From 27e53fb30e3cb0b47c7908f57405f53bab711bd4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 14 Mar 2026 21:45:29 +0000 Subject: [PATCH 1/5] Initial plan From 263f81ea9a46208bec2361ab9d76708762806a67 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 14 Mar 2026 22:05:10 +0000 Subject: [PATCH 2/5] fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent GHES host leakage Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/copilot_installer.go | 9 ++++++++- pkg/workflow/copilot_installer_test.go | 9 +++++++++ .../TestWasmGolden_CompileFixtures/basic-copilot.golden | 2 ++ .../TestWasmGolden_CompileFixtures/smoke-copilot.golden | 2 ++ .../TestWasmGolden_CompileFixtures/with-imports.golden | 2 ++ 5 files changed, 23 insertions(+), 1 deletion(-) diff --git a/pkg/workflow/copilot_installer.go b/pkg/workflow/copilot_installer.go index 451a190aa43..a5575274250 100644 --- a/pkg/workflow/copilot_installer.go +++ b/pkg/workflow/copilot_installer.go @@ -19,10 +19,17 @@ func GenerateCopilotInstallerSteps(version, stepName string) []GitHubActionStep copilotInstallerLog.Printf("Generating Copilot installer steps using install_copilot_cli.sh: version=%s", version) // Use the install_copilot_cli.sh script from actions/setup/sh - // This script includes retry logic for robustness against transient network failures + // This script includes retry logic for robustness against transient network failures. + // GH_HOST is explicitly set to github.com so that a workflow-level GH_HOST override + // (e.g. a GHES hostname) does not leak into this step. The Copilot CLI binary is always + // downloaded from github.com and requires github.com authentication. This step-level + // env override only affects the install_copilot_cli.sh execution and has no impact on + // other workflow steps. stepLines := []string{ " - name: " + stepName, " run: /opt/gh-aw/actions/install_copilot_cli.sh " + version, + " env:", + " GH_HOST: github.com", } return []GitHubActionStep{GitHubActionStep(stepLines)} diff --git a/pkg/workflow/copilot_installer_test.go b/pkg/workflow/copilot_installer_test.go index d86da61a189..e9406cab4ab 100644 --- a/pkg/workflow/copilot_installer_test.go +++ b/pkg/workflow/copilot_installer_test.go @@ -26,6 +26,7 @@ func TestGenerateCopilotInstallerSteps(t *testing.T) { shouldContain: []string{ "/opt/gh-aw/actions/install_copilot_cli.sh 0.0.369", "name: Install GitHub Copilot CLI", + "GH_HOST: github.com", }, shouldNotContain: []string{ "gh.io/copilot-install | sudo bash", // Should not pipe directly to bash @@ -38,6 +39,7 @@ func TestGenerateCopilotInstallerSteps(t *testing.T) { expectedVersion: "v0.0.370", shouldContain: []string{ "/opt/gh-aw/actions/install_copilot_cli.sh v0.0.370", + "GH_HOST: github.com", }, shouldNotContain: []string{ "gh.io/copilot-install | sudo bash", @@ -51,6 +53,7 @@ func TestGenerateCopilotInstallerSteps(t *testing.T) { shouldContain: []string{ "/opt/gh-aw/actions/install_copilot_cli.sh 1.2.3", "name: Custom Install Step", + "GH_HOST: github.com", }, shouldNotContain: []string{ "gh.io/copilot-install | sudo bash", @@ -63,6 +66,7 @@ func TestGenerateCopilotInstallerSteps(t *testing.T) { expectedVersion: string(constants.DefaultCopilotVersion), // Should use DefaultCopilotVersion shouldContain: []string{ "/opt/gh-aw/actions/install_copilot_cli.sh " + string(constants.DefaultCopilotVersion), + "GH_HOST: github.com", }, shouldNotContain: []string{ "gh.io/copilot-install | sudo bash", @@ -137,4 +141,9 @@ func TestCopilotInstallerCustomVersion(t *testing.T) { if !strings.Contains(installStep, expectedVersionLine) { t.Errorf("Expected custom version %s in install step, got:\n%s", customVersion, installStep) } + + // Should always override GH_HOST to github.com to prevent GHES host leakage + if !strings.Contains(installStep, "GH_HOST: github.com") { + t.Errorf("Expected GH_HOST: github.com in install step to prevent GHES host leakage, got:\n%s", installStep) + } } diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden index 0689af9e6b6..349ad75bfa7 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden @@ -260,6 +260,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden index 602158a39b6..8dc75d25853 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden @@ -385,6 +385,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden index df886e62182..8410246bdb8 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/with-imports.golden @@ -263,6 +263,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server From 950edff7015ae4ce2d5ee0456e6501f9c37ab667 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 14 Mar 2026 22:57:06 +0000 Subject: [PATCH 3/5] chore: recompile all workflow lock files with GH_HOST env override on install step Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ace-editor.lock.yml | 2 ++ .github/workflows/agent-performance-analyzer.lock.yml | 2 ++ .github/workflows/agent-persona-explorer.lock.yml | 2 ++ .github/workflows/archie.lock.yml | 2 ++ .github/workflows/artifacts-summary.lock.yml | 2 ++ .github/workflows/auto-triage-issues.lock.yml | 2 ++ .github/workflows/bot-detection.lock.yml | 