diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 5cbdf1c1e96..69c62b49268 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -352,10 +352,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -821,6 +826,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1276,6 +1286,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 14ab6961687..02422a661ac 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -350,10 +350,15 @@ jobs: - name: Cache cache-memory file share data uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: spam-tracking-${{ github.repository_owner }}-${{ github.run_id }} + key: memory-none-nopolicy-spam-tracking-${{ github.repository_owner }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - spam-tracking-${{ github.repository_owner }}- + memory-none-nopolicy-spam-tracking-${{ github.repository_owner }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Checkout PR branch id: checkout-pr if: | @@ -773,6 +778,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Validate cache-memory file types if: always() uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index ff363f67195..b052f9939d0 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -396,10 +396,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - trending-data-${{ github.workflow }}- + memory-none-nopolicy-trending-data-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -952,6 +957,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1492,7 +1502,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 3a2395db101..1333ad6820b 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -369,10 +369,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -804,6 +809,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1279,6 +1289,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index ee722dce73d..3edcb82beed 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -413,10 +413,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -942,6 +947,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1432,6 +1442,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index 6289d64adc5..63c7517826c 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -319,10 +319,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -796,6 +801,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1238,6 +1248,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index d666e6c15a3..6cf14f6b258 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -323,10 +323,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -808,6 +813,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1243,6 +1253,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 9d49b69408d..9e5799b708d 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -502,10 +502,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: cloclo-memory-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-cloclo-memory-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - cloclo-memory-${{ github.workflow }}- + memory-none-nopolicy-cloclo-memory-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1147,6 +1152,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1699,6 +1709,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: cloclo-memory-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-cloclo-memory-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index b41011cf7fa..5a537927cb8 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -318,10 +318,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (campaigns) env: @@ -792,6 +797,11 @@ jobs: path: /tmp/gh-aw/repo-memory/campaigns retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1394,6 +1404,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index 0484d69af27..cb0405f152f 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -305,10 +305,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -717,6 +722,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1139,6 +1149,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 1b5e9a9b213..8840b647a29 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -350,10 +350,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - copilot-pr-data- + memory-none-nopolicy-copilot-pr-data- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -846,6 +851,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1371,6 +1381,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 3ada39c0320..6359f23235d 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -336,10 +336,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - copilot-pr-data- + memory-none-nopolicy-copilot-pr-data- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -891,6 +896,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1315,6 +1325,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index bd85cde4e53..5b543ed5bd8 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -385,10 +385,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - copilot-pr-data- + memory-none-nopolicy-copilot-pr-data- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -845,6 +850,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1366,7 +1376,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index f7216d65735..b0564ac351e 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -347,10 +347,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - copilot-pr-data- + memory-none-nopolicy-copilot-pr-data- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -791,6 +796,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1302,6 +1312,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: copilot-pr-data-${{ github.run_id }} + key: memory-none-nopolicy-copilot-pr-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 6f5ef5b39c6..56e7fe38c1d 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -387,10 +387,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -899,6 +904,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1434,7 +1444,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index fe68fe38537..206533355b2 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -313,10 +313,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -782,6 +787,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1253,6 +1263,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 8764a9e4fcc..f72a397dd83 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -361,10 +361,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -873,6 +878,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1413,7 +1423,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index b2045e9b833..69de24689f5 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -350,10 +350,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -825,6 +830,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1253,6 +1263,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index b48c961ad0f..7a3f19c2444 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -389,10 +389,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -849,6 +854,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1375,7 +1385,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index ec39f200bde..8d4a367bd26 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -340,10 +340,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -942,6 +947,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1522,6 +1532,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 8d093b4316a..1a001a99659 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -336,10 +336,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -905,6 +910,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1464,6 +1474,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 6f2f01ec7ef..12f0ad45496 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -378,10 +378,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - trending-data-${{ github.workflow }}- + memory-none-nopolicy-trending-data-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -863,6 +868,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1301,7 +1311,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index b7b7d9e3393..358d1a06c68 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -355,10 +355,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -865,6 +870,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1305,6 +1315,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-integrity-analysis.lock.yml b/.github/workflows/daily-integrity-analysis.lock.yml index 86256fad93b..dfd1fd7aeeb 100644 --- a/.github/workflows/daily-integrity-analysis.lock.yml +++ b/.github/workflows/daily-integrity-analysis.lock.yml @@ -383,10 +383,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -868,6 +873,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1306,7 +1316,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 1703c69fcd2..4761812b712 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -386,10 +386,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: approved + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -860,6 +865,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1331,7 +1341,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 625f8ad829b..2d99274243e 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -349,10 +349,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -848,6 +853,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1288,6 +1298,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 3a0199c0b11..5107ec7695b 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -434,10 +434,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -917,6 +922,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1443,7 +1453,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index d787de10296..9c8315ac555 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -352,10 +352,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - trending-data-${{ github.workflow }}- + memory-none-nopolicy-trending-data-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1304,6 +1309,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1743,7 +1753,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index cef088b789a..ec6abe441da 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -360,10 +360,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -920,6 +925,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1454,6 +1464,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 517f2f636a1..7ff4b022fe9 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -344,10 +344,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -785,6 +790,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1223,7 +1233,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 910f26ca929..8fc90081be6 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -371,10 +371,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -913,6 +918,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1393,6 +1403,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index 170c70cbb86..54a2cf94a9a 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -334,10 +334,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -769,6 +774,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1283,6 +1293,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 3ed6fbb8dde..9c2310cc1b5 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -391,10 +391,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: weekly-issues-data-${{ github.run_id }} + key: memory-none-nopolicy-weekly-issues-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - weekly-issues-data- + memory-none-nopolicy-weekly-issues-data- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -943,6 +948,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1470,7 +1480,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: weekly-issues-data-${{ github.run_id }} + key: memory-none-nopolicy-weekly-issues-data-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 1bbaf6a5fb2..260a25e9ed0 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -390,10 +390,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: developer-docs-cache-${{ github.run_id }} + key: memory-none-nopolicy-developer-docs-cache-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - developer-docs-cache- + memory-none-nopolicy-developer-docs-cache- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone wiki-memory branch (default) env: @@ -1030,6 +1035,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1675,6 +1685,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: developer-docs-cache-${{ github.run_id }} + key: memory-none-nopolicy-developer-docs-cache-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 5b2ea128985..067c12788f0 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -342,10 +342,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone repo-memory branch (default) env: @@ -786,6 +791,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1375,6 +1385,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 7a05c3e07bd..64f6e00c186 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -347,10 +347,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -840,6 +845,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1287,7 +1297,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 63675461ae2..30b19714a52 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -321,10 +321,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -835,6 +840,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1322,6 +1332,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 21c9bfca06e..b36a32f0ebb 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -404,10 +404,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone wiki-memory branch (default) env: @@ -942,6 +947,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1569,6 +1579,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index 921eea7f7bd..e6d616207f5 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -355,10 +355,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -876,6 +881,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1318,6 +1328,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index 6882d4ddee3..b5c78721889 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -333,10 +333,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -998,6 +1003,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1482,6 +1492,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index 0f4eb8b9885..471a875bcb7 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -322,10 +322,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -754,6 +759,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1175,6 +1185,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index d98c028bab4..11f9dda5072 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -374,10 +374,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: approved + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -831,6 +836,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1316,6 +1326,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index d489adbe6ea..71959bd84a2 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -310,10 +310,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -820,6 +825,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1303,6 +1313,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 4f4983ccda6..e0a09db0741 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -361,10 +361,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -825,6 +830,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1300,6 +1310,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 0ac4e7fa403..1c876abcb53 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -315,10 +315,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -792,6 +797,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1229,6 +1239,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index a1ac30e2199..6ae854d83c6 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -453,10 +453,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1285,6 +1290,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1987,6 +1997,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 5e2f917e354..5d4b85f1527 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -352,10 +352,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: approved + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -789,6 +794,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1224,7 +1234,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 1a227ecb391..318911d9bd0 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -402,10 +402,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -861,6 +866,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1353,6 +1363,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 29422e6853b..f417d74ff2f 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -393,10 +393,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: poem-memory-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-poem-memory-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - poem-memory-${{ github.workflow }}- + memory-none-nopolicy-poem-memory-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1137,6 +1142,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1665,7 +1675,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: poem-memory-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-poem-memory-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index b092de271e6..46b316f0cf7 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -389,10 +389,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - trending-data-${{ github.workflow }}- + memory-none-nopolicy-trending-data-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -874,6 +879,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1312,7 +1322,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 00906150ca8..2cb7e41980c 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -377,10 +377,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -860,6 +865,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1350,6 +1360,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index