diff --git a/actions/setup/js/determine_automatic_lockdown.cjs b/actions/setup/js/determine_automatic_lockdown.cjs index 33ea82843c..8dadd637ee 100644 --- a/actions/setup/js/determine_automatic_lockdown.cjs +++ b/actions/setup/js/determine_automatic_lockdown.cjs @@ -60,21 +60,19 @@ async function determineAutomaticLockdown(github, context, core) { const resolvedMinIntegrity = configuredMinIntegrity || defaultMinIntegrity; if (!configuredMinIntegrity) { core.info(`min-integrity not configured — automatically setting to '${defaultMinIntegrity}' for ${visibility} repository`); - core.setOutput("min_integrity", defaultMinIntegrity); } else { core.info(`min-integrity already configured as '${configuredMinIntegrity}' — not overriding`); - core.setOutput("min_integrity", configuredMinIntegrity); } + core.setOutput("min_integrity", resolvedMinIntegrity); // Set repos if not already configured const resolvedRepos = configuredRepos || defaultRepos; if (!configuredRepos) { core.info(`repos not configured — automatically setting to '${defaultRepos}' for ${visibility} repository`); - core.setOutput("repos", defaultRepos); } else { core.info(`repos already configured as '${configuredRepos}' — not overriding`); - core.setOutput("repos", configuredRepos); } + core.setOutput("repos", resolvedRepos); if (isPrivate) { core.info("Automatic guard policy determination complete for private/internal repository"); diff --git a/actions/setup/js/pr_review_buffer.cjs b/actions/setup/js/pr_review_buffer.cjs index 07852b7a3a..e208d705c6 100644 --- a/actions/setup/js/pr_review_buffer.cjs +++ b/actions/setup/js/pr_review_buffer.cjs @@ -211,12 +211,8 @@ function createReviewBuffer() { let body = reviewMetadata ? reviewMetadata.body : ""; // Determine if we should add footer based on footer mode - let shouldAddFooter = false; - if (footerMode === "always") { - shouldAddFooter = true; - } else if (footerMode === "none") { - shouldAddFooter = false; - } else if (footerMode === "if-body") { + let shouldAddFooter = footerMode === "always"; + if (footerMode === "if-body") { // Only add footer if body is non-empty (has meaningful content) shouldAddFooter = body.trim().length > 0; core.info(`Footer mode "if-body": body is ${body.trim().length > 0 ? "non-empty" : "empty"}, ${shouldAddFooter ? "adding" : "skipping"} footer`); diff --git a/pkg/workflow/mcp_environment.go b/pkg/workflow/mcp_environment.go index dfa58c2afa..e14216e763 100644 --- a/pkg/workflow/mcp_environment.go +++ b/pkg/workflow/mcp_environment.go @@ -115,9 +115,9 @@ func collectMCPEnvironmentVariables(tools map[string]any, mcpTools []string, wor maps.Copy(envVars, mcpScriptsSecrets) } - // Check for safe-outputs env vars - // Only add env vars if safe-outputs is actually enabled - // This prevents referencing step outputs that don't exist when safe-outputs isn't used + // Add safe-outputs server connection env vars (port and API key for MCP tools) + // Only add if safe-outputs is actually enabled — avoids referencing step outputs + // that don't exist when safe-outputs isn't used. if workflowData != nil && HasSafeOutputsEnabled(workflowData.SafeOutputs) { // Add server configuration env vars from step outputs envVars["GH_AW_SAFE_OUTPUTS_PORT"] = "${{ steps.safe-outputs-start.outputs.port }}"