2 ++ .github/workflows/brave.lock.yml | 2 ++ .github/workflows/breaking-change-checker.lock.yml | 2 ++ .github/workflows/chroma-issue-indexer.lock.yml | 2 ++ .github/workflows/ci-coach.lock.yml | 2 ++ .github/workflows/ci-doctor.lock.yml | 2 ++ .github/workflows/cli-consistency-checker.lock.yml | 2 ++ .github/workflows/code-scanning-fixer.lock.yml | 2 ++ .github/workflows/code-simplifier.lock.yml | 2 ++ .github/workflows/constraint-solving-potd.lock.yml | 2 ++ .github/workflows/contribution-check.lock.yml | 2 ++ .github/workflows/copilot-cli-deep-research.lock.yml | 2 ++ .github/workflows/copilot-pr-merged-report.lock.yml | 2 ++ .github/workflows/copilot-pr-nlp-analysis.lock.yml | 2 ++ .github/workflows/copilot-pr-prompt-analysis.lock.yml | 2 ++ .github/workflows/craft.lock.yml | 2 ++ .github/workflows/daily-architecture-diagram.lock.yml | 2 ++ .github/workflows/daily-assign-issue-to-user.lock.yml | 2 ++ .github/workflows/daily-cli-performance.lock.yml | 2 ++ .github/workflows/daily-cli-tools-tester.lock.yml | 2 ++ .github/workflows/daily-compiler-quality.lock.yml | 2 ++ .github/workflows/daily-copilot-token-report.lock.yml | 2 ++ .github/workflows/daily-file-diet.lock.yml | 2 ++ .github/workflows/daily-firewall-report.lock.yml | 2 ++ .github/workflows/daily-malicious-code-scan.lock.yml | 2 ++ .github/workflows/daily-mcp-concurrency-analysis.lock.yml | 2 ++ .github/workflows/daily-news.lock.yml | 2 ++ .github/workflows/daily-performance-summary.lock.yml | 2 ++ .github/workflows/daily-regulatory.lock.yml | 2 ++ .github/workflows/daily-repo-chronicle.lock.yml | 2 ++ .github/workflows/daily-secrets-analysis.lock.yml | 2 ++ .github/workflows/daily-semgrep-scan.lock.yml | 2 ++ .github/workflows/daily-syntax-error-quality.lock.yml | 2 ++ .github/workflows/daily-team-status.lock.yml | 2 ++ .github/workflows/daily-testify-uber-super-expert.lock.yml | 2 ++ .github/workflows/daily-workflow-updater.lock.yml | 2 ++ .github/workflows/dead-code-remover.lock.yml | 2 ++ .github/workflows/delight.lock.yml | 2 ++ .github/workflows/dependabot-burner.lock.yml | 2 ++ .github/workflows/dependabot-go-checker.lock.yml | 2 ++ .github/workflows/dev-hawk.lock.yml | 2 ++ .github/workflows/dev.lock.yml | 2 ++ .github/workflows/dictation-prompt.lock.yml | 2 ++ .github/workflows/discussion-task-miner.lock.yml | 2 ++ .github/workflows/docs-noob-tester.lock.yml | 2 ++ .github/workflows/draft-pr-cleanup.lock.yml | 2 ++ .github/workflows/example-permissions-warning.lock.yml | 2 ++ .github/workflows/firewall-escape.lock.yml | 2 ++ .github/workflows/firewall.lock.yml | 2 ++ .github/workflows/functional-pragmatist.lock.yml | 2 ++ .github/workflows/github-remote-mcp-auth-test.lock.yml | 2 ++ .github/workflows/glossary-maintainer.lock.yml | 2 ++ .github/workflows/gpclean.lock.yml | 2 ++ .github/workflows/grumpy-reviewer.lock.yml | 2 ++ .github/workflows/hourly-ci-cleaner.lock.yml | 2 ++ .github/workflows/issue-monster.lock.yml | 2 ++ .github/workflows/issue-triage-agent.lock.yml | 2 ++ .github/workflows/jsweep.lock.yml | 2 ++ .github/workflows/layout-spec-maintainer.lock.yml | 2 ++ .github/workflows/mcp-inspector.lock.yml | 2 ++ .github/workflows/mergefest.lock.yml | 2 ++ .github/workflows/metrics-collector.lock.yml | 2 ++ .github/workflows/notion-issue-summary.lock.yml | 2 ++ .github/workflows/org-health-report.lock.yml | 2 ++ .github/workflows/pdf-summary.lock.yml | 2 ++ .github/workflows/plan.lock.yml | 2 ++ .github/workflows/poem-bot.lock.yml | 2 ++ .github/workflows/portfolio-analyst.lock.yml | 2 ++ .github/workflows/pr-nitpick-reviewer.lock.yml | 2 ++ .github/workflows/pr-triage-agent.lock.yml | 2 ++ .github/workflows/python-data-charts.lock.yml | 2 ++ .github/workflows/q.lock.yml | 2 ++ .github/workflows/refiner.lock.yml | 2 ++ .github/workflows/release.lock.yml | 2 ++ .github/workflows/repo-audit-analyzer.lock.yml | 2 ++ .github/workflows/repo-tree-map.lock.yml | 2 ++ .github/workflows/repository-quality-improver.lock.yml | 2 ++ .github/workflows/research.lock.yml | 2 ++ .github/workflows/security-compliance.lock.yml | 2 ++ .github/workflows/security-review.lock.yml | 2 ++ .github/workflows/slide-deck-maintainer.lock.yml | 2 ++ .github/workflows/smoke-copilot-arm.lock.yml | 2 ++ .github/workflows/smoke-copilot.lock.yml | 2 ++ .github/workflows/smoke-create-cross-repo-pr.lock.yml | 2 ++ .github/workflows/smoke-multi-pr.lock.yml | 2 ++ .github/workflows/smoke-project.lock.yml | 2 ++ .github/workflows/smoke-temporary-id.lock.yml | 2 ++ .github/workflows/smoke-test-tools.lock.yml | 2 ++ .github/workflows/smoke-update-cross-repo-pr.lock.yml | 2 ++ .github/workflows/smoke-workflow-call-with-inputs.lock.yml | 2 ++ .github/workflows/smoke-workflow-call.lock.yml | 2 ++ .github/workflows/stale-repo-identifier.lock.yml | 2 ++ .github/workflows/sub-issue-closer.lock.yml | 2 ++ .github/workflows/super-linter.lock.yml | 2 ++ .github/workflows/technical-doc-writer.lock.yml | 2 ++ .github/workflows/terminal-stylist.lock.yml | 2 ++ .github/workflows/test-dispatcher.lock.yml | 2 ++ .github/workflows/test-project-url-default.lock.yml | 2 ++ .github/workflows/test-workflow.lock.yml | 2 ++ .github/workflows/tidy.lock.yml | 2 ++ .github/workflows/ubuntu-image-analyzer.lock.yml | 2 ++ .github/workflows/video-analyzer.lock.yml | 2 ++ .github/workflows/weekly-editors-health-check.lock.yml | 2 ++ .github/workflows/weekly-issue-summary.lock.yml | 2 ++ .github/workflows/weekly-safe-outputs-spec-review.lock.yml | 2 ++ .github/workflows/workflow-generator.lock.yml | 2 ++ .github/workflows/workflow-health-manager.lock.yml | 2 ++ .github/workflows/workflow-normalizer.lock.yml | 2 ++ .github/workflows/workflow-skill-extractor.lock.yml | 2 ++ 115 files changed, 230 insertions(+) diff --git a/.github/workflows/ace-editor.lock.yml b/.github/workflows/ace-editor.lock.yml index c8d14faf792..6526c68b595 100644 --- a/.github/workflows/ace-editor.lock.yml +++ b/.github/workflows/ace-editor.lock.yml @@ -309,6 +309,8 @@ jobs: echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 1dcd097499e..2a819181f40 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -367,6 +367,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 4b31404d536..ccee4995d51 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -365,6 +365,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index f245f0fc75c..ee2494c770f 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -374,6 +374,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 09a6af2dd8d..04cd2f57ca3 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -311,6 +311,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index a058b13a88c..658b29535b4 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -324,6 +324,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml index 299e13ab6e2..ba81ab6d150 100644 --- a/.github/workflows/bot-detection.lock.yml +++ b/.github/workflows/bot-detection.lock.yml @@ -325,6 +325,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 9adf3350e72..e7daf9d15c2 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -358,6 +358,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 154441459c3..eecc25407d7 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -317,6 +317,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/chroma-issue-indexer.lock.yml b/.github/workflows/chroma-issue-indexer.lock.yml index 039f1f3ae4e..5019dcd1b97 100644 --- a/.github/workflows/chroma-issue-indexer.lock.yml +++ b/.github/workflows/chroma-issue-indexer.lock.yml @@ -309,6 +309,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 23b5918871d..54840ba8277 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -383,6 +383,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 65b86e70288..4f6cf376978 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -371,6 +371,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index e88147ebc84..0e42842c6fc 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -302,6 +302,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index ba74d9457b3..cd1c67d1cfd 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -342,6 +342,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index 01bfb0f22bb..f75ec3ac119 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -326,6 +326,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index 29d87c7c872..c0d19a89c9d 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -305,6 +305,8 @@ jobs: echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index c1df4427c5c..b1e5484b23b 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -312,6 +312,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 1adbf0aed29..7c3f6ed23ae 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -336,6 +336,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 8c4241a701d..2b5e4b820fc 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -350,6 +350,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 2c928d62a14..4a932f8df26 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -405,6 +405,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index ac58288b95c..5d9e098c9f8 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -371,6 +371,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index 1a1d8943bce..396983624e4 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -356,6 +356,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index b7706d6db70..2d75ca37d4d 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -327,6 +327,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index a52ad07e870..579f919fd46 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -299,6 +299,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 9b1f67a9ca8..8bcd7ee6e18 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -341,6 +341,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 6e38c343278..71c0be5ccd5 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -345,6 +345,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 6d812cc2f92..0ea68e1933f 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -330,6 +330,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index e9796e295b8..06a5928d87b 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -413,6 +413,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index c2a76601ef7..cf66e4345fd 