ad6a95f6701..c80ea6c92fd 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -414,10 +414,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - trending-data-${{ github.workflow }}- + memory-none-nopolicy-trending-data-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -934,6 +939,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1371,6 +1381,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 803243c5562..670af2b6e98 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -377,10 +377,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -862,6 +867,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1295,7 +1305,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 827525d26f1..fe1c15c8bec 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -472,10 +472,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-50c605b3-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-50c605b3-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1016,6 +1021,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1556,6 +1566,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-50c605b3-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index 2220e488d01..6dd1a0be4a1 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -321,10 +321,15 @@ jobs: - name: Restore cache-memory file share data (repo-audits) uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: repo-audits-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-repo-audits-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory-repo-audits restore-keys: | - repo-audits-${{ github.workflow }}- + memory-none-nopolicy-repo-audits-${{ github.workflow }}- + - name: Set up cache-memory git repository (repo-audits) + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory-repo-audits + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -746,6 +751,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes (repo-audits) + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory-repo-audits + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact (repo-audits) uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1171,6 +1181,6 @@ jobs: if: steps.check_cache_repo_audits.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: repo-audits-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-repo-audits-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory-repo-audits diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 1d3d37ca89f..10a7a0e677a 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -356,10 +356,15 @@ jobs: - name: Restore cache-memory file share data (focus-areas) uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: quality-focus-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-quality-focus-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory-focus-areas restore-keys: | - quality-focus-${{ github.workflow }}- + memory-none-nopolicy-quality-focus-${{ github.workflow }}- + - name: Set up cache-memory git repository (focus-areas) + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory-focus-areas + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -810,6 +815,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes (focus-areas) + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory-focus-areas + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact (focus-areas) uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1233,6 +1243,6 @@ jobs: if: steps.check_cache_focus_areas.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: quality-focus-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-quality-focus-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory-focus-areas diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 7eceef8327c..c26e65c3f13 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -362,10 +362,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -897,6 +902,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1334,6 +1344,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 696dc75d778..4e2396b0216 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -315,10 +315,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: schema-consistency-cache-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-schema-consistency-cache-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - schema-consistency-cache-${{ github.workflow }}- + memory-none-nopolicy-schema-consistency-cache-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -792,6 +797,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1229,6 +1239,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: schema-consistency-cache-${{ github.workflow }}-${{ github.run_id }} + key: memory-none-nopolicy-schema-consistency-cache-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 135e06c9441..25be8c2e955 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -450,10 +450,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-7de1019e-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-7de1019e-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1038,6 +1043,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1544,6 +1554,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-7de1019e-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 5d121ffdea9..86facdb3626 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -406,10 +406,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -906,6 +911,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1390,6 +1400,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 6879f6fec6c..371d89f1d7e 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -356,10 +356,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -876,6 +881,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1318,6 +1328,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 4b1421f3d93..ac17aec4f6b 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -349,10 +349,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -839,6 +844,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1359,6 +1369,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 1141a068a15..2d0b3b0d491 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -819,10 +819,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -2260,6 +2265,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -2817,6 +2827,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 1dcf06c80aa..218e95ff19f 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -447,10 +447,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1322,6 +1327,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1887,6 +1897,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 912bd601362..420a227bd6a 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -458,10 +458,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1688,6 +1693,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -2217,6 +2227,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 6023b1f7c17..79771ef9514 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -465,10 +465,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1736,6 +1741,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -2263,6 +2273,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index acedb815811..001bc4fb670 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -375,10 +375,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -973,6 +978,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1468,6 +1478,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index c0d54141bea..eeee9cdf135 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -366,10 +366,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -838,6 +843,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1357,6 +1367,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 7837dffa193..2f7d4f07f6e 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -411,10 +411,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-approved-0072b676-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - trending-data-${{ github.workflow }}- + memory-approved-0072b676-trending-data-${{ github.workflow }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: approved + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -859,6 +864,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1294,7 +1304,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: trending-data-${{ github.workflow }}-${{ github.run_id }} + key: memory-approved-0072b676-trending-data-${{ github.workflow }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 71d2225cce7..65f12de8bb8 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -354,10 +354,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -875,6 +880,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1312,6 +1322,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index 24ad5ba5814..7602ca14f70 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -307,10 +307,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -808,6 +813,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1243,6 +1253,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 