From 6e609e7bb5f4b941e6cd76083e18699e22eab2f4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 23 Mar 2026 07:36:32 +0000 Subject: [PATCH] docs: update layout specification for 2026-03-23 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Bump lock file count from 172 to 177 - Add actions-ecosystem/action-add-labels action - Update astral-sh/setup-uv SHA - Fix /opt/gh-aw paths to use ${{ runner.temp }}/gh-aw (GhAwRootDir) - Update DefaultFirewallVersion v0.23.0 → v0.24.5 - Update DefaultMCPGatewayVersion v0.1.8 → v0.1.26 - Add DefaultAPMVersion v0.8.3 - Add GhAwRootDir/GhAwRootDirShell constants to directory paths - Expand artifact name constants (AgentArtifactName, DetectionArtifactName, etc.) - Add new /tmp/gh-aw/ paths: agent-step-summary.md, gemini-client-error-*.json, mcp-payloads/, safe-output-items.jsonl, safeoutputs.jsonl Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- scratchpad/layout.md | 48 ++++++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/scratchpad/layout.md b/scratchpad/layout.md index 399f4b3eb52..a5dbb388020 100644 --- a/scratchpad/layout.md +++ b/scratchpad/layout.md @@ -1,18 +1,18 @@ # GitHub Actions Workflow Layout Specification > Auto-generated specification documenting patterns used in compiled `.lock.yml` files. -> Last updated: 2026-03-16 +> Last updated: 2026-03-23 ## Overview This document catalogs all file paths, folder names, artifact names, and other patterns used across our compiled GitHub Actions workflows (`.lock.yml` files). It serves as a comprehensive reference for developers working with the gh-aw codebase. **Statistics:** -- **Lock files analyzed**: 172 -- **Unique GitHub Actions**: 23 +- **Lock files analyzed**: 177 +- **Unique GitHub Actions**: 24 - **Artifact patterns**: 22 - **Job name patterns**: 25 -- **File path references**: 37 +- **File path references**: 40 ## GitHub Actions @@ -36,13 +36,14 @@ Common GitHub Actions used across compiled workflows: | `docker/build-push-action` | `d08e5c35...` | Builds and pushes Docker images | Used in release workflows | | `docker/login-action` | `b45d80f8...` | Logs in to Docker registry | Used before pushing Docker images | | `docker/metadata-action` | `030e8812...` | Extracts Docker metadata | Used for tagging Docker images | -| `astral-sh/setup-uv` | `e06108dd...`, `eac588ad...` | Sets up uv package manager | Used for Python package management | +| `astral-sh/setup-uv` | `29b21a8...`, `eac588ad...` | Sets up uv package manager | Used for Python package management | | `anchore/sbom-action` | `57aae528...` | Generates SBOM | Used for security and compliance | | `super-linter/super-linter` | `61abc07...` | Runs super-linter | Used for code quality checks | | `github/stale-repos` | `f592689f...` | Manages stale repositories | Used for repository maintenance | | `microsoft/apm-action` | `5eac264...` | Collects APM bundle data | Used for performance monitoring and APM artifact creation | | `./actions/setup` | N/A (local) | Custom setup action | Copies JavaScript and shell scripts to `/tmp/gh-aw/actions` | | `github/gh-aw-actions/setup` | `c303e453...` | Remote setup action | Same as local `./actions/setup` but referenced remotely from gh-aw-actions repo | +| `actions-ecosystem/action-add-labels` | `c96b68f...` | Adds labels to issues/PRs | Used in safe-output jobs for label management | ## Artifact Names @@ -141,11 +142,15 @@ Common file paths referenced in workflow files: | `/tmp/gh-aw/python/*.py` | Files | Python scripts | Python scripts generated or used by agent | | `/tmp/gh-aw/python/charts/*.png` | Files | Python chart images | Chart images generated by Python scripts | | `/tmp/gh-aw/python/data/*` | Files | Python data files | Data files used by Python scripts | -| `/opt/gh-aw/actions` | Directory | Setup action scripts | Destination for copied JavaScript and shell scripts | -| `/opt/gh-aw/safe-jobs/` | Directory | Safe job definitions | Safe output job definitions and handlers | -| `/opt/gh-aw/gh-aw` | File | gh-aw binary | The gh-aw CLI