Skip to content

refactor: split permissions_validation.go — separate data loading from validation logic#21492

Merged
pelikhan merged 2 commits intomainfrom
copilot/split-permissions-validation-file
Mar 18, 2026
Merged

refactor: split permissions_validation.go — separate data loading from validation logic#21492
pelikhan merged 2 commits intomainfrom
copilot/split-permissions-validation-file

Conversation

Copy link
Contributor

Copilot AI commented Mar 18, 2026
edited
Loading

pkg/workflow/permissions_validation.go (477 lines, 59% over the 300-line limit) mixed two distinct concerns: loading/indexing the embedded github_toolsets_permissions.json data and the active validation logic.

Changes

  • Created pkg/workflow/permissions_toolset_data.go — data layer:

    • permissionsValidationLog (moved here; owns the init() that uses it)
    • //go:embed + githubToolsetsPermissionsJSON
    • GitHubToolsetPermissions, GitHubToolsetsData structs
    • toolsetPermissionsMap + init() JSON loader
    • ValidatableTool interface
    • GitHubToolConfig.GetToolsets() / IsReadOnly() methods
    • collectRequiredPermissions(), isPermissionSufficient() helpers

  • Reduced pkg/workflow/permissions_validation.go — validation logic only:

    • PermissionsValidationResult struct
    • ValidatePermissions(), checkMissingPermissions()
    • FormatValidationMessage(), formatMissingPermissionsMessage()
    • ValidateIncludedPermissions()

