refactor: migrate /opt/gh-aw to ${{ runner.temp }}/gh-aw for self-hosted runner compatibility

[Copilot]

The actions/setup action and compiled workflows hardcode /opt/gh-aw/ as the destination for scripts, binaries, and runtime files. Self-hosted runners typically don't grant write access to /opt, breaking all workflow execution on those environments.

Replaces /opt/gh-aw/ with $RUNNER_TEMP/gh-aw/ across the entire compilation pipeline. RUNNER_TEMP is guaranteed writable by GitHub Actions on all runner types. Uses the appropriate expression form depending on the resolution context to avoid exceeding GitHub Actions' 21KB expression size limit.

Core constants

• Added GhAwRootDir in pkg/constants/constants.go for YAML with:/env: fields: "${{ runner.temp }}/gh-aw"
• Added GhAwRootDirShell for shell run: blocks and Docker mounts: "${RUNNER_TEMP}/gh-aw"
• Added derived constants in setup_action_paths.go: SetupActionDestination, SetupActionDestinationShell, SafeOutputsDir, SafeOutputsDirShell, GhAwMCPScriptsDir, GhAwBinaryPath, SafeJobsDownloadDir
• Updated DefaultGhAwMount to use GhAwRootDirShell for both source and target

Setup action (actions/setup/)

• setup.sh: defaults to ${RUNNER_TEMP}/gh-aw, adds write-access validation before proceeding
• action.yml: default input changed to ${{ runner.temp }}/gh-aw/actions
• Shell scripts (sh/*.sh): use ${RUNNER_TEMP}/gh-aw instead of /opt/gh-aw

JavaScript runtime files (actions/setup/js/)

• 18 .cjs files updated to use `${process.env.RUNNER_TEMP}/gh-aw/...` template literals
• Env-var fallback patterns like process.env.GH_AW_X || "/opt/gh-aw/..." updated accordingly

Compiled output

• 30+ Go source files generating YAML now emit the appropriate path form
• All 174 .lock.yml files recompiled successfully
• Golden test fixtures updated

Path resolution by context

Context	Expression	Resolved by
YAML with: / env: fields	${{ runner.temp }}/gh-aw	GitHub Actions template engine
YAML run: blocks (shell)	${RUNNER_TEMP}/gh-aw	Bash
require() in script: blocks	${{ runner.temp }}/gh-aw	GitHub Actions (before Node.js)
Shell scripts (*.sh)	${RUNNER_TEMP}/gh-aw	Bash
JavaScript runtime (*.cjs)	process.env.RUNNER_TEMP	Node.js
Docker mounts	${RUNNER_TEMP}/gh-aw	Shell (container runtime)

The two-form approach (${{ runner.temp }} vs ${RUNNER_TEMP}) is necessary because run: blocks can contain GitHub Actions template expressions that count toward the 21KB YAML value size limit. Using the shorter shell env var form (${RUNNER_TEMP}, 16 chars) instead of the Actions expression (${{ runner.temp }}, 23 chars) in run: blocks keeps large workflows like smoke-claude.md under the limit.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

---

✨ PR Review Safe Output Test - Run 23220215251

💥 [THE END] — Illustrated by Smoke Claude · ◷

---

---

✨ PR Review Safe Output Test - Run 23220647804

💥 [THE END] — Illustrated by Smoke Claude · ◷

---

---

✨ PR Review Safe Output Test - Run 23222225233

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

Hey @Copilot 👋 — thanks for tackling the self-hosted runner path-compatibility issue! Swapping the hardcoded /opt/gh-aw/ root for $\{\{ runner.temp }}/gh-aw is exactly the right approach and the PR description is well-structured. A few things need attention before this can move to review:

• Draft state — the PR is currently marked as a draft. Once the items below are resolved, flip it to "Ready for review" so maintainers know it's ready.

• Branch name doesn't match scope — the head branch is copilot/fix-copilot-access-azure-apis, but the PR is about path migration for self-hosted runner compatibility. This mismatch suggests the agent may have pivoted away from its original task mid-session. Please confirm this is intentional and that no Azure-API work was left incomplete or mixed in.

• Agent hit firewall errors during execution — the PR body contains a warning block showing the agent was blocked from reaching api.github.com/graphql, /orgs/test-owner/actions/secrets, and several /repos/.../git/ref/tags/... endpoints during its run. This means the agent could not fully verify tag SHAs or repository state. It's worth confirming that make agent-finish (build → test → recompile → lint → lint-errors) was run to completion in a non-restricted environment and all checks passed locally before this is merged.