binary copied for use in safe-output jobs | -| `/opt/gh-aw/prompts/` | Directory | Built-in prompts | System prompt files included in agent context | -| `/opt/gh-aw/safeoutputs/` | Directory | Safe outputs runtime | Safe outputs MCP server, config, and output files | +| `/tmp/gh-aw/agent-step-summary.md` | File | Agent step summary | Markdown summary of agent execution steps | +| `/tmp/gh-aw/gemini-client-error-*.json` | Files | Gemini error logs | Error details from Gemini client execution | +| `/tmp/gh-aw/mcp-payloads/` | Directory | MCP gateway payloads | Payload data for MCP gateway communication | +| `/tmp/gh-aw/safe-output-items.jsonl` | File | Safe output items | JSONL manifest of safe output items (uploaded as artifact) | +| `/tmp/gh-aw/safeoutputs.jsonl` | File | Safe outputs NDJSON | Raw safe outputs data file | +| `${{ runner.temp }}/gh-aw/actions` | Directory | Setup action scripts | Destination for copied JavaScript and shell scripts (replaces `/opt/gh-aw/actions`) | +| `${{ runner.temp }}/gh-aw/safe-jobs/` | Directory | Safe job definitions | Safe output job definitions and handlers | +| `${{ runner.temp }}/gh-aw/gh-aw` | File | gh-aw binary | The gh-aw CLI binary copied for use in safe-output jobs | +| `${{ runner.temp }}/gh-aw/safeoutputs/` | Directory | Safe outputs runtime | Safe outputs MCP server, config, and output files | | `${{ env.GH_AW_AGENT_OUTPUT }}` | Environment var | Agent output path | Dynamic path to agent output file | | `${{ env.GH_AW_SAFE_OUTPUTS }}` | Environment var | Safe outputs path | Dynamic path to safe outputs directory | @@ -167,7 +172,14 @@ Key constants defined in Go code that relate to workflow layout: ````go const SafeOutputArtifactName = "safe-output" const AgentOutputArtifactName = "agent-output" +const AgentArtifactName = "agent" +const DetectionArtifactName = "detection" +const ActivationArtifactName = "activation" +const APMArtifactName = "apm" +const SafeOutputItemsArtifactName = "safe-output-items" const AgentOutputFilename = "agent_output.json" +const SafeOutputsFilename = "safeoutputs.jsonl" +const ArtifactPrefixOutputName = "artifact_prefix" ```` ### Job Names @@ -192,9 +204,10 @@ const CheckSkipBotsStepID StepID = "check_skip_bots" ### Directory Paths ````go +const GhAwRootDir = "${{ runner.temp }}/gh-aw" +const GhAwRootDirShell = "${RUNNER_TEMP}/gh-aw" const AWFProxyLogsDir = "/tmp/gh-aw/sandbox/firewall/logs" const DefaultMCPGatewayPayloadDir = "/tmp/gh-aw/mcp-payloads" -const DefaultActivationJobRunnerImage = "ubuntu-slim" ```` ### MCP Server IDs @@ -211,9 +224,10 @@ const DefaultClaudeCodeVersion Version = "latest" const DefaultCodexVersion Version = "latest" const DefaultGeminiVersion Version = "latest" const DefaultGitHubMCPServerVersion Version = "v0.32.0" -const DefaultFirewallVersion Version = "v0.23.0" -const DefaultMCPGatewayVersion Version = "v0.1.8" +const DefaultFirewallVersion Version = "v0.24.5" +const DefaultMCPGatewayVersion Version = "v0.1.26" const DefaultPlaywrightMCPVersion Version = "0.0.68" +const DefaultAPMVersion Version = "v0.8.3" const DefaultPlaywrightBrowserVersion Version = "v1.58.2" const DefaultMCPSDKVersion Version = "1.24.0" const DefaultBunVersion Version = "1.1" @@ -242,7 +256,7 @@ const DevModeGhAwImage = "localhost/gh-aw:dev" ### Docker Mounts ````go -const DefaultGhAwMount = "/opt/gh-aw:/opt/gh-aw:ro" +const DefaultGhAwMount = "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" const DefaultGhBinaryMount = "/usr/bin/gh:/usr/bin/gh:ro" const DefaultTmpGhAwMount = "/tmp/gh-aw:/tmp/gh-aw:rw" const DefaultWorkspaceMount = "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}:rw" @@ -401,9 +415,9 @@ This specification is automatically maintained by the **Layout Specification Mai 4. Updates this document with findings 5. Creates a PR with the changes -**Last extraction run**: 2026-03-16 -**Lock files analyzed**: 172 -**Patterns documented**: 220+ +**Last extraction run**: 2026-03-23 +**Lock files analyzed**: 177 +**Patterns documented**: 230+ ---