Skip to content

fix: validate safe-output names in gh aw new against JSON schema; fix create-project oneOf#21981

Merged
pelikhan merged 3 commits intomainfrom
copilot/fix-invalid-safe-outputs
Mar 20, 2026
Merged

fix: validate safe-output names in gh aw new against JSON schema; fix create-project oneOf#21981
pelikhan merged 3 commits intomainfrom
copilot/fix-invalid-safe-outputs

Conversation

Copy link
Contributor

Copilot AI commented Mar 20, 2026
edited
Loading

Two independent bugs caused valid safe-output names to fail schema validation when used in workflows created via gh aw new.

Schema fix: create-project duplicate null subschema

create-project had two null-matching subschemas in its oneOf, causing oneOf to fail with "subschemas 1, 2 matched" whenever the field was set to null (i.e., create-project:):

# Before fix — two subschemas both match null:
oneOf:
  - {type: object, ...}
  - {type: null}        # ← both match null
  - {enum: [null]}      # ← both match null

Removed the redundant {enum: [null]} entry, leaving the standard two-option pattern used by every other safe-output type.

Template: derive safe-output names from the JSON schema

createWorkflowTemplate had a hardcoded list of 8 commented safe-output options that could silently drift from the schema (invalid names appear, new names go missing). Replaced with buildSafeOutputsSection() which calls parser.GetSafeOutputTypeKeys() to generate the commented block directly from the embedded schema — ensuring push-repo-memory (not a valid schema key) never appears and all current/future valid types are always listed.