• No linked issue — the CONTRIBUTING.md process expects a core team member to initiate work from an agentic plan in an issue. The PR body doesn't reference a triggering issue. If one exists, please add a Closes #(issue) link so reviewers have the full context.

If you'd like to address the validation gap, you can assign this prompt to your coding agent:

You are working on PR #21443 in github/gh-aw.
The PR migrates hardcoded `/opt/gh-aw/` paths to `$\{\{ runner.temp }}/gh-aw` for self-hosted runner compatibility.

Please do the following to bring the PR to a mergeable state:

1. Run `make agent-finish` in the repo root (this runs build, test, recompile, fmt, lint, and lint-errors). Confirm all steps pass and report the output.
2. Verify the branch name `copilot/fix-copilot-access-azure-apis` does not contain any uncommitted or partial work related to Azure API access. If any such changes exist, either commit them or revert them explicitly.
3. Check that every file that previously contained `/opt/gh-aw` now contains the correct replacement:
   - YAML `run:` / `with:` blocks → `$\{\{ runner.temp }}/gh-aw`
   - Shell scripts → `\$\{RUNNER_TEMP}/gh-aw`
   - JavaScript/CJS files → `` `\$\{process.env.RUNNER_TEMP}/gh-aw/...` ``
   - Go constants in `pkg/constants/constants.go` → the `GhAwRootDir` constant using the expression form
   Run: `grep -r '/opt/gh-aw' --include='*.go' --include='*.sh' --include='*.cjs' --include='*.yml' . | grep -v '.lock.yml'`
   and confirm zero results outside of lock files.
4. Once clean, mark the PR as "Ready for review".

Generated by Contribution Check · ◷

[Mossaka]

@copilot can you fix this broken CI? https://github.com/github/gh-aw/actions/runs/23216102295/job/67480338381?pr=21443

[Copilot]

@copilot can you fix this broken CI? https://github.com/github/gh-aw/actions/runs/23216102295/job/67480338381?pr=21443

Fixed in b92e3ba. The CI failure was caused by smoke-claude.md exceeding GitHub Actions' 21KB expression size limit — the longer ${{ runner.temp }}/gh-aw path (23 chars) vs the old /opt/gh-aw (10 chars) pushed run: blocks over the limit.