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -325,6 +325,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index f62b96f7dfc..67a49718c7a 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -391,6 +391,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 304b1d7d885..415b5fa9354 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -306,6 +306,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index abdcf0b01b1..b191750a898 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -329,6 +329,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 4f23a209bf8..330d238cf7f 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -458,6 +458,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index d233b61ca76..70f12820a06 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -366,6 +366,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index e67062d700d..ea88c62ada4 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -320,6 +320,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index f9ce1a5cbb1..63e596d431a 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -358,6 +358,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index f14d6f2f225..f669f909879 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -310,6 +310,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 3a42e2bf9fe..b9d4f3b0a09 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -313,6 +313,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 31f6d4ccb0c..fd9f219436c 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -322,6 +322,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 90755f51a51..e060bc7f1d6 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -323,6 +323,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index bedd9e7fab7..76908d28e5d 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -350,6 +350,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 492f5228d6f..cc4f69298fd 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -303,6 +303,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index 79412e3237f..e286dfc042e 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -348,6 +348,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index e273b80ae0e..f536314e9f4 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -341,6 +341,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index ad79af431d5..66b93ef8ef0 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -315,6 +315,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 3bd21f3967c..bfbfb79417a 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -314,6 +314,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index f727dcfc3ac..527ea46e769 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -367,6 +367,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index 00add6b6b6a..26fe366a873 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -299,6 +299,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index e498647e7ec..52050a9c2d6 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -330,6 +330,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 21151d07ada..3c37219bd98 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -342,6 +342,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index d7ea75309fd..b3cbc60c27a 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -316,6 +316,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index 451f9e71b88..86ed5d2d856 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -301,6 +301,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index 28e28c6e82f..eab3175d2f8 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -282,6 +282,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index d84bd94ac9b..8bea34fba32 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -366,6 +366,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index e82cb923827..0e560d6dc12 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -284,6 +284,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index b882ac07cfc..fd9cee2c672 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -316,6 +316,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 70e32d48eac..05f761aa9ec 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -311,6 +311,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 230ac87413f..77380399ab5 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -396,6 +396,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index e846a6b041f..29c74888e13 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -336,6 +336,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 3efbd3459c7..e8338430985 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -376,6 +376,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 83b13e34296..686d29a7917 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -366,6 +366,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index b0a0c06180d..ab6650f3874 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -340,6 +340,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 076412694b2..927f1a5289a 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -298,6 +298,8 @@ jobs: echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 