Skip to content

Include actions/setup in sparse-checkout for activation job in dev mode#23145

Merged
lpcox merged 2 commits intocopilot/apply-difc-integrity-filteringfrom
copilot/fix-github-actions-workflow-test-one-more-time
Mar 26, 2026
Merged

Include actions/setup in sparse-checkout for activation job in dev mode#23145
lpcox merged 2 commits intocopilot/apply-difc-integrity-filteringfrom
copilot/fix-github-actions-workflow-test-one-more-time

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 26, 2026
edited
Loading

In dev mode, actions/setup is referenced via a local workspace path (./actions/setup). The activation job's sparse-checkout was only fetching .github and .agents, omitting actions/setup — causing the post-step to fail when it needs the local action.

Changes

  • pkg/workflow/compiler_activation_job.go: generateCheckoutGitHubFolderForActivation now conditionally appends actions/setup to the sparse-checkout extraPaths when c.actionMode.IsDev() is true. This applies to both the cross-repo (workflow_call) and standard checkout paths.
var extraPaths []string
if c.actionMode.IsDev() {
    extraPaths = append(extraPaths, "actions/setup")
}
return cm.GenerateGitHubFolderCheckoutStep("", "", GetActionPin, extraPaths...)
  • 178 .lock.yml files recompiled to reflect updated activation job checkout steps, restoring hash consistency across lock files.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw outputs_target_v-atomic a_validation_tes-bool e_concurrency_te-buildtags ng_d�� ion_none_test.go-errorsas e_concurrency_in-ifaceassert 64/bin/grep (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw outputs_target_v-atomic a_validation_tes-bool e_concurrency_te-buildtags ng_d�� ion_none_test.go-errorsas e_concurrency_in-ifaceassert t (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --local committer.name 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --local --get x_amd64/vet (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Fix the failing GitHub Actions workflow test
Analyze the workflow logs, identify the root cause of the failure, and implement a fix.
Job ID: 68750061706
Job URL: https://github.com/github/gh-aw/actions/runs/23606316384/job/68750061706

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@lpcox lpcox marked this pull request as ready for review March 26, 2026 16:59
Copilot AI review requested due to automatic review settings March 26, 2026 16:59
@lpcox lpcox merged commit bc342ec into copilot/apply-difc-integrity-filtering Mar 26, 2026
32 checks passed
@lpcox lpcox deleted the copilot/fix-github-actions-workflow-test-one-more-time branch March 26, 2026 16:59
Copilot AI restored the copilot/fix-github-actions-workflow-test-one-more-time branch March 26, 2026 16:59
Copilot AI changed the title [WIP] Fix failing GitHub Actions workflow test Include actions/setup in sparse-checkout for activation job in dev mode Mar 26, 2026
Copilot AI requested a review from lpcox March 26, 2026 17:00
Copilot stopped work on behalf of lpcox due to an error March 26, 2026 17:00
The session was cancelled by the user.
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes failing workflow compilation/tests by ensuring the activation job’s sparse-checkout preserves the local ./actions/setup action directory in dev mode, and regenerates workflow lock files to reflect the updated checkout behavior.

Changes:

  • Update activation-job .github/.agents sparse-checkout generation to optionally include actions/setup when ActionMode=dev.
  • Regenerate workflow .lock.yml outputs so activation checkout steps include actions/setup in sparse-checkout.
  • Refresh lock-file hashes to restore cross-lock consistency.

