6 +879,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index efd8895ec4c..0f3a944b4fd 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -687,6 +687,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -908,6 +916,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 2b5112892d4..1b093ddf277 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -680,6 +680,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -897,6 +905,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index 5d75d6dd117..1983aaac2d6 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -741,6 +741,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -965,6 +973,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 214813fbbf6..39f4f1ee94d 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -864,6 +864,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1086,6 +1094,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 3d89614265f..0a41b139f05 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -741,6 +741,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1003,6 +1011,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 46b8847fbcd..dc11672acee 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -1750,6 +1750,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1984,6 +1992,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 034247e3e18..70fa433ca07 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1865,6 +1865,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -2099,6 +2107,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 5728d2c4cd2..935586d8c7d 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -783,6 +783,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1024,6 +1032,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index c5f540f81d2..f0ac6c9c408 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -1241,6 +1241,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1457,6 +1465,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index bba49018736..ddf288bfb57 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -829,6 +829,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1044,6 +1052,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index b3d168f823f..b5ac17019cf 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -707,6 +707,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -922,6 +930,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml index 1b27ae14bfc..bbcaad6895c 100644 --- a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml +++ b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml @@ -725,6 +725,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -956,6 +964,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-workflow-call.lock.yml b/.github/workflows/smoke-workflow-call.lock.yml index 3be5bf258f5..e6a8319c9a0 100644 --- a/.github/workflows/smoke-workflow-call.lock.yml +++ b/.github/workflows/smoke-workflow-call.lock.yml @@ -678,6 +678,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -913,6 +921,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 62f5a870a78..8a6aaff76b4 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -812,6 +812,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1045,6 +1053,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 0410dafc48a..c0ffbb2d849 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -770,6 +770,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -985,6 +993,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 01b6fd04f32..aea7e926fa5 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -710,6 +710,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -931,6 +939,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 58ca9ce57b5..edc0a7738bd 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -993,6 +993,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1246,6 +1254,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 496a57b5c50..ec49b38ee40 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -668,6 +668,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -883,6 +891,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 6b9957cdcbd..aafc2e7c784 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -600,6 +600,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -815,6 +823,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index ce593ca16a0..b68de2a77b4 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -859,6 +859,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1074,6 +1082,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index 9a8b018b040..78821d31f9f 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -352,6 +352,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 07515647e7b..87b65a6eb24 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -802,6 +802,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1044,6 +1052,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index 4c8a18c16c4..855ddc47fe4 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -691,6 +691,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -933,6 +941,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 70eece39d23..9bcd91ae10e 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -692,6 +692,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -924,6 +932,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 68c586532f8..4dd529642f3 