The fix uses ${RUNNER_TEMP}/gh-aw (shell env var, 16 chars) in run: blocks where shell resolves the variable, and keeps ${{ runner.temp }}/gh-aw only in with:/env: YAML fields where GitHub Actions template resolution is required. All 174 workflows now compile successfully.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw %H %ct %D 4d0a13016785ee71--noprofile git rev-�� k/gh-aw/gh-aw/.github/workflows (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw hB897sf/JK2M6BGE-rl (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet w|g -f x86_64/bash /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build1185160492/b037/vet.cfg 5160492/b335/vet.cfg k/gh-aw/gh-aw/.ggit rev-parse /usr/bin/git /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --noprofile git /usr/local/.ghcup/bin/bash --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git bash --no�� --noprofile git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha graphql -f /usr/bin/infocmp -f owner=github -f infocmp -1 xterm-color git /usr/bin/infocmp --show-toplevel ache/go/1.25.0/xrev-parse /usr/bin/sed infocmp (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha k/gh-aw/gh-aw/.github/workflows git 64/pkg/tool/linux_amd64/vet l credential.helperev-parse /snap/bin/git 64/pkg/tool/linux_amd64/vet -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse .cfg ithub/workflows (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile --show-toplevel sed /usr/bin/git ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile rev-�� --show-toplevel git k/_temp/ghcca-node/node/bin/bash --show-toplevel x_amd64/vet /usr/bin/git node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --noprofile git n-dir/bash --show-toplevel kflow.test /usr/bin/git bash --no�� --noprofile git /usr/bin/git --show-toplevel git ed } } git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -unreachable=false /tmp/go-build1185160492/b186/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet xterm-color (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel sed /usr/bin/git 9c57-dirty pkg/workflow/pr.rev-parse x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git --noprofile (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet ./cmd/gh-aw (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha se 5160492/b191/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet remote.origin.urgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel bash (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 5160492/b120/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -f owner=github -f ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet api graphql -f /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -f owner=github -f /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 5160492/b190/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -f owner=github -f ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet k/gh-aw/gh-aw/.ggit -f r: $owner, name:--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 5160492/b197/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet k/gh-aw/gh-aw/.ggit --always /usr/bin/infocmp--show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet remote.origin.urgit (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha se 5160492/b184/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet k/gh-aw/gh-aw/.ggit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha x_amd64/vet git k/_temp/uv-python-dir/bash --show-toplevel x_amd64/vet /usr/bin/git /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /usr/bin/bash -errorsas -ifaceassert -nilfunc bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha xterm-color git nfig/composer/vendor/bin/bash --show-toplevel node /usr/bin/git /usr/bin/gh api graphql -f /usr/bin/infocmp -f owner=github -f infocmp (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha se 5160492/b186/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -f owner=github -f ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet k/gh-aw/gh-aw/.ggit -f r: $owner, name:--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha x_amd64/vet 8815347/b001/_testmain.go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link --show-toplevel x_amd64/vet /usr/bin/git /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link -V=f�� 64/pkg/tool/linu--show-toplevel git /usr/local/bin/bash --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha k/gh-aw/gh-aw/.github/workflows config sh l node /usr/bin/git git -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel ache/go/1.25.0/xrev-parse $name) { has--show-toplevel node (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha w|g -f $name) { hasDiscussionsEnabled } } -f owner=github -f infocmp -1 w|g _CompileFixtures/smoke-test-tools.golden de/node/bin/bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq .object.sha w|g rev-parse $name) { hasDiscussionsEnabled } } (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha ithub/workflows (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel bash /usr/bin/git git _inc�� --show-toplevel git 64/pkg/tool/linux_amd64/asm --show-toplevel head /usr/bin/git 64/pkg/tool/linux_amd64/asm (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 64/pkg/tool/linu--show-toplevel git me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } --show-toplevel 64/pkg/tool/linurev-parse ed } } node js/f�� ithub/workflows git /usr/sbin/iptables --show-toplevel git /usr/bin/git iptables (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ." HEAD (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel node /usr/bin/git mWF6YBFsn git ache/go/1.25.0/x--noprofile git s --show-toplevel rtcfg /usr/bin/git g/workflow/featugit g/workflow/impor-C ache/go/1.25.0/x/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility /home/REDACTED/work/gh-aw/gh-aw/.github/workflows er@0.29.0 (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet r: $owner, name: $name) { hasDiscussionsEnabled } } -bool -buildtags /usr/local/bin/b/repos/githubnext/agentics/git/ref/tags/# git ance�� --show-toplevel bash (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha k/gh-aw/gh-aw/.github/workflows pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/basic-copilot.golden 64/pkg/tool/linux_amd64/vet ithub/workflows --global bin/bash 64/pkg/tool/linux_amd64/vet ache�� --get .cfg 64/pkg/tool/linux_amd64/vet PATH: ${{ REDACTEDgit olden (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git ndor/bin/bash --show-toplevel /tmp/go-build118rev-parse /usr/bin/git git _lab�� --show-toplevel git /usr/bin/git --show-toplevel bash /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha /usr/bin/git git me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } --show-toplevel git /usr/bin/git sed -ne s/^session\.gc_maxlifetime=\(.*\)$/\1/p git er: String!, $name: String!) { repository(owne-f --show-toplevel git /usr/bin/git bash (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha k/gh-aw/gh-aw/.github/workflows git 64/pkg/tool/linux_amd64/vet get --global DiscussionsEnabl--show-toplevel 64/pkg/tool/linux_amd64/vet ache�� --validate .cfg 64/pkg/tool/linux_amd64/vet --stats olden me: String!) { --show-toplevel 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel /home/REDACTED/worrev-parse /usr/bin/git git _lab�� --show-toplevel git /usr/bin/git --show-toplevel bash /usr/bin/git git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows git /usr/bin/sed --show-toplevel git /usr/bin/git sed -ne ithub/workflows git /home/REDACTED/.cargo/bin/bash --show-toplevel git /usr/bin/git bash (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha hs.go config repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } remote.origin.ur/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git /home/REDACTED/wor/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/cgo rev-parse ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git /home/REDACTED/worbash rev-parse 5160492/b159/vet--noprofile git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link 0/x64/bin/node ache/go/1.25.0/xinfocmp git .0/x64/bin/go git cjs --show-toplevel git /usr/bin/git --show-toplevel gh /usr/bin/gh git (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --noprofile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel node /usr/bin/bash x_amd64/vet git p/bin/bash bash -c export GOROOT="/tmp/TestGetNpmBinPathSetup_GorootOrdering2167638119/001/go/1.25.0/x64"; export Pgit git /usr/bin/git --show-toplevel git /tmp/go-build142graphql git (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha }}/gh-aw -f bash -f owner=github -f bash --no�� --noprofile x_amd64/link tnet/tools/bash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git se 5160492/b165/vet-V=full ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git graphql -f /opt/hostedtoolc--noprofile git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x--format=format:%H %ct %D 0/x64/bin/node /tmp/go-build422git -importcfg /usr/bin/git git cjs --show-toplevel git 0/x64/bin/bash --show-toplevel -extld=gcc /usr/bin/git git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Mossaka]