005ee99d5b4..628d54cc01c 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -330,10 +330,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -762,6 +767,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1239,6 +1249,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 316f4c48e11..2404d471100 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -390,10 +390,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh # Repo memory git-based storage configuration from frontmatter processed below - name: Clone wiki-memory branch (default) env: @@ -934,6 +939,11 @@ jobs: path: /tmp/gh-aw/repo-memory/default retention-days: 1 if-no-files-found: ignore + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1577,7 +1587,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index 557c758c44f..3e9c29a81a3 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -305,10 +305,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -792,6 +797,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1275,6 +1285,6 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 16fd04374f8..a4504f0b3f3 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -415,10 +415,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: none + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -1080,6 +1085,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1712,7 +1722,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 8ab09e63978..98ed69c6fc2 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -346,10 +346,15 @@ jobs: - name: Restore cache-memory file share data uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory restore-keys: | - memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + - name: Set up cache-memory git repository + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + GH_AW_MIN_INTEGRITY: approved + run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh - name: Configure Git credentials env: REPO_NAME: ${{ github.repository }} @@ -769,6 +774,11 @@ jobs: if [ ! -f /tmp/gh-aw/agent_output.json ]; then echo '{"items":[]}' > /tmp/gh-aw/agent_output.json fi + - name: Commit cache-memory changes + if: always() + env: + GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory + run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh - name: Upload cache-memory data as artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() @@ -1208,7 +1218,7 @@ jobs: if: steps.check_cache_default.outputs.has_content == 'true' uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: - key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} + key: memory-approved-0072b676-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} path: /tmp/gh-aw/cache-memory upload_assets: diff --git a/Makefile b/Makefile index 61bd74195df..d9dd91b5a6d 100644 --- a/Makefile +++ b/Makefile @@ -485,7 +485,7 @@ patch-github-actions-schema: golint: @GOPATH=$$(go env GOPATH); \ if command -v golangci-lint >/dev/null 2>&1 || [ -x "$$GOPATH/bin/golangci-lint" ]; then \ - PATH="$$GOPATH/bin:$$PATH" golangci-lint run; \ + PATH="$$GOPATH/bin:$$PATH" golangci-lint run ./cmd/... ./pkg/...; \ else \ echo "golangci-lint is not installed. Run 'make deps-dev' to install dependencies."; \ exit 1; \ @@ -510,7 +510,7 @@ golint-incremental: fi @echo "Running incremental lint against $(BASE_REF)..." @GOPATH=$$(go env GOPATH); \ - PATH="$$GOPATH/bin:$$PATH" golangci-lint run --new-from-rev=$(BASE_REF) + PATH="$$GOPATH/bin:$$PATH" golangci-lint run --new-from-rev=$(BASE_REF) ./cmd/... ./pkg/... # Validate compiled workflow lock files using Docker-based actionlint # Uses the same Docker integration as 'make actionlint' diff --git a/actions/setup/js/validate_memory_files.cjs b/actions/setup/js/validate_memory_files.cjs index 1aca384cbbd..43457ce0557 100644 --- a/actions/setup/js/validate_memory_files.cjs +++ b/actions/setup/js/validate_memory_files.cjs @@ -48,6 +48,11 @@ function validateMemoryFiles(memoryDir, memoryType = "cache", allowedExtensions) const relativeFilePath = relativePath ? path.join(relativePath, entry.name) : entry.name; if (entry.isDirectory()) { + // Skip .git directory — it is git metadata used for integrity branching + // and contains files with no extension (e.g. HEAD, ORIG_HEAD, packed-refs). + if (entry.name === ".git") { + continue; + } scanDirectory(fullPath, relativeFilePath); } else if (entry.isFile()) { const ext = path.extname(entry.name).toLowerCase(); diff --git a/actions/setup/sh/commit_cache_memory_git.sh b/actions/setup/sh/commit_cache_memory_git.sh new file mode 100644 index 00000000000..9764ddb0b18 --- /dev/null +++ b/actions/setup/sh/commit_cache_memory_git.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# commit_cache_memory_git.sh +# Post-agent git commit for integrity-aware cache-memory. +# +# This script is run AFTER the agent executes and BEFORE the cache is saved. +# It commits all agent-written changes to the current integrity branch so that +# the git history accurately reflects which run wrote which data. +# +# Required environment variables: +# GH_AW_CACHE_DIR: Path to the cache-memory directory (e.g. /tmp/gh-aw/cache-memory) +# GITHUB_RUN_ID: GitHub Actions run ID (used as commit message) + +set -euo pipefail + +CACHE_DIR="${GH_AW_CACHE_DIR:-/tmp/gh-aw/cache-memory}" +RUN_ID="${GITHUB_RUN_ID:-unknown}" + +if [ ! -d "$CACHE_DIR/.git" ]; then + echo "No git repository found at $CACHE_DIR — skipping git commit" + exit 0 +fi + +cd "$CACHE_DIR" + +git config user.email "gh-aw@github.com" +git config user.name "gh-aw" + +# Stage all changes (new files, modifications, deletions) +git add -A + +# Commit on the current integrity branch; allow empty commits in case +# the agent made no changes (idempotent). +if git commit --allow-empty -m "run-${RUN_ID}" -q 2>/tmp/gh-aw-commit-err; then + echo "Cache memory git commit complete (run: $RUN_ID)" +else + # Distinguish "nothing to commit" (benign) from real errors + if grep -qiE "nothing to commit|nothing added" /tmp/gh-aw-commit-err 2>/dev/null; then + echo "Cache memory git: nothing to commit (run: $RUN_ID)" + else + echo "Warning: git commit encountered an issue:" >&2 + cat /tmp/gh-aw-commit-err >&2 + fi +fi + +# Keep the repo small: pack loose objects and prune unreachable ones. +git gc --auto -q 2>/dev/null || true + +echo "Cache memory git post-agent complete (run: $RUN_ID)" diff --git a/actions/setup/sh/setup_cache_memory_git.sh b/actions/setup/sh/setup_cache_memory_git.sh new file mode 100644 index 00000000000..34d94ffadba --- /dev/null +++ b/actions/setup/sh/setup_cache_memory_git.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# setup_cache_memory_git.sh +# Pre-agent git setup for integrity-aware cache-memory. +# +# This script is run AFTER the cache is restored and BEFORE the agent executes. +# It ensures the cache directory contains a git repository with integrity branches +# and checks out the correct branch for the current run's integrity level. +# +# Required environment variables: +# GH_AW_CACHE_DIR: Path to the cache-memory directory (e.g. /tmp/gh-aw/cache-memory) +# GH_AW_MIN_INTEGRITY: Integrity level for this run (merged|approved|unapproved|none) + +set -euo pipefail + +CACHE_DIR="${GH_AW_CACHE_DIR:-/tmp/gh-aw/cache-memory}" +INTEGRITY="${GH_AW_MIN_INTEGRITY:-none}" + +# All integrity levels in descending order (highest first) +LEVELS=("merged" "approved" "unapproved" "none") + +mkdir -p "$CACHE_DIR" +cd "$CACHE_DIR" + +# --- Format detection & migration --- +if [ ! -d .git ]; then + # No git repo yet — either a fresh cache or a legacy flat-file cache. + # Initialize a git repository and import existing files onto the merged branch, + # then create all integrity branches from the same baseline. + git init -b merged -q + git config user.email "gh-aw@github.com" + git config user.name "gh-aw" + git add -A + git commit --allow-empty -m "initial" -q + + # Create all integrity branches from the same baseline + for level in "${LEVELS[@]}"; do + if [ "$level" != "merged" ]; then + git branch "$level" 2>/dev/null || true + fi + done + + echo "Cache memory git repository initialized with branches: ${LEVELS[*]}" +fi + +# --- Checkout current integrity branch --- +# Use -q to suppress "Switched to branch" noise +git checkout -q "$INTEGRITY" + +# --- Merge down from higher-integrity branches --- +# Read semantics: lower-integrity runs see higher-integrity data via merge, +# but higher-integrity runs never see lower-integrity data. +# -X theirs: higher-integrity branch wins conflicts. +for level in "${LEVELS[@]}"; do + if [ "$level" = "$INTEGRITY" ]; then + break + fi + # Merge higher-integrity branch into the current branch + if git merge "$level" -X theirs --no-edit -m "merge-from-$level" -q 2>/tmp/gh-aw-merge-err; then + echo "Merged integrity branch '$level' into '$INTEGRITY'" + else + merge_exit=$? + # Abort the merge to restore a clean working tree, then hard-reset to the + # pre-merge state so the agent always starts from a consistent, usable tree. + git merge --abort 2>/dev/null || git