Reviewed changes

Copilot reviewed 178 out of 178 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pkg/workflow/compiler_activation_job.go Adds dev-mode extraPaths to activation sparse-checkout so local ./actions/setup post-steps aren’t broken by later checkouts.
.github/workflows/workflow-skill-extractor.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/workflow-normalizer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/workflow-health-manager.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/workflow-generator.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/weekly-issue-summary.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/weekly-editors-health-check.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/weekly-blog-post-writer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/video-analyzer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/update-astro.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/unbloat-docs.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/ubuntu-image-analyzer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/typist.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/tidy.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/test-workflow.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/test-project-url-default.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/test-dispatcher.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/test-create-pr-error-handling.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/terminal-stylist.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/technical-doc-writer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/super-linter.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/sub-issue-closer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/step-name-alignment.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/static-analysis-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/stale-repo-identifier.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-workflow-call.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-workflow-call-with-inputs.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-update-cross-repo-pr.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-test-tools.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-temporary-id.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-project.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-multi-pr.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-gemini.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-create-cross-repo-pr.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-copilot.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-copilot-arm.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-codex.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-claude.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-call-workflow.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-agent-scoped-approved.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-agent-public-none.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-agent-public-approved.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-agent-all-none.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/smoke-agent-all-merged.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/slide-deck-maintainer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/sergo.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/semantic-function-refactor.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/security-review.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/security-compliance.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/scout.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/schema-feature-coverage.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/schema-consistency-checker.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/safe-output-health.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/research.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/repository-quality-improver.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/repo-tree-map.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/repo-audit-analyzer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/release.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/refiner.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/q.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/python-data-charts.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/prompt-clustering-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/pr-triage-agent.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/pr-nitpick-reviewer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/portfolio-analyst.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/poem-bot.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/plan.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/pdf-summary.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/org-health-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/notion-issue-summary.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/metrics-collector.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/mergefest.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/mcp-inspector.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/lockfile-stats.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/layout-spec-maintainer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/jsweep.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/issue-triage-agent.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/issue-monster.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/issue-arborist.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/instructions-janitor.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/hourly-ci-cleaner.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/grumpy-reviewer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/gpclean.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/go-pattern-detector.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/go-logger.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/go-fan.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/glossary-maintainer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/github-remote-mcp-auth-test.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/github-mcp-tools-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/github-mcp-structural-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/functional-pragmatist.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/firewall.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/firewall-escape.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/example-workflow-analyzer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/example-permissions-warning.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/duplicate-code-detector.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/draft-pr-cleanup.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/docs-noob-tester.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/discussion-task-miner.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/dictation-prompt.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/developer-docs-consolidator.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/dev.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/dev-hawk.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/dependabot-go-checker.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/dependabot-burner.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/delight.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/deep-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/dead-code-remover.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-workflow-updater.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-testify-uber-super-expert.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-team-status.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-team-evolution-insights.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-syntax-error-quality.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-semgrep-scan.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-security-red-team.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-secrets-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-safe-outputs-conformance.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-safe-output-optimizer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-safe-output-integrator.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-repo-chronicle.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-rendering-scripts-verifier.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-regulatory.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-performance-summary.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-observability-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-news.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-multi-device-docs-tester.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-mcp-concurrency-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-malicious-code-scan.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-issues-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-integrity-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-function-namer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-firewall-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-file-diet.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-doc-updater.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-doc-healer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-copilot-token-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-compiler-quality.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-community-attribution.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-code-metrics.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-cli-tools-tester.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-cli-performance.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-choice-test.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-assign-issue-to-user.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/daily-architecture-diagram.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/craft.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/copilot-session-insights.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/copilot-pr-prompt-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/copilot-pr-nlp-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/copilot-pr-merged-report.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/copilot-cli-deep-research.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/copilot-agent-analysis.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/contribution-check.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/constraint-solving-potd.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/commit-changes-analyzer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/codex-github-remote-mcp-test.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/code-simplifier.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/code-scanning-fixer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/cloclo.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/cli-version-checker.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/cli-consistency-checker.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/claude-code-user-docs-review.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/ci-doctor.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/ci-coach.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/changeset.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/breaking-change-checker.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/brave.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/bot-detection.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/blog-auditor.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/auto-triage-issues.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/audit-workflows.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/artifacts-summary.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/archie.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/ai-moderator.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/agentic-observability-kit.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/agent-persona-explorer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/agent-performance-analyzer.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.
.github/workflows/ace-editor.lock.yml Regenerated lock file to include actions/setup in activation sparse-checkout.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

lpcox added a commit that referenced this pull request Mar 28, 2026
@lpcox
@pelikhan
Apply DIFC integrity filtering to the main agent job (post-activation…
8f8f67b 
… only) (#22794)

* Initial plan

* Apply DIFC integrity filtering to pre-agentic activation job steps

Inject DIFC proxy start/stop into buildActivationJob so that all
actions/github-script calls (add_reaction, check_workflow_timestamp,
compute_text, add_workflow_run_comment, lock-issue, remove_trigger_label,
etc.) are routed through integrity filtering when min-integrity is set.

The proxy startup script already sets GITHUB_API_URL, GITHUB_GRAPHQL_URL,
NODE_EXTRA_CA_CERTS, and GH_HOST via $GITHUB_ENV, so no per-step base-url
injection is needed — all subsequent Octokit calls are intercepted automatically.

Condition used: hasDIFCGuardsConfigured (same as indexing job), since the
activation job always makes GitHub API calls via github-script regardless
of custom steps.

Also updates the package comment in compiler_difc_proxy.go and adds
TestDIFCProxyInjectedInActivationJob tests.

Recompiled all 177 workflow lock files.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/dbd57cd2-a5f2-480b-aa12-24198fde2259

* Add warning log when DIFC guard configured but proxy step generation fails

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/dbd57cd2-a5f2-480b-aa12-24198fde2259

* Extend DIFC proxy injection to pre-activation job (on.steps and compiler checks)

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/14d51822-1e33-42dd-a755-9a3c7a18e90a

* Revert DIFC proxy injection from activation and pre-activation jobs per reviewer request

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3f005084-69aa-4fe2-be12-f5979c050b8c

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* [WIP] Fix failing GitHub Actions workflow test (#23145)

* Initial plan

* Fix sparse-checkout missing actions/setup in dev mode for activation job

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/1b83f1ef-faf6-451f-84b2-ffbd0b92867c

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

* fix: restore proxy-tls exclusion from DIFC proxy artifact upload

The proxy-logs/ directory includes proxy-tls/ which contains TLS
private key material generated by the DIFC proxy. Uploading this
directory risks leaking TLS key material into build artifacts and
may cause upload failures if files are root-owned/unreadable.

and update the test to verify both the include and exclusion paths.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: Peli de Halleux <pelikhan@users.noreply.github.com>
Co-authored-by: Landon Cox <landon.cox@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot deleted the copilot/fix-github-actions-workflow-test-one-more-time branch April 2, 2026 21:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lpcox