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -726,6 +726,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -980,6 +988,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 0b071a19fac..64e95743795 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -719,6 +719,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -952,6 +960,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index 30aac251f6a..c665224ddd2 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -668,6 +668,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -884,6 +892,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 4ec29e443b6..3d62c4c0c53 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -813,6 +813,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1028,6 +1036,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index a056af7d8a5..1e1e0251b1b 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -903,6 +903,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -1127,6 +1135,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 19e18808f36..0e764754e60 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -747,6 +747,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -962,6 +970,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 86f0636946c..1fdd63bcc64 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -739,6 +739,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): @@ -974,6 +982,15 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log + - name: Copilot pre-flight diagnostic + if: always() && steps.detection_guard.outputs.run_detection == 'true' + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution From 5a47eb39a4801c89da0bd9b34bc44e93472b2478 Mon Sep 17 00:00:00 2001 From: Landon Cox Date: Sat, 14 Mar 2026 12:26:50 -0700 Subject: [PATCH 4/5] fix: update tests for copilot pre-flight diagnostic step Update all Copilot engine tests to account for the new pre-flight diagnostic step (2 steps instead of 1). Extract a shared helper for finding the Copilot execution step, and regenerate WASM golden files to include the new step. Fixes: - TestFirewallArgsInCopilotEngine - TestFirewallBlockedDomainsInCopilotEngine - TestFirewallLogLevelInCopilotEngine - TestChrootModeInAWFContainer - TestChrootModeEnvFlags - TestMCPScriptsWithFirewallIncludesHostDockerInternal - TestEngineAWFEnableApiProxy - TestWasmGolden_CompileFixtures (golden files) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- pkg/workflow/enable_api_proxy_test.go | 35 ++++++++++-- pkg/workflow/firewall_args_test.go | 54 ++++--------------- pkg/workflow/firewall_blocked_domains_test.go | 12 ++--- pkg/workflow/firewall_log_level_test.go | 18 ++----- pkg/workflow/gh_cli_mount_test.go | 36 +++---------- pkg/workflow/mcp_scripts_firewall_test.go | 6 +-- .../basic-copilot.golden | 8 +++ .../smoke-copilot.golden | 8 +++ .../with-imports.golden | 8 +++ 9 files changed, 76 insertions(+), 109 deletions(-) diff --git a/pkg/workflow/enable_api_proxy_test.go b/pkg/workflow/enable_api_proxy_test.go index e23329bc57d..0eb0fc55ac3 100644 --- a/pkg/workflow/enable_api_proxy_test.go +++ b/pkg/workflow/enable_api_proxy_test.go @@ -5,6 +5,35 @@ import ( "testing" ) +func requireCopilotPreflightAndExecutionSteps(t *testing.T, steps []GitHubActionStep) (string, string) { + t.Helper() + + if len(steps) != 2 { + t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) + } + + preflightContent := strings.Join(steps[0], "\n") + if !strings.Contains(preflightContent, "Copilot pre-flight diagnostic") { + t.Fatalf("Expected first Copilot step to be the pre-flight diagnostic, got:\n%s", preflightContent) + } + if !strings.Contains(preflightContent, "id: copilot-preflight") { + t.Fatalf("Expected pre-flight step to have id 'copilot-preflight', got:\n%s", preflightContent) + } + if !strings.Contains(preflightContent, "copilot_preflight_diagnostic.sh") { + t.Fatalf("Expected pre-flight step to run the diagnostic script, got:\n%s", preflightContent) + } + + executionContent := strings.Join(steps[1], "\n") + if !strings.Contains(executionContent, "Execute GitHub Copilot CLI") { + t.Fatalf("Expected second Copilot step to execute the CLI, got:\n%s", executionContent) + } + if !strings.Contains(executionContent, "id: agentic_execution") { + t.Fatalf("Expected execution step to have id 'agentic_execution', got:\n%s", executionContent) + } + + return preflightContent, executionContent +} + // TestEngineAWFEnableApiProxy tests that engines with LLM gateway support // include --enable-api-proxy flag in AWF commands. func TestEngineAWFEnableApiProxy(t *testing.T) { @@ -51,11 +80,7 @@ func TestEngineAWFEnableApiProxy(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) if !strings.Contains(stepContent, "--enable-api-proxy") { t.Error("Expected Copilot AWF command to contain '--enable-api-proxy' flag") diff --git a/pkg/workflow/firewall_args_test.go b/pkg/workflow/firewall_args_test.go index 09c548ed149..5b781d4fddc 100644 --- a/pkg/workflow/firewall_args_test.go +++ b/pkg/workflow/firewall_args_test.go @@ -27,11 +27,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that the command contains awf (AWF v0.15.0+ uses chroot mode by default) if !strings.Contains(stepContent, "sudo -E awf") { @@ -69,11 +65,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that custom args are included if !strings.Contains(stepContent, "--custom-arg") { @@ -111,11 +103,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that args with spaces are present (they should be escaped) if !strings.Contains(stepContent, "--message") { @@ -144,11 +132,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that AWF is used for transparent host access (AWF v0.15.0+) // Chroot mode is now the default, so no --enable-chroot flag is needed @@ -178,11 +162,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that --image-tag is included with default version (without v prefix) expectedImageTag := "--image-tag " + strings.TrimPrefix(string(constants.DefaultFirewallVersion), "v") @@ -209,11 +189,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that --image-tag is included with custom version (without v prefix) expectedImageTag := "--image-tag " + strings.TrimPrefix(customVersion, "v") @@ -245,11 +221,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that --ssl-bump flag is included if !strings.Contains(stepContent, "--ssl-bump") { @@ -275,11 +247,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that --ssl-bump flag is included if !strings.Contains(stepContent, "--ssl-bump") { @@ -314,11 +282,7 @@ func TestFirewallArgsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that --ssl-bump flag is NOT included if strings.Contains(stepContent, "--ssl-bump") { diff --git a/pkg/workflow/firewall_blocked_domains_test.go b/pkg/workflow/firewall_blocked_domains_test.go index fdd522f2aad..9a8c8b78588 100644 --- a/pkg/workflow/firewall_blocked_domains_test.go +++ b/pkg/workflow/firewall_blocked_domains_test.go @@ -29,9 +29,7 @@ func TestFirewallBlockedDomainsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - assert.NotEmpty(t, steps, "Expected at least one execution step") - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify --allow-domains is present assert.Contains(t, stepContent, "--allow-domains", "Expected command to contain '--allow-domains'") @@ -61,9 +59,7 @@ func TestFirewallBlockedDomainsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - assert.NotEmpty(t, steps, "Expected at least one execution step") - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify --allow-domains is present assert.Contains(t, stepContent, "--allow-domains", "Expected command to contain '--allow-domains'") @@ -90,9 +86,7 @@ func TestFirewallBlockedDomainsInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - assert.NotEmpty(t, steps, "Expected at least one execution step") - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify --block-domains is present assert.Contains(t, stepContent, "--block-domains", "Expected command to contain '--block-domains'") diff --git a/pkg/workflow/firewall_log_level_test.go b/pkg/workflow/firewall_log_level_test.go index bb80aa5f493..bfc304eb489 100644 --- a/pkg/workflow/firewall_log_level_test.go +++ b/pkg/workflow/firewall_log_level_test.go @@ -137,11 +137,7 @@ func TestFirewallLogLevelInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that the command contains --log-level info (default) if !strings.Contains(stepContent, "--log-level info") { @@ -166,11 +162,7 @@ func TestFirewallLogLevelInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that the command contains --log-level debug if !strings.Contains(stepContent, "--log-level debug") { @@ -198,11 +190,7 @@ func TestFirewallLogLevelInCopilotEngine(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatalf("Expected at least one execution step for log-level '%s'", level) - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) expectedFlag := "--log-level " + level if !strings.Contains(stepContent, expectedFlag) { diff --git a/pkg/workflow/gh_cli_mount_test.go b/pkg/workflow/gh_cli_mount_test.go index e15e1908575..20a03be9799 100644 --- a/pkg/workflow/gh_cli_mount_test.go +++ b/pkg/workflow/gh_cli_mount_test.go @@ -25,11 +25,7 @@ func TestChrootModeInAWFContainer(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that AWF is used (chroot mode is default in v0.15.0+) if !strings.Contains(stepContent, "sudo -E awf") { @@ -53,11 +49,7 @@ func TestChrootModeInAWFContainer(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Check that AWF command is not used if strings.Contains(stepContent, "awf") { @@ -81,11 +73,7 @@ func TestChrootModeInAWFContainer(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify AWF is present (chroot mode is default in v0.15.0+) if !strings.Contains(stepContent, "sudo -E awf") { @@ -125,11 +113,7 @@ func TestChrootModeInAWFContainer(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify AWF is present with custom args (chroot mode is default in v0.15.0+) if !strings.Contains(stepContent, "sudo -E awf") { @@ -163,11 +147,7 @@ func TestChrootModeInAWFContainer(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify AWF is being used (chroot mode is default in v0.15.0+) if !strings.Contains(stepContent, "awf") { @@ -194,11 +174,7 @@ func TestChrootModeEnvFlags(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify AWF is present (chroot mode is default in v0.15.0+) if !strings.Contains(stepContent, "sudo -E awf") { diff --git a/pkg/workflow/mcp_scripts_firewall_test.go b/pkg/workflow/mcp_scripts_firewall_test.go index 845f64209d4..731705083aa 100644 --- a/pkg/workflow/mcp_scripts_firewall_test.go +++ b/pkg/workflow/mcp_scripts_firewall_test.go @@ -37,11 +37,7 @@ func