9217156a890..bc095cc57f0 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -337,6 +337,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index f5478f9801a..52fd536f3ff 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -316,6 +316,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 0eaf608e316..7075c7aa195 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -431,6 +431,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 04d49795f3c..5e1c739bf71 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -355,6 +355,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index a18906ede36..c4bc42d4328 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -348,6 +348,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 48fbb5836ef..ad1229a9ab4 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -314,6 +314,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 281b157f834..6e569e7ff66 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -369,6 +369,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index aa62402cbfe..8ef6b299788 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -408,6 +408,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 86fcb48520c..8a54a4883d7 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -359,6 +359,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 7f475276ca2..f7b6140ccec 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -397,6 +397,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index f6021201a19..31cec5bea8f 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -402,6 +402,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index d3534fc80f2..4e694b100ff 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -406,6 +406,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 827eadc2a5b..3f1b7302c3e 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -333,6 +333,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index f4e64536967..3fd36377316 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -390,6 +390,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 95c2dca273f..ed5621cd399 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -455,6 +455,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index ec239586b5f..d6d6ee5109b 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -342,6 +342,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 17c7d98b3eb..abf0979de90 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -329,6 +329,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index dcc8abdff1e..91d929a6586 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -336,6 +336,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index e47097adb82..6882f44576b 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -312,6 +312,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index efd8895ec4c..b531c2d0950 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -335,6 +335,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 2b5112892d4..6fbedce5c57 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -322,6 +322,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index 5d75d6dd117..ada91389520 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -360,6 +360,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index ecde2b9605c..90b9598183b 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -407,6 +407,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 3d89614265f..88b60f5da60 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -364,6 +364,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index dd101612390..065faeb5b74 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -433,6 +433,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index e298187d872..69512faf098 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -436,6 +436,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index f0e778044e2..b6e010f76e0 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -356,6 +356,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 5728d2c4cd2..2c682da429f 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -359,6 +359,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index c5f540f81d2..c60408b9911 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -358,6 +358,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index bba49018736..07a2e1312b5 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -354,6 +354,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index b3d168f823f..8f713feb153 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -368,6 +368,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index 8c8b853513a..4b0892d3874 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -380,6 +380,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml index 1b27ae14bfc..d6e88acc973 100644 --- a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml +++ b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml @@ -359,6 +359,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/smoke-workflow-call.lock.yml b/.github/workflows/smoke-workflow-call.lock.yml index 3be5bf258f5..285a7dfd6fa 100644 --- a/.github/workflows/smoke-workflow-call.lock.yml +++ b/.github/workflows/smoke-workflow-call.lock.yml @@ -339,6 +339,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 62f5a870a78..efc916e625f 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -420,6 +420,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 0410dafc48a..861b84de2e0 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -305,6 +305,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 01b6fd04f32..1be765efb4c 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -344,6 +344,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 58ca9ce57b5..aa20ac7ea6e 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -408,6 +408,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 496a57b5c50..bae77e1a0c3 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -316,6 +316,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 6b9957cdcbd..99f6125a2ed 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -298,6 +298,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index ce593ca16a0..130b67a6bf1 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -297,6 +297,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index 9a8b018b040..abee5869be7 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -284,6 +284,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 07515647e7b..d5a7d3ebb71 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -377,6 +377,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index 4c8a18c16c4..92aaab847ef 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -322,6 +322,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 70eece39d23..aa9fb4e4814 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -326,6 +326,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 68c586532f8..d6d9c617e88 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -312,6 +312,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 0b071a19fac..e08038b5159 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -349,6 +349,8 @@ jobs: echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index 30aac251f6a..11e64cbcda9 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -310,6 +310,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 4ec29e443b6..8303561c221 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -349,6 +349,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Download container images diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index a056af7d8a5..89be3b63f93 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -341,6 +341,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 19e18808f36..98679ab54ee 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -344,6 +344,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 86f0636946c..b8880774e1c 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -313,6 +313,8 @@ jobs: await main(); - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh latest + env: + GH_HOST: github.com - name: Install AWF binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.24.1 - name: Determine automatic lockdown mode for GitHub MCP Server From 746d1f06a6a24429eca6f9b7ebc4e0268507ec32 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 14 Mar 2026 23:13:48 +0000 Subject: [PATCH 4/5] Add changeset [skip-ci] --- .changeset/patch-pin-gh-host-copilot-install.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/patch-pin-gh-host-copilot-install.md diff --git a/.changeset/patch-pin-gh-host-copilot-install.md b/.changeset/patch-pin-gh-host-copilot-install.md new file mode 100644 index 00000000000..f576c435c0a --- /dev/null +++ b/.changeset/patch-pin-gh-host-copilot-install.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Pin `GH_HOST: github.com` on the Copilot CLI install step to prevent workflow-level GHES host overrides from affecting Copilot CLI downloads. From 19186068acc03606dcb318f4455cd01423dadd0a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 14 Mar 2026 23:30:37 +0000 Subject: [PATCH 5/5] fix: add json_object_to_markdown.cjs with correct JSDoc cast parentheses to fix TypeScript error Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- actions/setup/js/json_object_to_markdown.cjs | 81 +++++++++++++++++++ .../setup/js/json_object_to_markdown.test.cjs | 79 ++++++++++++++++++ 2 files changed, 160 insertions(+) create mode 100644 actions/setup/js/json_object_to_markdown.cjs create mode 100644 actions/setup/js/json_object_to_markdown.test.cjs diff --git a/actions/setup/js/json_object_to_markdown.cjs b/actions/setup/js/json_object_to_markdown.cjs new file mode 100644 index 00000000000..bd8f2e4c984 --- /dev/null +++ b/actions/setup/js/json_object_to_markdown.cjs @@ -0,0 +1,81 @@ +// @ts-check + +/** + * JSON Object to Markdown Converter + * + * Converts a plain JavaScript object to a Markdown bullet list. + * Handles nested objects (with indentation), arrays, and primitive values. + */ + +/** + * Humanify a JSON key by replacing underscores and hyphens with spaces. + * e.g. "engine_id" → "engine id", "awf-version" → "awf version" + * @param {string} key - The raw object key + * @returns {string} - Human-readable key + */ +function humanifyKey(key) { + return key.replace(/[_-]/g, " "); +} + +/** + * Format