fix: SHA-pin setup-cli action references in maintenance workflow generation#23146
fix: SHA-pin setup-cli action references in maintenance workflow generation#23146
Conversation
…ration The generateInstallCLISteps function was using mutable version tags (e.g., @v0.64.0) for the setup-cli action instead of SHA-pinned references, inconsistent with other actions in the same workflows. Fix: Add an ActionSHAResolver parameter to generateInstallCLISteps and a resolveActionRef helper that attempts to resolve the SHA when a resolver is available, falling back to tag-based reference when not. Also add a TestGenerateMaintenanceWorkflow_SetupCLISHAPinning test and sub-tests for SHA-pinned setup-cli in release/action modes. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/adf6231f-013f-433f-9f5f-3017ff35b7d8 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes maintenance workflow generation so setup-cli action references are SHA-pinned via the existing ActionSHAResolver mechanism (matching how other actions are pinned), with a tag-based fallback when a resolver isn’t available.
Changes:
- Extend
generateInstallCLIStepsto accept anActionSHAResolverand emit SHA-pinneduses:refs forsetup-cliwhen resolvable. - Add
resolveActionRefhelper to resolverepo@tag→repo@sha # tagwith graceful fallback. - Update maintenance workflow generation call sites and expand tests to cover SHA-pinned output (unit + end-to-end).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pkg/workflow/maintenance_workflow.go | Plumbs resolver into CLI install step generation and adds a helper to produce SHA-pinned uses: refs. |
| pkg/workflow/maintenance_workflow_test.go | Updates existing tests for new function signature and adds coverage for SHA-pinned setup-cli refs (including an end-to-end maintenance workflow assertion). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if err == nil && sha != "" { | ||
| return formatActionReference(actionRepo, sha, tag) | ||
| } | ||
| maintenanceLog.Printf("Failed to resolve SHA for %s@%s: %v, falling back to tag reference", actionRepo, tag, err) |
There was a problem hiding this comment.
resolveActionRef logs a failure even when err is nil (e.g., if an implementation returns an empty SHA with no error), producing confusing messages like "...: ". Consider only logging when err != nil, and separately handling the sha == "" case with a clear message (or skip logging when both are empty and you’re just falling back).
| if err == nil && sha != "" { | |
| return formatActionReference(actionRepo, sha, tag) | |
| } | |
| maintenanceLog.Printf("Failed to resolve SHA for %s@%s: %v, falling back to tag reference", actionRepo, tag, err) | |
| if err != nil { | |
| maintenanceLog.Printf("Failed to resolve SHA for %s@%s: %v, falling back to tag reference", actionRepo, tag, err) | |
| } else if sha != "" { | |
| return formatActionReference(actionRepo, sha, tag) | |
| } else { | |
| maintenanceLog.Printf("Resolver returned empty SHA for %s@%s with no error; falling back to tag reference", actionRepo, tag) | |
| } |
| t.Run("release mode with resolver SHA-pins setup-cli in run_operation", func(t *testing.T) { | ||
| tmpDir := t.TempDir() | ||
| cache := NewActionCache(tmpDir) | ||
| cache.Set("github/gh-aw/actions/setup-cli", "v1.0.0", setupCLISHA) |
There was a problem hiding this comment.
TestGenerateMaintenanceWorkflow_SetupCLISHAPinning constructs a real ActionResolver but only seeds the cache for setup-cli. Since GenerateMaintenanceWorkflow also calls ResolveSetupActionReference(..., resolver), this test can trigger a cache miss and attempt a real gh api call for github/gh-aw/actions/setup@v1.0.0, making the unit test non-hermetic/flaky in offline environments. Seed the cache for the setup action too, or use a lightweight fake ActionSHAResolver implementation that only resolves the refs under test and returns an error otherwise (without shelling out).