reset --hard HEAD 2>/dev/null || true + # Ignore "already up-to-date" and "nothing to merge" — fail fast on real errors + if grep -qiE "already up.to.date|nothing to merge|nothing to commit" /tmp/gh-aw-merge-err 2>/dev/null; then + echo "Nothing to merge from '$level' into '$INTEGRITY' (already up-to-date)" + else + echo "ERROR: merge from '$level' into '$INTEGRITY' failed (exit $merge_exit):" >&2 + cat /tmp/gh-aw-merge-err >&2 + exit "$merge_exit" + fi + fi +done + +echo "Cache memory git setup complete (integrity: $INTEGRITY)" diff --git a/pkg/workflow/cache.go b/pkg/workflow/cache.go index fb54151be1d..39c86f1f25e 100644 --- a/pkg/workflow/cache.go +++ b/pkg/workflow/cache.go @@ -34,8 +34,10 @@ type CacheMemoryEntry struct { AllowedExtensions []string `yaml:"allowed-extensions,omitempty"` // allowed file extensions (default: [".json", ".jsonl", ".txt", ".md", ".csv"]) } -// generateDefaultCacheKey generates a default cache key for a given cache ID -// Uses GH_AW_WORKFLOW_ID_SANITIZED (workflow ID with hyphens removed) instead of github.workflow +// generateDefaultCacheKey generates a default cache key for a given cache ID. +// Uses the legacy format (without integrity prefix) for backward compatibility when +// computing keys during initial entry parsing. The final key used in generated steps +// is produced by computeIntegrityCacheKey, which includes integrity level and policy hash. func generateDefaultCacheKey(cacheID string) string { if cacheID == "default" { return "memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}" @@ -43,6 +45,40 @@ func generateDefaultCacheKey(cacheID string) string { return fmt.Sprintf("memory-%s-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", cacheID) } +// computeIntegrityCacheKey returns the effective cache key for a cache entry, incorporating +// the integrity level and policy hash prefix. The key always starts with +// "memory-{integrityLevel}-{policyHash}-" to ensure cache isolation across integrity levels +// and guard policies, even when the user has specified a custom key suffix. +// +// When no custom key is set the full key is: +// +// memory-{integrityLevel}-{policyHash}-[{cacheID}-]{workflowID}-{runID} +// +// When a custom key is set, it is used as the suffix: +// +// memory-{integrityLevel}-{policyHash}-{customKey}-{runID} +// +// githubConfig may be nil for workflows without a GitHub guard policy, in which case the +// sentinel value "nopolicy" and the default integrity level "none" are used. +func computeIntegrityCacheKey(cache CacheMemoryEntry, githubConfig *GitHubToolConfig) string { + integrityLevel := cacheIntegrityLevel(githubConfig) + policyHash := computePolicyHash(githubConfig) + integrityPrefix := fmt.Sprintf("memory-%s-%s-", integrityLevel, policyHash) + + // If a custom key was explicitly set, prefix it with the integrity/policy namespace + // to prevent cross-integrity or cross-policy cache sharing. + if cache.Key != "" && cache.Key != generateDefaultCacheKey(cache.ID) { + customKey := cache.Key + runIdSuffix := "-${{ github.run_id }}" + if !strings.HasSuffix(customKey, runIdSuffix) { + customKey = customKey + runIdSuffix + } + return integrityPrefix + customKey + } + + return generateIntegrityAwareCacheKey(cache.ID, integrityLevel, policyHash) +} + // parseCacheMemoryEntry parses a single cache-memory entry from a map func parseCacheMemoryEntry(cacheMap map[string]any, defaultID string) (CacheMemoryEntry, error) { cacheLog.Printf("Parsing cache-memory entry: defaultID=%s", defaultID) @@ -336,9 +372,9 @@ func generateCacheSteps(builder *strings.Builder, data *WorkflowData, verbose bo } } -// generateCacheMemorySteps generates cache setup steps (directory creation and restore) for the cache-memory configuration -// Cache-memory provides a simple file share that LLMs can read/write freely -// Artifact upload is handled separately by generateCacheMemoryArtifactUpload after agent execution +// generateCacheMemorySteps generates cache setup steps (directory creation, restore, and git init) for the cache-memory configuration. +// Cache-memory provides a simple file share that LLMs can read/write freely. +// Artifact upload is handled separately by generateCacheMemoryArtifactUpload after agent execution. func generateCacheMemorySteps(builder *strings.Builder, data *WorkflowData) { if data.CacheMemoryConfig == nil || len(data.CacheMemoryConfig.Caches) == 0 { return @@ -352,6 +388,13 @@ func generateCacheMemorySteps(builder *strings.Builder, data *WorkflowData) { // This maintains compatibility with existing workflows useBackwardCompatiblePaths := len(data.CacheMemoryConfig.Caches) == 1 && data.CacheMemoryConfig.Caches[0].ID == "default" + // Extract GitHub guard policy for integrity-aware cache key generation. + var githubConfig *GitHubToolConfig + if data.ParsedTools != nil { + githubConfig = data.ParsedTools.GitHub + } + integrityLevel := cacheIntegrityLevel(githubConfig) + for _, cache := range data.CacheMemoryConfig.Caches { // Default cache uses /tmp/gh-aw/cache-memory/ for backward compatibility // Other caches use /tmp/gh-aw/cache-memory-{id}/ to prevent overlaps @@ -373,16 +416,11 @@ func generateCacheMemorySteps(builder *strings.Builder, data *WorkflowData) { fmt.Fprintf(builder, " mkdir -p %s\n", cacheDir) } - cacheKey := cache.Key - if cacheKey == "" { - if useBackwardCompatiblePaths { - cacheKey = "memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}" - } else { - cacheKey = fmt.Sprintf("memory-%s-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", cache.ID) - } - } + // Use integrity-aware cache key (includes integrity level + policy hash prefix). + cacheKey := computeIntegrityCacheKey(cache, githubConfig) - // Automatically append -${{ github.run_id }} if the key doesn't already end with it + // Ensure run_id suffix is present (computeIntegrityCacheKey guarantees this, + // but we check again for clarity and safety). runIdSuffix := "-${{ github.run_id }}" if !strings.HasSuffix(cacheKey, runIdSuffix) { cacheKey = cacheKey + runIdSuffix @@ -419,7 +457,7 @@ func generateCacheMemorySteps(builder *strings.Builder, data *WorkflowData) { // This allows cache sharing across all workflows in the repository if scope == "repo" { // Remove both workflow and run_id to create a repo-wide restore key - // For example: "memory-chroma-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}" -> "memory-chroma-" + // For example: "memory-none-nopolicy-chroma-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}" -> "memory-none-nopolicy-chroma-" repoKey := strings.TrimSuffix(cacheKey, "${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}") if repoKey != cacheKey && repoKey != "" { restoreKeys = append(restoreKeys, repoKey) @@ -463,6 +501,64 @@ func generateCacheMemorySteps(builder *strings.Builder, data *WorkflowData) { for _, key := range restoreKeys { fmt.Fprintf(builder, " %s\n", key) } + + // Add git setup step after cache restore. + // This initialises (or migrates) the git repository used for integrity branching, + // checks out the current integrity branch, and merges down from higher-integrity branches. + generateCacheMemoryGitSetupStep(builder, cache, cacheDir, integrityLevel, useBackwardCompatiblePaths) + } +} + +// generateCacheMemoryGitSetupStep emits a pre-agent step that sets up the git-backed integrity +// repository inside the given cache directory. It must run after the cache is restored so that +// any previous git history is available for the merge-down step. +func generateCacheMemoryGitSetupStep(builder *strings.Builder, cache CacheMemoryEntry, cacheDir, integrityLevel string, useBackwardCompatiblePaths bool) { + if useBackwardCompatiblePaths { + builder.WriteString(" - name: Set up cache-memory git repository\n") + } else { + fmt.Fprintf(builder, " - name: Set up cache-memory git repository (%s)\n", cache.ID) + } + builder.WriteString(" env:\n") + fmt.Fprintf(builder, " GH_AW_CACHE_DIR: %s\n", cacheDir) + fmt.Fprintf(builder, " GH_AW_MIN_INTEGRITY: %s\n", integrityLevel) + builder.WriteString(" run: bash ${RUNNER_TEMP}/gh-aw/actions/setup_cache_memory_git.sh\n") +} + +// generateCacheMemoryGitCommitSteps emits post-agent steps that commit agent-written changes +// to the current integrity branch. These steps run after agent execution and before artifact +// upload so that the saved tarball always includes up-to-date git history. +func generateCacheMemoryGitCommitSteps(builder *strings.Builder, data *WorkflowData) { + if data.CacheMemoryConfig == nil || len(data.CacheMemoryConfig.Caches) == 0 { + return + } + + cacheLog.Printf("Generating cache-memory git commit steps for %d caches", len(data.CacheMemoryConfig.Caches)) + + useBackwardCompatiblePaths := len(data.CacheMemoryConfig.Caches) == 1 && data.CacheMemoryConfig.Caches[0].ID == "default" + + for _, cache := range data.CacheMemoryConfig.Caches { + // Skip restore-only caches (nothing to commit) + if cache.RestoreOnly { + continue + } + + var cacheDir string + if cache.ID == "default" { + cacheDir = "/tmp/gh-aw/cache-memory" + } else { + cacheDir = "/tmp/gh-aw/cache-memory-" + cache.ID + } + + if useBackwardCompatiblePaths { + builder.WriteString(" - name: Commit cache-memory changes\n") + } else { + fmt.Fprintf(builder, " - name: Commit cache-memory changes (%s)\n", cache.ID) + } + // Run even when agent fails so that partial work is still recorded. + builder.WriteString(" if: always()\n") + builder.WriteString(" env:\n") + fmt.Fprintf(builder, " GH_AW_CACHE_DIR: %s\n", cacheDir) + builder.WriteString(" run: bash ${RUNNER_TEMP}/gh-aw/actions/commit_cache_memory_git.sh\n") } } @@ -791,17 +887,14 @@ func (c *Compiler) buildUpdateCacheMemoryJob(data *WorkflowData, threatDetection steps = append(steps, generateInlineGitHubScriptStep(stepName, validationScript.String(), condition)) } - // Generate cache key (same logic as in generateCacheMemorySteps) - cacheKey := cache.Key - if cacheKey == "" { - if cache.ID == "default" { - cacheKey = "memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}" - } else { - cacheKey = fmt.Sprintf("memory-%s-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", cache.ID) - } + // Generate cache key using integrity-aware format (matches generateCacheMemorySteps) + var githubConfig *GitHubToolConfig + if data.ParsedTools != nil { + githubConfig = data.ParsedTools.GitHub } + cacheKey := computeIntegrityCacheKey(cache, githubConfig) - // Automatically append -${{ github.run_id }} if the key doesn't already end with it + // Ensure run_id suffix is present runIdSuffix := "-${{ github.run_id }}" if !strings.HasSuffix(cacheKey, runIdSuffix) { cacheKey = cacheKey + runIdSuffix diff --git a/pkg/workflow/cache_integrity.go b/pkg/workflow/cache_integrity.go new file mode 100644 index 00000000000..f67657e45fd --- /dev/null +++ b/pkg/workflow/cache_integrity.go @@ -0,0 +1,210 @@ +package workflow + +import ( + "crypto/sha256" + "encoding/hex" + "fmt" + "sort" + "strings" +) + +// integrityLevelOrder defines integrity levels from highest to lowest. +// Used to determine which branches to merge down from when setting up cache. +var integrityLevelOrder = []string{"merged", "approved", "unapproved", "none"} + +// defaultCacheIntegrityLevel is the integrity level used when no guard policy is configured. +const defaultCacheIntegrityLevel = "none" + +// noPolicySentinel is the policy hash used for workflows without an allow-only policy. +const noPolicySentinel = "nopolicy" + +// computePolicyHash computes a deterministic 8-character hex hash of the allow-only policy. +// Returns noPolicySentinel when the GitHub tool has no guard policy (i.e., min-integrity is unset). +// +// The hash is computed over the canonical form of all policy fields so that: +// - Same policy in different order → same hash (sorted, deduped lists) +// - Any policy field change → new hash → cache miss (correct isolation) +// - Workflows without policy → sentinel value "nopolicy" (consistent key format) +func computePolicyHash(github *GitHubToolConfig) string { + if github == nil || github.MinIntegrity == "" { + return noPolicySentinel + } + + canonical := buildCanonicalPolicy(github) + hash := sha256.Sum256([]byte(canonical)) + return hex.EncodeToString(hash[:])[:8] +} + +// buildCanonicalPolicy builds the normalized string representation of the allow-only policy. +// All fields are always present (empty if unset), sorted and deduplicated, so the result +// is deterministic regardless of input ordering. +func buildCanonicalPolicy(github *GitHubToolConfig) string { + var sb strings.Builder + + // blocked-users: sorted, lowercased, deduplicated literal list. + // When blocked-users is provided as a GitHub Actions expression (BlockedUsersExpr), + // include it verbatim so that changing the expression produces a different hash. + sb.WriteString("blocked-users:") + if github.BlockedUsersExpr != "" { + // Expression-based: include the raw expression as the canonical form. + // This ensures that different expressions produce different hashes and that + // switching from a literal list to an expression (or vice versa) invalidates the cache. + sb.WriteString("expr:") + sb.WriteString(github.BlockedUsersExpr) + } else { + sb.WriteString(canonicalUserList(github.BlockedUsers)) + } + sb.WriteString("\n") + + // min-integrity + sb.WriteString("min-integrity:") + sb.WriteString(string(github.MinIntegrity)) + sb.WriteString("\n") + + // repos: canonical scope form (sorted array or fixed string) + sb.WriteString("repos:") + sb.WriteString(canonicalReposScope(github.AllowedRepos)) + sb.WriteString("\n") + + // trusted-bots: reserved for future use (always empty today) + sb.WriteString("trusted-bots:\n") + + // trusted-users: reserved for future use (always empty today) + sb.WriteString("trusted-users:") + + return sb.String() +} + +// canonicalUserList converts a list of user names to a canonical form: +// sorted, lowercased, deduplicated, joined with "\n". +// Returns an empty string for nil or empty lists. +func canonicalUserList(users []string) string { + if len(users) == 0 { + return "" + } + + // Lowercase all entries + normalized := make([]string, len(users)) + for i, u := range users { + normalized[i] = strings.ToLower(u) + } + + // Deduplicate + seen := make(map[string]struct{}, len(normalized)) + deduped := normalized[:0] + for _, u := range normalized { + if _, exists := seen[u]; !exists { + seen[u] = struct{}{} + deduped = append(deduped, u) + } + } + + // Sort + sort.Strings(deduped) + + return strings.Join(deduped, "\n") +} + +// canonicalReposScope converts a GitHubReposScope to its canonical string form. +// +// Canonical forms: +// - "all" → "all" +// - "public" → "public" +// - ["b","a"] → "a\nb" (sorted, lowercased) +// - nil → "" +func canonicalReposScope(repos GitHubReposScope) string { + if repos == nil { + return "" + } + + switch v := repos.(type) { + case string: + // Simple string scope: "all" or "public" + return strings.ToLower(v) + + case []any: + // Array of repository patterns: sort, lowercase, deduplicate + strs := make([]string, 0, len(v)) + for _, item := range v { + if s, ok := item.(string); ok { + strs = append(strs, strings.ToLower(s)) + } + } + sort.Strings(strs) + // Deduplicate + deduped := strs[:0] + for i, s := range strs { + if i == 0 || s != strs[i-1] { + deduped = append(deduped, s) + } + } + return strings.Join(deduped, "\n") + + case []string: + // Typed string slice + strs := make([]string, len(v)) + for i, s := range v { + strs[i] = strings.ToLower(s) + } + sort.Strings(strs) + // Deduplicate + deduped := strs[:0] + for i, s := range strs { + if i == 0 || s != strs[i-1] { + deduped = append(deduped, s) + } + } + return strings.Join(deduped, "\n") + + default: + // Unexpected type: return empty string for deterministic hash computation + // rather than using fmt.Sprintf which could produce inconsistent results. + return "" + } +} + +// cacheIntegrityLevel returns the integrity level string for cache key generation. +// Returns defaultCacheIntegrityLevel when no guard policy is configured. +func cacheIntegrityLevel(github *GitHubToolConfig) string { + if github == nil || github.MinIntegrity == "" { + return defaultCacheIntegrityLevel + } + return string(github.MinIntegrity) +} + +// generateIntegrityAwareCacheKey generates the new-format cache key that includes +// the integrity level and policy hash as prefixes. +// +// Format: memory-{integrityLevel}-{policyHash}-[{cacheID}-]{workflowID}-{runID} +// +// The cacheID segment is omitted for the "default" cache ID to maintain a clean key. +// Examples: +// +// memory-unapproved-7e4d9f12-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} +// memory-none-nopolicy-session-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} +func generateIntegrityAwareCacheKey(cacheID, integrityLevel, policyHash string) string { + if cacheID == "default" || cacheID == "" { + return fmt.Sprintf( + "memory-%s-%s-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + integrityLevel, policyHash, + ) + } + return fmt.Sprintf( + "memory-%s-%s-%s-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + integrityLevel, policyHash, cacheID, + ) +} + +// higherIntegrityLevels returns the integrity levels that are higher than the given level, +// ordered from highest to lowest (merged → approved → unapproved → none). +// Used to determine which branches to merge down from. +func higherIntegrityLevels(level string) []string { + var result []string + for _, l := range integrityLevelOrder { + if l == level { + break + } + result = append(result, l) + } + return result +} diff --git a/pkg/workflow/cache_integrity_test.go b/pkg/workflow/cache_integrity_test.go new file mode 100644 index 00000000000..498af568303 --- /dev/null +++ b/pkg/workflow/cache_integrity_test.go @@ -0,0 +1,559 @@ +//go:build !integration + +package workflow + +import ( + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestComputePolicyHash_NoPolicy verifies that workflows without a guard policy +// use the "nopolicy" sentinel hash. +func TestComputePolicyHash_NoPolicy(t *testing.T) { + tests := []struct { + name string + githubConfig *GitHubToolConfig + }{ + {name: "nil config", githubConfig: nil}, + {name: "empty config", githubConfig: &GitHubToolConfig{}}, + {name: "config without min-integrity", githubConfig: &GitHubToolConfig{AllowedRepos: "all"}}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + hash := computePolicyHash(tt.githubConfig) + assert.Equal(t, noPolicySentinel, hash, "Should return nopolicy sentinel when no guard policy is configured") + }) + } +} + +// TestComputePolicyHash_Deterministic verifies that the same policy always produces the same hash. +func TestComputePolicyHash_Deterministic(t *testing.T) { + cfg := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsers: []string{"attacker1"}, + } + + hash1 := computePolicyHash(cfg) + hash2 := computePolicyHash(cfg) + assert.Equal(t, hash1, hash2, "Same policy must always produce the same hash") + assert.Len(t, hash1, 8, "Hash must be 8 characters long") + assert.NotEqual(t, noPolicySentinel, hash1, "Hash with policy must not equal nopolicy sentinel") +} + +// TestComputePolicyHash_FieldChanges verifies that changing any single policy field produces a different hash. +func TestComputePolicyHash_FieldChanges(t *testing.T) { + base := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsers: []string{}, + } + baseHash := computePolicyHash(base) + + tests := []struct { + name string + cfg *GitHubToolConfig + }{ + { + name: "change min-integrity", + cfg: &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityApproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsers: []string{}, + }, + }, + { + name: "change repos", + cfg: &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/other-repo"}, + BlockedUsers: []string{}, + }, + }, + { + name: "add blocked user", + cfg: &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsers: []string{"attacker1"}, + }, + }, + { + name: "change repos to 'all'", + cfg: &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: "all", + BlockedUsers: []string{}, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + hash := computePolicyHash(tt.cfg) + assert.NotEqual(t, baseHash, hash, "Changing '%s' must produce a different hash", tt.name) + }) + } +} + +// TestComputePolicyHash_ListOrderIndependent verifies that list order does not affect the hash. +func TestComputePolicyHash_ListOrderIndependent(t *testing.T) { + cfg1 := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw-mcpg", "github/gh-aw"}, + BlockedUsers: []string{"bob", "alice"}, + } + cfg2 := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw", "github/gh-aw-mcpg"}, + BlockedUsers: []string{"alice", "bob"}, + } + + assert.Equal(t, computePolicyHash(cfg1), computePolicyHash(cfg2), + "Different list ordering must produce the same hash") +} + +// TestComputePolicyHash_DuplicatesDeduped verifies that duplicate entries in lists do not affect the hash. +func TestComputePolicyHash_DuplicatesDeduped(t *testing.T) { + cfg1 := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityNone, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsers: []string{"alice"}, + } + cfg2 := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityNone, + AllowedRepos: []any{"github/gh-aw", "github/gh-aw"}, + BlockedUsers: []string{"alice", "alice"}, + } + + assert.Equal(t, computePolicyHash(cfg1), computePolicyHash(cfg2), + "Duplicate list entries must be deduplicated before hashing") +} + +// TestComputePolicyHash_BlockedUsersExpr verifies that BlockedUsersExpr is included +// in the policy hash so that expression-based policies are correctly isolated. +func TestComputePolicyHash_BlockedUsersExpr(t *testing.T) { + base := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsers: []string{}, + } + baseHash := computePolicyHash(base) + + // Switching to an expression-based blocked-users should produce a different hash + cfgWithExpr := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsersExpr: "${{ vars.BLOCKED_USERS }}", + } + assert.NotEqual(t, baseHash, computePolicyHash(cfgWithExpr), + "Expression-based blocked-users must produce a different hash than an empty list") + + // Different expressions must produce different hashes + cfgWithExpr2 := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsersExpr: "${{ vars.OTHER_BLOCKED_USERS }}", + } + assert.NotEqual(t, computePolicyHash(cfgWithExpr), computePolicyHash(cfgWithExpr2), + "Different expressions must produce different hashes") + + // Same expression must produce the same hash (deterministic) + cfgWithExprCopy := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsersExpr: "${{ vars.BLOCKED_USERS }}", + } + assert.Equal(t, computePolicyHash(cfgWithExpr), computePolicyHash(cfgWithExprCopy), + "Same expression must produce the same hash") +} + +// TestComputePolicyHash_CaseInsensitive verifies that user/repo names are lowercased before hashing. +func TestComputePolicyHash_CaseInsensitive(t *testing.T) { + cfg1 := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityNone, + AllowedRepos: []any{"GitHub/GH-AW"}, + BlockedUsers: []string{"Alice"}, + } + cfg2 := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityNone, + AllowedRepos: []any{"github/gh-aw"}, + BlockedUsers: []string{"alice"}, + } + + assert.Equal(t, computePolicyHash(cfg1), computePolicyHash(cfg2), + "Policy hash must be case-insensitive for user and repo names") +} + +// TestCanonicalReposScope verifies canonical forms for all repo scope types. +func TestCanonicalReposScope(t *testing.T) { + tests := []struct { + name string + repos GitHubReposScope + expected string + }{ + {name: "nil", repos: nil, expected: ""}, + {name: "all string", repos: "all", expected: "all"}, + {name: "public string", repos: "public", expected: "public"}, + {name: "uppercase string", repos: "ALL", expected: "all"}, + {name: "single repo array", repos: []any{"github/gh-aw"}, expected: "github/gh-aw"}, + {name: "multi repo array sorted", repos: []any{"github/z-repo", "github/a-repo"}, expected: "github/a-repo\ngithub/z-repo"}, + {name: "multi repo array uppercase", repos: []any{"GitHub/GH-AW"}, expected: "github/gh-aw"}, + {name: "dedup array", repos: []any{"github/gh-aw", "github/gh-aw"}, expected: "github/gh-aw"}, + {name: "sorted string slice", repos: []string{"b", "a"}, expected: "a\nb"}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := canonicalReposScope(tt.repos) + assert.Equal(t, tt.expected, result, "Canonical scope form mismatch for %s", tt.name) + }) + } +} + +// TestCanonicalUserList verifies the canonical form for user lists. +func TestCanonicalUserList(t *testing.T) { + tests := []struct { + name string + users []string + expected string + }{ + {name: "nil", users: nil, expected: ""}, + {name: "empty", users: []string{}, expected: ""}, + {name: "single user", users: []string{"alice"}, expected: "alice"}, + {name: "sorted", users: []string{"charlie", "alice", "bob"}, expected: "alice\nbob\ncharlie"}, + {name: "uppercase lowercased", users: []string{"ALICE", "Bob"}, expected: "alice\nbob"}, + {name: "deduplicated", users: []string{"alice", "alice", "bob"}, expected: "alice\nbob"}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := canonicalUserList(tt.users) + assert.Equal(t, tt.expected, result, "Canonical user list mismatch for %s", tt.name) + }) + } +} + +// TestGenerateIntegrityAwareCacheKey verifies the new cache key format. +func TestGenerateIntegrityAwareCacheKey(t *testing.T) { + tests := []struct { + name string + cacheID string + integrityLevel string + policyHash string + expected string + }{ + { + name: "default cache with policy", + cacheID: "default", + integrityLevel: "unapproved", + policyHash: "7e4d9f12", + expected: "memory-unapproved-7e4d9f12-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + }, + { + name: "default cache without policy (sentinel)", + cacheID: "default", + integrityLevel: "none", + policyHash: "nopolicy", + expected: "memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + }, + { + name: "named cache with policy", + cacheID: "session", + integrityLevel: "merged", + policyHash: "abcd1234", + expected: "memory-merged-abcd1234-session-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + }, + { + name: "empty cache ID treated as default", + cacheID: "", + integrityLevel: "none", + policyHash: "nopolicy", + expected: "memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := generateIntegrityAwareCacheKey(tt.cacheID, tt.integrityLevel, tt.policyHash) + assert.Equal(t, tt.expected, result, "Cache key format mismatch") + }) + } +} + +// TestCacheIntegrityLevel verifies integrity level extraction from config. +func TestCacheIntegrityLevel(t *testing.T) { + tests := []struct { + name string + cfg *GitHubToolConfig + expected string + }{ + {name: "nil config", cfg: nil, expected: defaultCacheIntegrityLevel}, + {name: "empty config", cfg: &GitHubToolConfig{}, expected: defaultCacheIntegrityLevel}, + {name: "merged