No logic changes — pure reorganization. Both files are now under 300 lines.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git git conf�� user.email test@example.com /usr/bin/git --show-toplevel git /usr/bin/head git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel e/git /sh git (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 689083/b398/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 5459-27950/test-git GO111MODULE 4981081/b413=> git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -m Test commit /usr/bin/git che/go-build/bf/git GOPROXY 64/bin/go git rev-�� --show-toplevel /opt/hostedtoolcremote.origin.url /usr/bin/git ub/workflows -trimpath 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git ithub-script/gitgit go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha HEAD git /opt/hostedtoolcache/node/24.14.0/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/n/repos/actions/github-script/git/ref/tags/v8 ./../.prettieriggit git /usr/bin/git sh -c "prettier" --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore git /home/REDACTED/.local/bin/sh --show-toplevel git /usr/bin/git sh (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha 4981081/b421/_pkg_.a GO111MODULE 0/x64/bin/node GOINSECURE b/gh-aw/pkg/stylrev-parse GOMODCACHE 0/x64/bin/node -ato�� ithub-script/git/ref/tags/v8 -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc 4981081/b421/importcfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git 0/x64/bin/node --show-toplevel go /usr/bin/git 0/x64/bin/node rev-�� runs/20260318-005802-32740/test-3846890885 git /usr/bin/git l go /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git h --show-toplevel git /usr/bin/git git rev-�� *.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git nfig/composer/vendor/bin/bash --show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 64/bin/go go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE x_amd64/vet git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git ons/secrets GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git archie.md GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/blog-auditor.md Test User /usr/bin/git -json GO111MODULE 64/bin/go git init�� GOMODCACHE node /usr/bin/git prettier --check 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel -extld=gcc /usr/bin/git -json GO111MODULE 64/bin/go git conf�� = get && echo "******"; }; f get = get && echo "******"; }; f get /usr/bin/git "prettier" --chegit GOPROXY 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/link /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel oJ/BhqTCoRMGewfss9ZXZGY/X4XoDkfiiEtxJ64HjgrP /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --get remote.origin.url (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/TestHashConsistency_WithImports3966985782/001/main.md git e/git --show-toplevel go /usr/bin/git e/git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel go bin/node 0/x64/bin/node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /usr/bin/git git /usr/bin/git --show-toplevel r /usr/bin/git git show�� ormatted successfully" git /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/node --show-toplevel git /usr/bin/git node (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --get remote.origin.url /usr/bin/git -json GO111MODULE 64/bin/go git conf�� user.email test@example.com /usr/bin/git prettier --check 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/gh-aw-test-runs/20260318-005802-32740/test-1151046074/.github/workflows config /usr/bin/git remote.origin.urgit go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go ache/uv/0.10.11/--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /usr/bin/git git ache/node/24.14.0/x64/bin/node --show-toplevel r /usr/bin/git git k/gh�� 822f330567d48782398ca6235103793a58738381:pkg/workflow/permissions_toolset_data.go on rkflow/js/**/*.json /../../.prettiergit erignore /usr/bin/git sh (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE LK/0ZzNt2MF0S5dNCkYJNi7/qsN36FPL2C9ukfHpQSzB env runs/20260318-005459-27950/test-1943159704/.github/workflows GO111MODULE 02bce524b45776269aa70f6e7c7cc010b03ce8fdf32bba52-d l GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git 0/x64/bin/node --show-toplevel x_amd64/link /usr/bin/git git t-ha�� ithub/workflows/blog-auditor.md git /usr/bin/git --show-toplevel us/3YdcVDbgE0y5Grev-parse /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 58738381:pkg/workflow/permissions_validation.go /opt/hostedtoolcache/node/24.14.--jq ache/node/24.14.0/x64/bin/node github.event.issgit git /usr/bin/git git 0/x6�� --show-toplevel git n-dir/node --git-dir mkdir /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 4981081/b419/stringutil.test GOINSECURE GOMOD GOMODCACHE 4981081/b419/stringutil.test (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha ithub/workflows/agent-performance-analyzer.md m0s /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel aw.test /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git git _inc�� */*.ts' '**/*.json' --ignore-path ../../../.prettierignore TH"; [ -n "$GOROOT" ] && export n-dir/sh --show-toplevel du /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha t0 m0s /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git bin/sh --show-toplevel git /opt/hostedtoolc--show-toplevel gh _inc�� */*.ts' '**/*.json' --ignore-path ../../../.prettierignore --jq ache/node/24.14.0/x64/bin/node secrets.GITHUB_Tgit git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 git /usr/bin/git --show-toplevel x_amd64/link /usr/bin/git git rev-�� --show-toplevel git cal/bin/bash --show-toplevel GZ/UGKM_FbdUZ8dYrev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 docker /usr/bin/git test/concurrent-git go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git p.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.pro go /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 docker /usr/bin/git test/race-image:git go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git rev-�� 5802-32740/test-3588851323/.github/workflows git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git rev-�� 5802-32740/test-3588851323/.github/workflows git ache/node/24.14.0/x64/bin/bash --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE kR/yyjxJESSHc3089fRgrZr/T0NlY2ByaI2xHQJ-FggC (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 git /usr/bin/git --show-toplevel x_amd64/link /usr/bin/git git rev-�� --show-toplevel git k/_temp/ghcca-node/node/bin/bash --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git rev-�� 5802-32740/test-1871736580/.github/workflows git sh --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 689083/b410/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/styl-c GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 /tmp/go-build3904981081/b416/importcfg -pack /tmp/go-build3904981081/b416/_testmain.go env i8G4/45hDXM0ZBsSGOSUMDB GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 689083/b418/impo--json (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 113666864/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 4981081/b401/_pkgit GO111MODULE 4981081/b401=> git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha ignore-path ../../../.prettierignore git /opt/hostedtoolcache/node/24.14.0/x64/bin/npm --show-toplevel l /usr/bin/git /opt/hostedtoolcache/node/24.14.0/x64/bin/npm inst�� --package-lock-only git /usr/bin/git --show-toplevel git /opt/hostedtoolcnpx prettier --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel 0/x64/bin/node /usr/bin/git bility_SameInputgit GOPROXY /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git s/test.md go /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha --show-toplevel nly /usr/bin/git ErrorFormatting3node GOPROXY ache/node/24.14./tmp/TestHashStability_SameInputSameOutput28818608/001/stability-test.md git rev-�� --show-toplevel git /usr/bin/git k/gh-aw/gh-aw/.ggit rev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� run lint:cjs 64/bin/go GOSUMDB GOWORK 64/bin/go sh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel nly /usr/bin/git GOPATH GOPROXY ache/node/24.14.--show-toplevel git rev-�� --show-toplevel git /usr/bin/git k/gh-aw/gh-aw/.ggit go /tmp/go-build390--show-toplevel git (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc/repos/actions/checkout/git/ref/tags/v5 git rev-�� --show-toplevel go /usr/bin/git r/test-repo/actigit GO111MODULE 0/x64/bin/node git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ignore-path ../../../.prettierignore git /home/REDACTED/wor/tmp/extras-10554-TDs2LKrRKVuO-code-review.json /tmp/gh-aw-test-sh rev-parse /usr/bin/git node /opt�� install --package-lock-o--custom-instructions /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion 638/001/go/1.25.git go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 689083/b419/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/scripts GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD erignore ache/go/1.25.0/xGO111MODULE env 689083/b403/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git ipts.test GO111MODULE ortcfg.link git rev-�� --show-toplevel U8IGZ3xsiiK_VzgSGT/jqXiqKS2mm7rGowner=github /usr/bin/git -json GO111MODULE g_.a git (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build3904981081/b383/cli.test /tmp/go-build3904981081/b383/cli.test -test.testlogfile=/tmp/go-build3904981081/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE erignore env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /tmp/go-build3410176613/b359/cli.test /tmp/go-build3410176613/b359/cli.test -test.testlogfile=/tmp/go-build3410176613/b359/testlog.txt -test.paniconexit0 -test.timeout=10m0s rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE .cfg git (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE env 689083/b394/_pkgGOINSECURE GO111MODULE 64/bin/go GOINSECURE b/gh-aw/pkg/fileenv GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git KalLpCxFj GO111MODULE 4981081/b408=> git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.