Tests

Added pkg/cli/commands_new_test.go with two unit tests that parse the generated template and assert every safe-output key at the type-key indentation level exists in GetSafeOutputTypeKeys(). Uses indentation depth to distinguish type keys from sub-keys (e.g. max:), avoiding fragile name allowlists.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel erignore /usr/bin/git e=false GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node HEAD git /usr/bin/git /opt/hostedtoolcache/node/24.14.0/x64/bin/node (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env json' --ignore-pGOINSECURE GO111MODULE ules/.bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel util.test /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� ref/tags/v1 go /usr/bin/git 1208-39214/test-git GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name /repos/actions/checkout/git/ref/tags/v3 --jq bin/node runs/20260320-15node git /usr/bin/git git ache�� --show-toplevel nly /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /tmp/gh-aw-test-runs/20260320-151208-39214/test-1846320436 status /usr/bin/git .github/workflowgit GO111MODULE bin/sh git rev-�� --show-toplevel go /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha 0/x64/bin/node git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel 0/x64/bin/node /usr/bin/git /opt/hostedtoolcache/node/24.14.0/x64/bin/node /tmp�� vars.MY_VAR git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -aw/git/ref/tags/v2.0.0 GO111MODULE ache/node/24.14.0/x64/bin/node GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile t-11�� sistency_WithImports2120108233/001/main.md -trimpath /usr/bin/git -p github.com/githurev-parse -lang=go1.25 git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha runs/20260320-151411-44042/test-2064053353/custom/workflows git /usr/bin/git --show-toplevel sh /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git uest|push_to_pulgit go /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ck '**/*.cjs' '**/*.ts' '**/*.json' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE tants.test GOINSECURE GOMOD GOMODCACHE tants.test (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git ty-test.md GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel sh /usr/bin/git 1208-39214/test-git GOPROXY ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel node /usr/bin/git --check scripts/**/*.js 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --get remote.origin.url /usr/bin/git -json GO111MODULE 64/bin/go git conf�� user.email test@example.com /usr/bin/git -json GO111MODULE ndor/bin/sh git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git conf�� user.name Test User /usr/bin/git -json GO111MODULE nch,headSha,disp--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel w.test /usr/bin/git 4525/001/stabiligit GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel sh /usr/bin/git Onlymin-integritgit GOPROXY 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE odules/npm/node_GOMODCACHE GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go ode_�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha GOMODCACHE go /usr/bin/git -json GO111MODULE 64/bin/go git bran�� --show-current go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --get remote.origin.url /usr/bin/git -json GO111MODULE 64/bin/go git comm�� -m Initial commit /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git 0/x64/bin/node --show-toplevel go /usr/bin/git 0/x64/bin/node rev-�� --show-toplevel git /usr/bin/git --show-toplevel gcc inPathSetup_Goro--show-toplevel git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 930033/b430/repoutil.test GO111MODULE 930033/b430/importcfg.link GOINSECURE GOMOD GOMODCACHE BlPIPkS6j74YO/KCyQm7JrG_JTdGyVRlef/N6GE9dzJuLpfUe9tz4e_/ThKvzodBlPIPkS6j74YO env ithub-script/git/ref/tags/v8 GO111MODULE 930033/b430/_pkg_.a GOINSECURE GOMOD GOMODCACHE bash (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� runs/20260320-151411-44042/test-1170407105 git /usr/bin/git --show-toplevel /bin/sh /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/cgo GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/cgo (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel sh /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows/archie.md GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env k/gh-aw/gh-aw/.github/workflows GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha sistency_GoAndJavaScript460765044/001/test-frontmatter-with-env-template-expressions.md docker /usr/bin/git test/concurrent-git go /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel sh /usr/bin/git 0/x64/bin/node (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE HC/wPHmRHH07drGotDxh6_4/9rUbv3kNVNgnGPLEQds7 (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� 1411-44042/test-2399053416/.github/workflows git 0/x64/bin/node --show-toplevel go /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 git /usr/bin/infocmp /tmp/file-trackegit l /usr/bin/git infocmp -1 xterm-color git 0/x64/bin/node master git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel x_amd64/link /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 git x_amd64/link --show-toplevel git /usr/bin/git x_amd64/link bran�� --show-current git 0/x64/bin/node user.email test@example.comrev-parse /usr/bin/git mx/Y7sFaDhY_zYD4_9i2epq/mbT46ARD^remote\..*\.gh-resolved$ (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� 1411-44042/test-1023682992/.github/workflows git /usr/bin/git --show-toplevel x_amd64/compile /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 ps x_amd64/link t config /usr/bin/git x_amd64/link log --oneline -10 0/x64/bin/node test.txt git /usr/bin/git jd/Vh_2T2r48tee9QYqAzJ-/vWGKU_dmWl_2iqtNmGNI (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE s9ZXZGY/X4XoDkfiiEtxJ64HjgrP stlo�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 /opt/hostedtoolcache/node/24.14.0/x64/bin/node 0/x64/bin/node GOMODCACHE go /usr/bin/git git t-ha�� orts2257099511/001/main.md git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-current git /opt/hostedtoolc--git-dir git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 gh 0/x64/bin/node list --json /usr/bin/git git t-ha�� ring784726033/001/test1.md git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 git /usr/bin/git /usr/bin/git git /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 /opt/hostedtoolcache/node/24.14.0/x64/bin/node At,event,headBranch,headSha,displayTitle GOMODCACHE go /usr/bin/git git rev-�� 1411-44042/test-2399053416/.github/workflows git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 git /usr/bin/git --show-toplevel l ache/node/24.14.user.email git rev-�� --show-toplevel ache/node/24.14.--jq 0/x64/bin/node /usr/bin/git git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 infocmp /usr/bin/git xterm-color go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 git /usr/bin/gh --show-toplevel git /usr/bin/git gh api /repos/actions/checkout/git/ref/remote.origin.url --jq 0/x64/bin/node user.name Test User ache/node/24.14.--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env json' --ignore-pGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go ache�� y_only_defaults_repo2976359086/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE erignore (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 930033/b314/vet.--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -aw/git/ref/tagsgit GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha on' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 930033/b435/_pkggit 930033/b001/_tes-C 930033/b435=> git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git r-test3420087885git -buildtags /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel infocmp /usr/bin/git xterm-color l /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp --get remote.origin.ur-C /usr/bin/git infocmp (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha on' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha --show-toplevel go ache/uv/0.10.12/x86_64/node -aw/git/ref/tagsgit GO111MODULE 64/pkg/tool/linu--show-toplevel git ache�� --show-toplevel nly /usr/bin/git /tmp/go-build339git -trimpath /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha on' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel go ache/go/1.25.0/x64/bin/node -json GO111MODULE /tmp/go-build339/tmp/gh-aw-test-runs/20260320-151411-44042/test-496069889/.github/workflows git ache�� --show-toplevel nly /usr/bin/git -test.paniconexigh -test.v=true /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel 0/x64/bin/node /usr/bin/git /tmp/TestHashConbash (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE At,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE go ache�� y_with_explicit_repo3821265263/001 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE erignore (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel go /usr/bin/git licyMinIntegritygit GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile ache/go/1.25.0/x64/bin/node 930033/b439/_pkggit GO111MODULE 930033/b439=> n-continued" (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD FFiles,SFiles,Sw/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/auto-triage-issues.md go ache�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion test/race-image:git go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion vars.MY_VAR git /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo es/.bin/node GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git SameOutput109551git GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build339930033/b400/cli.test /tmp/go-build339930033/b400/cli.test -test.testlogfile=/tmp/go-build339930033/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /tmp/go-build1719043888/b001/cli.test /tmp/go-build1719043888/b001/cli.test -test.paniconexit0 -test.timeout=10m0s -test.count=1 rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel go /usr/bin/git /actions/secretsgit GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
    • Triggering command: /tmp/go-build2056581449/b001/cli.test /tmp/go-build2056581449/b001/cli.test -test.paniconexit0 -test.timeout=10m0s -test.count=1 rev-�� --show-toplevel 0/x64/bin/node /usr/bin/git : ${{ github.repnode git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env json' --ignore-pGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel git k/_temp/uv-python-dir/node --show-toplevel git /usr/bin/git git ache�� --show-toplevel nly /usr/bin/git --show-toplevel git /usr/bin/git git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI linked an issue Mar 20, 2026 that may be closed by this pull request
gh aw new safe-outputs are not always valid #21978
Closed
@pelikhan
fix: extract safe-output names from JSON schema in 'gh aw new' and fi…
71db743 
…x create-project oneOf validation