| cache.Set("github/gh-aw/actions/setup-cli", "v1.0.0", setupCLISHA) | |
| cache.Set("github/gh-aw/actions/setup-cli", "v1.0.0", setupCLISHA) | |
| cache.Set("github/gh-aw/actions/setup", "v1.0.0", "dddddddddddddddddddddddddddddddddddddddd") |
|
@copilot review comments |
- resolveActionRef: log only on actual error, not on empty-SHA-no-error case - TestGenerateMaintenanceWorkflow_SetupCLISHAPinning: seed setup action cache entry to prevent real gh api calls (hermetic test) Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3e259f0b-9912-4006-bc44-d891d2943a39 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Addressed both reviewer points in 4e3d3fb:
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
generateInstallCLIStepswas buildinguses:references forsetup-cliby concatenating the version tag directly (e.g.,github/gh-aw-actions/setup-cli@v0.64.0), bypassing theActionSHAResolverinfrastructure used by every other action in the same generated workflow.Changes
generateInstallCLISteps: Addedresolver ActionSHAResolverparameter; constructs SHA-pinned references via a newresolveActionRefhelper when a resolver is available, falls back to tag-based reference otherwiseresolveActionRef(new helper): Thin wrapper aroundresolver.ResolveSHA+formatActionReference, with graceful fallback torepo@tagGenerateMaintenanceWorkflow: BothgenerateInstallCLIStepscalls now pass theresolveralready in scopenilresolver; added sub-tests for SHA-pinned output in release and action modes; addedTestGenerateMaintenanceWorkflow_SetupCLISHAPinningfor end-to-end verificationWhen a resolver is present (the normal compilation path), the output changes from:
to:
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linu12345 /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git git conf�� user.email test@example.com /usr/bin/git --show-toplevel git /usr/bin/git git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel /usr/bin/git /usr/bin/infocmp--show-toplevel git(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/link /usr/bin/git 9671231/b435/repgit GO111MODULE(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git init�� GOMODCACHE go /usr/bin/git -json GO111MODULE -d /usr/bin/git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse inPathSetup_Goro--show-toplevel git rev-�� runs/20260326-171326-57491/test-1514857629 git /usr/bin/git --show-toplevel git /usr/bin/git git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /usr/bin/git git /opt/hostedtoolcache/node/24.14.0/x64/bin/node /ref/tags/v8 git /usr/bin/git node js/f�� /usr/bin/git git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git node(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel go ache/node/24.14.0/x64/bin/node heck '**/*.cjs' git GO111MODULE 64/bin/go git t-18�� bility_SameInputSameOutput167853007/001/stability-test.md go /usr/bin/git ck 'scripts/**/*git GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git /usr/bin/git tOrdering3305164git go /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linutest-branch(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/bin/git git cjs --show-toplevel git ache/node/24.14.0/x64/bin/node .github/workflowgit git /usr/bin/git git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha list --json /usr/bin/git --workflow nonexistent-workrev-parse --limit git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git ser.test GO111MODULE ortcfg.link git rev-�� --show-toplevel 9JjkZ4Vz-cuO-00gQd/-0rt3pu2pBJGO4kGKrOh/cOGfk7t5x_UusdPUkj4Z /usr/bin/git -json GO111MODULE g_.a git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript554297720/001/test-frontmatter-with-arrays.md sh /usr/bin/git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha ts.result -trimpath /usr/bin/git -p main -lang=go1.25 git add .github/workflows/test.md -dwarf=false /usr/bin/git go1.25.0 -c=4 -nolocalimports git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel go /usr/bin/git /ref/tags/v8 GO111MODULE bin/bash git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --c--log-target GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --check '**/*.cjs' GOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/TestHashStability_SameInputSameOutput167853007/001/stability-test.md sh /usr/bin/git "prettier" --chegit GOPROXY 64/bin/go git rev-�� --show-toplevel sort /usr/bin/git -t: -k 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git -C /tmp/compile-all-instructions-test-3622326880/.github/workflows rev-parse /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/infocmp--show-toplevel node(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/go-build3959671231/b450/timeutil.test -importcfg /usr/bin/git -s -w -buildmode=exe git add .github/workflows/test.md -extld=gcc /usr/bin/git GOMODCACHE node 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/gh-aw-test-runs/20260326-171326-57491/test-580059236/.github/workflows rev-parse /usr/bin/git --show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git 86_64/node node(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /usr/bin/git GOINSECURE GOMOD GOMODCACHE git rev-�� --show-toplevel GOPROXY /usr/bin/tail GOSUMDB GOWORK 64/bin/go tail(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha Onlymin-integrity_with_repos=public_3204135399/001 git ache/go/1.25.0/x64/pkg/tool/linux_amd64/link --show-toplevel go /usr/bin/git ache/go/1.25.0/x64/pkg/tool/linux_amd64/link rev-�� 6535576/b365/workflow.test git 6535576/b365/importcfg.link --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git cLIjYFyYA6pQQ/beIaEQjjgIY2xjhY9pGN/5gNT_Qo-aoHrIjG4U_rl/z61WcDlcLIjYFyYA6pQQ(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git 0/x64/bin/node --get remote.origin.urrev-parse /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel infocmp /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -bool -buildtags(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha /tmp/gh-aw-test-runs/20260326-171326-57491/test-3909252138/.github/workflows config /usr/bin/git remote.origin.urgit 4vdN3eqAa1K0H/u1rev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel bash /usr/bin/git git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� nt/action/git/ref/tags/v999.999.999 git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel git /usr/bin/git node(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE g_.a GOINSECURE GOMOD GOMODCACHE git rev-�� --show-toplevel l ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOSUMDB GOWORK 64/bin/go ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� nt/action/git/ref/tags/v999.999.999 git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git 0/x64/bin/node add origin /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 1020-52533/test-3457757044 GO111MODULE 9671231/b316/vet.cfg GOINSECURE GOMOD GOMODCACHE git ortc�� k/gh-aw/gh-aw/.github/workflows stmain.go ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOSUMDB GOWORK 64/bin/go ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha CommaSeparatedCompiledOutput2455972849/001 git At,event,headBranch,headSha,displayTitle --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git 0/x64/bin/node user.name Test User /usr/bin/git git rev-�� --show-toplevel git 0/x64/bin/node --show-toplevel git /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE ef/N6GE9dzJuLpfUe9tz4e_/ThKvzodBlPIPkS6j74YO(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 git /usr/bin/git --show-toplevel pH78pxo8-NPqVdeSrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/link teInstallCLIStepgit GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE HC/wPHmRHH07drGoremote.origin.url(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go estl�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 git /usr/bin/git --show-toplevel go /usr/bin/git git rev-�� -aw/git/ref/tags/v1.0.0 PATH"; [ -n "$GOROOT" ] && expo /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 git(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path e=false GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE sh -c "prettier" --check '**/*.cjs' '*GOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /usr/lib/php/sesconfig(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha logs/user.env(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD ode-gyp-bin/node-json go env ck 'scripts/**/*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ck 'scripts/**/*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE erignore env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti--show-toplevel pidof(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git /usr/bin/git /tmp/TestGuardPogit rev-parse /tmp/go-build395/tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_only_defaults_repo1560058913/001 git rev-�� --show-toplevel /tmp/go-build3959671231/b431/parser.test /usr/bin/git -test.paniconexigit l ache/node/24.14.--show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_explicit_repo2412922210/0remote.origin.url find(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha Y3uC/65p595wDCDXy2q0kY3uC GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE jG4U_rl/N4Fe_8Kq-buildtags /hom�� k/gh-aw/gh-aw/pk-errorsas k/gh-aw/gh-aw/pk-ifaceassert 12d96df4ae1965ee-nilfunc **/*.json --ignore-path ../../../.pretti/tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_repos_array_c1431036125/001 /opt/hostedtoolcrev-parse(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE x_UusdPUkj4Z /opt�� prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_repos=public_2877690846/001 find(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --get remote.origin.urrev-parse /usr/bin/git git rev-�� --show-toplevel bf770bea22830570207a4d83..HEAD /opt/hostedtoolcache/go/1.25.0/x64/bin/node user.email test@example.comrev-parse /opt/hostedtoolc--show-toplevel node(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithout_min-integrity1757594258/001 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 9671231/b427/_pkgit GO111MODULE 9671231/b427=> git rev-�� --show-toplevel git /usr/bin/git runs/20260326-17git GOPROXY /opt/hostedtoolc--show-toplevel git(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel git bin/node 1514857629 git /usr/bin/git git ache�� --show-toplevel nly /usr/bin/git licyBlockedUsersnode git /usr/bin/git git(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env 2195792930/.github/workflows GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env T_jV/BMq5cUleXrTGOSUMDB GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 781272/b410/importcfg(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo ACCEPT ry=1 GO111MODULE g_.a git rev-�� --show-toplevel git(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build3959671231/b403/cli.test /tmp/go-build3959671231/b403/cli.test -test.testlogfile=/tmp/go-build3959671231/b403/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE npm(http block)/tmp/go-build3806535576/b377/cli.test /tmp/go-build3806535576/b377/cli.test -test.paniconexit0 -test.timeout=10m0s -test.count=1 rev-�� --show-toplevel 1f-RA1IlxQwjfc586n/cLzQgjXlIjxIo_QUvJx9/eZ420Er5-dwarf=false /usr/bin/git /ref/tags/v8 GO111MODULE g_.a git rev-�� --show-toplevel w|TestGetCLICmdPrefix /usr/bin/git licyBlockedUsersgit GOPROXY ache/node/24.14.--show-toplevel git(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel x_amd64/vet /usr/bin/git 9671231/b435/_pkgit GO111MODULE 9671231/b435=> git rev-�� --show-toplevel git /usr/bin/git runs/20260326-17git GOPROXY /home/REDACTED/.lo--show-toplevel git(http block)If you need me to access, download, or install something from one of these locations, you can either:
📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.