TestMCPScriptsWithFirewallIncludesHostDockerInternal(t *testing.T) { engine := NewCopilotEngine() steps := engine.GetExecutionSteps(workflowData, "test.log") - if len(steps) == 0 { - t.Fatal("Expected at least one execution step") - } - - stepContent := strings.Join(steps[0], "\n") + _, stepContent := requireCopilotPreflightAndExecutionSteps(t, steps) // Verify that host.docker.internal is in the allowed domains if !strings.Contains(stepContent, "host.docker.internal") { diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden index 0689af9e6b6..6f9a8c34ba9 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden @@ -328,6 +328,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden index 602158a39b6..e0cf2d8640d 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden @@ -506,6 +506,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden index df886e62182..0c5fabb7215 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden @@ -331,6 +331,14 @@ jobs: path: /tmp/gh-aw - name: Clean git credentials run: bash /opt/gh-aw/actions/clean_git_credentials.sh + - name: Copilot pre-flight diagnostic + id: copilot-preflight + continue-on-error: true + env: + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GITHUB_SERVER_URL: ${{ github.server_url }} + GITHUB_API_URL: ${{ github.api_url }} + run: bash /opt/gh-aw/actions/copilot_preflight_diagnostic.sh - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): From 3723aa1335bfc46f4fb4f04e07a10aacbb47c32e Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Sat, 14 Mar 2026 14:30:06 -0700 Subject: [PATCH 5/5] Fix incorrect step count assertions in preflight diagnostic tests (#20985) * Initial plan * fix: correct test conditions for preflight step count checks Fix two categories of incorrectly written tests introduced with the Copilot pre-flight diagnostic step: 1. copilot_engine_test.go: Two "skips preflight" sub-tests checked `len(steps) != 2` but preflight is intentionally skipped, returning only 1 step. Change condition to `!= 1`. 2. engine_agent_import_test.go: Claude and Codex tests expected 2 steps (preflight + execution) like Copilot, but those engines only return 1 execution step. Change to `!= 1` and use `steps[0]`. Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> --- pkg/workflow/copilot_engine_test.go | 4 ++-- pkg/workflow/engine_agent_import_test.go | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/pkg/workflow/copilot_engine_test.go b/pkg/workflow/copilot_engine_test.go index 7f9a2caa907..4a00755fdfd 100644 --- a/pkg/workflow/copilot_engine_test.go +++ b/pkg/workflow/copilot_engine_test.go @@ -1679,7 +1679,7 @@ func TestCopilotPreflightDiagnosticStep(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // Should have only 1 step: execution (no preflight) - if len(steps) != 2 { + if len(steps) != 1 { t.Fatalf("Expected 1 step (execution only), got %d", len(steps)) } @@ -1701,7 +1701,7 @@ func TestCopilotPreflightDiagnosticStep(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") // Should have only 1 step: execution (no preflight) - if len(steps) != 2 { + if len(steps) != 1 { t.Fatalf("Expected 1 step (execution only), got %d", len(steps)) } diff --git a/pkg/workflow/engine_agent_import_test.go b/pkg/workflow/engine_agent_import_test.go index 3dcb4067d9f..52ce6d77e66 100644 --- a/pkg/workflow/engine_agent_import_test.go +++ b/pkg/workflow/engine_agent_import_test.go @@ -126,11 +126,11 @@ func TestClaudeEngineWithAgentFromImports(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 2 { - t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) + if len(steps) != 1 { + t.Fatalf("Expected 1 execution step, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[1]), "\n") + stepContent := strings.Join([]string(steps[0]), "\n") // Check that custom agent content extraction is present if !strings.Contains(stepContent, `AGENT_CONTENT="$(awk`) { @@ -160,11 +160,11 @@ func TestClaudeEngineWithoutAgentFile(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 2 { - t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) + if len(steps) != 1 { + t.Fatalf("Expected 1 execution step, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[1]), "\n") + stepContent := strings.Join([]string(steps[0]), "\n") // Should not have agent content extraction if strings.Contains(stepContent, "AGENT_CONTENT") { @@ -190,11 +190,11 @@ func TestCodexEngineWithAgentFromImports(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 2 { - t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) + if len(steps) != 1 { + t.Fatalf("Expected 1 execution step, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[1]), "\n") + stepContent := strings.Join([]string(steps[0]), "\n") // Check that agent content extraction is present if !strings.Contains(stepContent, `AGENT_CONTENT="$(awk`) { @@ -228,11 +228,11 @@ func TestCodexEngineWithoutAgentFile(t *testing.T) { steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") - if len(steps) != 2 { - t.Fatalf("Expected 2 execution steps (preflight + execution), got %d", len(steps)) + if len(steps) != 1 { + t.Fatalf("Expected 1 execution step, got %d", len(steps)) } - stepContent := strings.Join([]string(steps[1]), "\n") + stepContent := strings.Join([]string(steps[0]), "\n") // Should not have agent content extraction if strings.Contains(stepContent, "AGENT_CONTENT") {