a single value as a readable string for Markdown output. + * @param {unknown} value - The value to format + * @returns {string} - String representation of the value + */ +function formatValue(value) { + if (value === null || value === undefined || value === "") { + return "(none)"; + } + if (Array.isArray(value)) { + return value.length === 0 ? "(none)" : ""; + } + if (typeof value === "object") { + return ""; + } + return String(value); +} + +/** + * Convert a plain JavaScript object to Markdown bullet points. + * Nested objects and arrays are rendered as indented sub-lists. + * + * @param {Record} obj - The object to render + * @param {number} [depth=0] - Current indentation depth + * @returns {string} - Markdown bullet list string + */ +function jsonObjectToMarkdown(obj, depth = 0) { + if (!obj || typeof obj !== "object" || Array.isArray(obj)) { + return ""; + } + + const indent = " ".repeat(depth); + const lines = []; + + for (const [key, value] of Object.entries(obj)) { + const label = humanifyKey(key); + if (Array.isArray(value)) { + if (value.length === 0) { + lines.push(`${indent}- **${label}**: (none)`); + } else { + lines.push(`${indent}- **${label}**:`); + for (const item of value) { + if (typeof item === "object" && item !== null) { + lines.push(jsonObjectToMarkdown(/** @type {Record} */ item, depth + 1)); + } else { + lines.push(`${" ".repeat(depth + 1)}- ${String(item)}`); + } + } + } + } else if (typeof value === "object" && value !== null) { + lines.push(`${indent}- **${label}**:`); + lines.push(jsonObjectToMarkdown(/** @type {Record} */ value, depth + 1)); + } else { + const formatted = formatValue(value); + lines.push(`${indent}- **${label}**: ${formatted}`); + } + } + + return lines.join("\n"); +} + +module.exports = { humanifyKey, jsonObjectToMarkdown }; diff --git a/actions/setup/js/json_object_to_markdown.test.cjs b/actions/setup/js/json_object_to_markdown.test.cjs new file mode 100644 index 00000000000..5662295e708 --- /dev/null +++ b/actions/setup/js/json_object_to_markdown.test.cjs @@ -0,0 +1,79 @@ +import { describe, it, expect } from "vitest"; + +const { humanifyKey, jsonObjectToMarkdown } = await import("./json_object_to_markdown.cjs"); + +describe("json_object_to_markdown.cjs", () => { + describe("humanifyKey", () => { + it("should replace underscores with spaces", () => { + expect(humanifyKey("engine_id")).toBe("engine id"); + expect(humanifyKey("firewall_enabled")).toBe("firewall enabled"); + expect(humanifyKey("awf_version")).toBe("awf version"); + }); + + it("should replace hyphens with spaces", () => { + expect(humanifyKey("run-id")).toBe("run id"); + expect(humanifyKey("awf-version")).toBe("awf version"); + }); + + it("should leave keys without separators unchanged", () => { + expect(humanifyKey("version")).toBe("version"); + expect(humanifyKey("model")).toBe("model"); + }); + }); + + it("should render flat key-value pairs with humanified keys", () => { + const obj = { engine_id: "copilot", version: "v1.0.0" }; + const result = jsonObjectToMarkdown(obj); + expect(result).toContain("- **engine id**: copilot"); + expect(result).toContain("- **version**: v1.0.0"); + }); + + it("should render boolean values as true/false strings", () => { + const obj = { firewall_enabled: true, staged: false }; + const result = jsonObjectToMarkdown(obj); + expect(result).toContain("- **firewall enabled**: true"); + expect(result).toContain("- **staged**: false"); + }); + + it("should render null/undefined/empty string values as (none)", () => { + const obj = { model: "", awf_version: null, agent_version: undefined }; + const result = jsonObjectToMarkdown(obj); + expect(result).toContain("- **model**: (none)"); + expect(result).toContain("- **awf version**: (none)"); + expect(result).toContain("- **agent version**: (none)"); + }); + + it("should render non-empty arrays as sub-bullet lists", () => { + const obj = { allowed_domains: ["example.com", "github.com"] }; + const result = jsonObjectToMarkdown(obj); + expect(result).toContain("- **allowed domains**:"); + expect(result).toContain(" - example.com"); + expect(result).toContain(" - github.com"); + }); + + it("should render empty arrays as (none)", () => { + const obj = { allowed_domains: [] }; + const result = jsonObjectToMarkdown(obj); + expect(result).toContain("- **allowed domains**: (none)"); + }); + + it("should render nested objects as indented sub-bullet lists", () => { + const obj = { steps: { firewall: "iptables" } }; + const result = jsonObjectToMarkdown(obj); + expect(result).toContain("- **steps**:"); + expect(result).toContain(" - **firewall**: iptables"); + }); + + it("should return empty string for null or non-object input", () => { + expect(jsonObjectToMarkdown(null)).toBe(""); + expect(jsonObjectToMarkdown(undefined)).toBe(""); + expect(jsonObjectToMarkdown([])).toBe(""); + }); + + it("should handle numeric values", () => { + const obj = { run_id: 12345, run_number: 7 }; + const result = jsonObjectToMarkdown(obj); + expect(result).toContain("- **run id**: 12345"); + expect(result).toContain("- **run number**: 7"); + }); +});