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/a5f8a171-4c41-4193-8b0d-1070e594abbb
Copilot AI changed the title [WIP] Fix invalid safe-outputs in new workflow fix: validate safe-output names in gh aw new against JSON schema; fix create-project oneOf Mar 20, 2026
Copilot AI requested a review from pelikhan March 20, 2026 15:22
@pelikhan pelikhan marked this pull request as ready for review March 20, 2026 16:07
Copilot AI review requested due to automatic review settings March 20, 2026 16:07
Copilot AI reviewed Mar 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes schema and template drift issues that caused valid safe-outputs configurations (particularly in workflows generated by gh aw new) to fail JSON schema validation.

Changes:

  • Removes a duplicate null-matching subschema in create-project’s oneOf to prevent oneOf multi-match failures when set to null.
  • Generates the safe-outputs section in the gh aw new workflow template from the embedded JSON schema (GetSafeOutputTypeKeys()), eliminating hardcoded/incorrect keys.
  • Adds unit tests to ensure all safe-outputs keys emitted by the template are valid schema keys.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
pkg/parser/schemas/main_workflow_schema.json Fixes create-project’s oneOf to avoid invalid multi-match on null.
pkg/cli/commands.go Replaces hardcoded safe-outputs options with schema-derived generation via buildSafeOutputsSection().
pkg/cli/commands_new_test.go Adds tests asserting generated template safe-output keys are all recognized by the schema.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pelikhan pelikhan merged commit f51cd36 into main Mar 20, 2026
49 checks passed
@pelikhan pelikhan deleted the copilot/fix-invalid-safe-outputs branch March 20, 2026 16:46
@github-actions github-actions bot mentioned this pull request Mar 20, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

gh aw new safe-outputs are not always valid

3 participants

@pelikhan