Copilot AI linked an issue Mar 18, 2026 that may be closed by this pull request
[plan] Split permissions_validation.go — separate data loading from validation logic #21480
Closed
6 tasks
@pelikhan
refactor: split permissions_validation.go into data layer and validat…
3663657 
…ion logic

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] [plan] Split permissions_validation.go into data loading and validation logic refactor: split permissions_validation.go — separate data loading from validation logic Mar 18, 2026
Copilot AI requested a review from pelikhan March 18, 2026 01:03
@github-actions github-actions bot mentioned this pull request Mar 18, 2026
Closed
@pelikhan pelikhan marked this pull request as ready for review March 18, 2026 01:31
Copilot AI review requested due to automatic review settings March 18, 2026 01:31
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Refactors the workflow permissions validation implementation by splitting embedded GitHub toolset permission data loading/indexing from the active validation/formatting logic, keeping each file under the project’s 300-line guideline.

Changes:

  • Moved embedded JSON loading, toolset-permission indexing, and helper utilities into a new data-focused file.
  • Reduced permissions_validation.go to focus on validation flow, result structures, and message formatting.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pkg/workflow/permissions_validation.go Removes embedded JSON loading/data definitions, leaving validation logic and formatting.
pkg/workflow/permissions_toolset_data.go New file containing embedded JSON, toolset permission map initialization, and shared helpers/interfaces.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@pelikhan
Copy link
Contributor

pelikhan commented Mar 18, 2026

@copilot Review comments

@pelikhan pelikhan merged commit 15f9fdd into main Mar 18, 2026
115 of 116 checks passed
@pelikhan pelikhan deleted the copilot/split-permissions-validation-file branch March 18, 2026 01:37
Copilot stopped work on behalf of pelikhan due to an error March 18, 2026 01:37
The session was cancelled by the user.
This was referenced Mar 18, 2026
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[plan] Split permissions_validation.go — separate data loading from validation logic

3 participants

@pelikhan