@copilot please fix this CI failure: https://github.com/github/gh-aw/actions/runs/23217782629/job/67483556967?pr=21443

[Mossaka]

@copilot please fix please fix this CI failure: https://github.com/github/gh-aw/actions/runs/23217782629/job/67483556967?pr=21443

[github-actions]

Smoke Test Results — Run §23220647777

Test	Status
GitHub MCP	✅
MCP Scripts GH CLI	✅
Serena MCP	❌
Playwright	✅
Web Fetch	✅
File Writing	✅
Bash Tool	✅
Discussion Interaction	✅
Build gh-aw	✅
Discussion Creation	✅
Workflow Dispatch	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS — Serena MCP tools not available

PR author: @app/copilot-swe-agent | Triggered by: @Mossaka

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions]

Smoke test review ✅ — This PR correctly migrates hardcoded /opt/gh-aw paths to ${{ runner.temp }}/gh-aw for self-hosted runner compatibility. Changes look consistent across workflow files. Two inline notes added.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

The $\{\{ runner.temp }}/gh-aw/actions destination looks correct. Note that runner.temp is ephemeral — cleaned between jobs in some runner configurations. This should be fine since actions/setup runs in the same job context.

[github-actions]

Good changeset description — clearly explains the motivation (self-hosted runners without /opt write access). Consider also mentioning that the runner.temp directory is cleaned up after each job, so any persistent state needs to be handled accordingly.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[pelikhan]

@Mossaka ensure that the agent container does not have rw access to the folder where the actions javascript is copied

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	v4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	v20.20.1
python3	✅	3.12.3
go	✅	1.24.13
java	✅	21.0.10 (Temurin)
dotnet	✅	10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test · ◷

[github-actions]

Smoke Test (Codex)

• PRs: Surface GitHub App authentication failures as explicit errors in agent failure issues #21424 Surface GitHub App authentication failures as explicit errors in agent failure issues; fix: ensure safe-outputs staged mode works for all handler types #21414 fix: ensure safe-outputs staged mode works for all handler types
• GitHub MCP (2 merged PRs): ✅
• Serena MCP (activate + find_symbol >=3): ❌ (find_symbol failed after activation due MCP EOF/connection closed)
• Playwright (github.com title contains GitHub): ✅
• Web-fetch (github.com contains GitHub): ✅
• File write/read (/tmp/gh-aw/agent/smoke-test-codex-23222225139.txt): ✅
• Bash build (GOCACHE=/tmp/go-cache GOMODCACHE=/tmp/go-mod make build): ✅
• Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• ab.chatgpt.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "ab.chatgpt.com"

See Network Configuration for more information.

[github-actions]

Smoke Test Results - Run §23222225140

Test	Status
GitHub MCP	✅
MCP Scripts GH CLI	✅
Serena MCP	❌ (unavailable)
Playwright	✅
Web Fetch	✅
File Writing	✅
Bash Tool	✅
Discussion Interaction	✅
Build gh-aw	✅
Discussion Creation	✅
Workflow Dispatch	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS (11/12 — Serena MCP tools not available)

PR Author: @Mossaka

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions]

This PR correctly migrates hardcoded /opt/gh-aw paths to ${{ runner.temp }}/gh-aw for self-hosted runner compatibility. The changes are consistent across all workflow lock files. No functional issues found — smoke test review complete.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Good changeset description! Clearly explains the motivation (self-hosted runner compatibility) and both path formats used in the PR.

[github-actions]

The \$\{RUNNER_TEMP}/gh-aw approach is a great fix for self-hosted runner compatibility. Consider adding a note in the docs about this requirement for self-hosted runner setups.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results — Run §23222225233

Status: PARTIAL (2 skipped, all others ✅)

Test	Result
1 GitHub MCP	✅
2 GH CLI Scripts	✅
3 Serena MCP	✅
4 Make Build	✅
5 Playwright	✅
6 Tavily Search	✅
7 File Write	✅
8 Bash Tool	✅
9 Discussion Comment	✅
10 AW MCP Status	✅
11 Update PR	✅
12 Review Comments	✅
13 Submit Review	✅
14 Resolve Thread	⚠️ Skipped
15 Add Reviewer	✅
16 Push to Branch	✅
17 Close PR	⚠️ Skipped

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Good description of the change! Consider also mentioning the benefit for cloud-hosted runners to make it clear this is backward-compatible.

[github-actions]

Correct patch-level bump for this compatibility improvement — no breaking API changes here.