integrity", cfg: &GitHubToolConfig{MinIntegrity: GitHubIntegrityMerged}, expected: "merged"}, + {name: "approved integrity", cfg: &GitHubToolConfig{MinIntegrity: GitHubIntegrityApproved}, expected: "approved"}, + {name: "unapproved integrity", cfg: &GitHubToolConfig{MinIntegrity: GitHubIntegrityUnapproved}, expected: "unapproved"}, + {name: "none integrity", cfg: &GitHubToolConfig{MinIntegrity: GitHubIntegrityNone}, expected: "none"}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := cacheIntegrityLevel(tt.cfg) + assert.Equal(t, tt.expected, result, "Integrity level mismatch for %s", tt.name) + }) + } +} + +// TestHigherIntegrityLevels verifies the merge-down logic helper. +func TestHigherIntegrityLevels(t *testing.T) { + tests := []struct { + name string + level string + expected []string + }{ + {name: "merged (highest) has no higher", level: "merged", expected: nil}, + {name: "approved has merged above", level: "approved", expected: []string{"merged"}}, + {name: "unapproved has merged+approved above", level: "unapproved", expected: []string{"merged", "approved"}}, + {name: "none (lowest) has all above", level: "none", expected: []string{"merged", "approved", "unapproved"}}, + {name: "unknown level has all levels above (no match = all)", level: "unknown", expected: []string{"merged", "approved", "unapproved", "none"}}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := higherIntegrityLevels(tt.level) + assert.Equal(t, tt.expected, result, "Higher integrity levels mismatch for '%s'", tt.level) + }) + } +} + +// TestComputeIntegrityCacheKey_WithGitHubConfig verifies that computeIntegrityCacheKey +// produces the correct key when a GitHub guard policy is configured. +func TestComputeIntegrityCacheKey_WithGitHubConfig(t *testing.T) { + cfg := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityUnapproved, + AllowedRepos: []any{"github/gh-aw"}, + } + policyHash := computePolicyHash(cfg) + require.Len(t, policyHash, 8, "Policy hash must be 8 characters") + + entry := CacheMemoryEntry{ID: "default"} + key := computeIntegrityCacheKey(entry, cfg) + + expectedPrefix := "memory-unapproved-" + policyHash + "-" + assert.True(t, strings.HasPrefix(key, expectedPrefix), + "Cache key should start with 'memory-unapproved-{hash}-', got: %s", key) + assert.True(t, strings.HasSuffix(key, "-${{ github.run_id }}"), + "Cache key should end with run_id suffix, got: %s", key) +} + +// TestComputeIntegrityCacheKey_NoPolicy verifies that computeIntegrityCacheKey uses +// the nopolicy sentinel for workflows without a guard policy. +func TestComputeIntegrityCacheKey_NoPolicy(t *testing.T) { + entry := CacheMemoryEntry{ID: "default"} + key := computeIntegrityCacheKey(entry, nil) + + assert.True(t, strings.HasPrefix(key, "memory-none-nopolicy-"), + "Cache key without policy should start with 'memory-none-nopolicy-', got: %s", key) +} + +// TestComputeIntegrityCacheKey_CustomKey verifies that custom keys get the integrity prefix +// to prevent cross-integrity cache sharing. +func TestComputeIntegrityCacheKey_CustomKey(t *testing.T) { + cfg := &GitHubToolConfig{ + MinIntegrity: GitHubIntegrityMerged, + AllowedRepos: "all", + } + policyHash := computePolicyHash(cfg) + + entry := CacheMemoryEntry{ + ID: "default", + Key: "my-custom-key", + } + key := computeIntegrityCacheKey(entry, cfg) + + // Custom keys must be prefixed with integrity/policy to prevent cross-level sharing + expectedPrefix := "memory-merged-" + policyHash + "-" + assert.True(t, strings.HasPrefix(key, expectedPrefix), + "Custom keys must be prefixed with integrity/policy, got: %s", key) + assert.True(t, strings.HasSuffix(key, "-${{ github.run_id }}"), + "Custom keys should end with run_id suffix, got: %s", key) +} + +// TestComputeIntegrityCacheKey_CustomKeyWithRunID verifies that custom keys already containing +// the run_id suffix are not duplicated, but still get the integrity prefix. +func TestComputeIntegrityCacheKey_CustomKeyWithRunID(t *testing.T) { + entry := CacheMemoryEntry{ + ID: "default", + Key: "my-custom-key-${{ github.run_id }}", + } + key := computeIntegrityCacheKey(entry, nil) + + // Should have none-nopolicy prefix + custom key (with single run_id) + assert.True(t, strings.HasPrefix(key, "memory-none-nopolicy-"), + "Custom keys must be prefixed even without a guard policy, got: %s", key) + assert.Equal(t, 1, strings.Count(key, "${{ github.run_id }}"), + "run_id suffix should appear exactly once, got: %s", key) +} + +// TestCacheMemoryStepsIncludeGitSetup verifies that generated workflow YAML includes +// the git setup step after the cache restore step. +func TestCacheMemoryStepsIncludeGitSetup(t *testing.T) { + toolsMap := map[string]any{ + "cache-memory": true, + "github": map[string]any{ + "allowed": []any{"get_repository"}, + "min-integrity": "unapproved", + "allowed-repos": []any{"github/gh-aw"}, + }, + } + + toolsConfig, err := ParseToolsConfig(toolsMap) + require.NoError(t, err, "Should parse tools config") + + compiler := NewCompiler() + cacheMemoryConfig, err := compiler.extractCacheMemoryConfig(toolsConfig) + require.NoError(t, err, "Should extract cache-memory config") + + parsedTools := NewTools(toolsMap) + + data := &WorkflowData{ + CacheMemoryConfig: cacheMemoryConfig, + ParsedTools: parsedTools, + } + + var builder strings.Builder + generateCacheMemorySteps(&builder, data) + output := builder.String() + + assert.Contains(t, output, "Set up cache-memory git repository", + "Should include git setup step") + assert.Contains(t, output, "setup_cache_memory_git.sh", + "Should reference the git setup script") + assert.Contains(t, output, "GH_AW_MIN_INTEGRITY: unapproved", + "Should set the integrity level env var") + assert.Contains(t, output, "GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory", + "Should set the cache dir env var") +} + +// TestCacheMemoryStepsIntegrityAwareKey verifies that the generated cache key +// includes the integrity level and policy hash. +func TestCacheMemoryStepsIntegrityAwareKey(t *testing.T) { + toolsMap := map[string]any{ + "cache-memory": true, + "github": map[string]any{ + "allowed": []any{"get_repository"}, + "min-integrity": "unapproved", + "allowed-repos": []any{"github/gh-aw"}, + }, + } + + toolsConfig, err := ParseToolsConfig(toolsMap) + require.NoError(t, err, "Should parse tools config") + + compiler := NewCompiler() + cacheMemoryConfig, err := compiler.extractCacheMemoryConfig(toolsConfig) + require.NoError(t, err, "Should extract cache-memory config") + + parsedTools := NewTools(toolsMap) + + data := &WorkflowData{ + CacheMemoryConfig: cacheMemoryConfig, + ParsedTools: parsedTools, + } + + var builder strings.Builder + generateCacheMemorySteps(&builder, data) + output := builder.String() + + // Key should start with "memory-unapproved-" followed by an 8-char hash + assert.Contains(t, output, "key: memory-unapproved-", + "Cache key should include 'unapproved' integrity level") + // Should NOT contain the old format (without integrity prefix) + assert.NotContains(t, output, "key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}", + "Cache key should not use the old format without integrity prefix") +} + +// TestCacheMemoryStepsNoPolicy verifies that the generated cache key uses the +// nopolicy sentinel when no guard policy is configured. +func TestCacheMemoryStepsNoPolicy(t *testing.T) { + toolsMap := map[string]any{ + "cache-memory": true, + "github": map[string]any{ + "allowed": []any{"get_repository"}, + }, + } + + toolsConfig, err := ParseToolsConfig(toolsMap) + require.NoError(t, err, "Should parse tools config") + + compiler := NewCompiler() + cacheMemoryConfig, err := compiler.extractCacheMemoryConfig(toolsConfig) + require.NoError(t, err, "Should extract cache-memory config") + + parsedTools := NewTools(toolsMap) + + data := &WorkflowData{ + CacheMemoryConfig: cacheMemoryConfig, + ParsedTools: parsedTools, + } + + var builder strings.Builder + generateCacheMemorySteps(&builder, data) + output := builder.String() + + assert.Contains(t, output, "key: memory-none-nopolicy-", + "Cache key without policy should use none-nopolicy prefix") +} + +// TestCacheMemoryGitCommitSteps verifies that the post-agent git commit step is generated. +func TestCacheMemoryGitCommitSteps(t *testing.T) { + toolsMap := map[string]any{ + "cache-memory": true, + } + + toolsConfig, err := ParseToolsConfig(toolsMap) + require.NoError(t, err, "Should parse tools config") + + compiler := NewCompiler() + cacheMemoryConfig, err := compiler.extractCacheMemoryConfig(toolsConfig) + require.NoError(t, err, "Should extract cache-memory config") + + data := &WorkflowData{ + CacheMemoryConfig: cacheMemoryConfig, + } + + var builder strings.Builder + generateCacheMemoryGitCommitSteps(&builder, data) + output := builder.String() + + assert.Contains(t, output, "Commit cache-memory changes", + "Should include git commit step") + assert.Contains(t, output, "commit_cache_memory_git.sh", + "Should reference the git commit script") + assert.Contains(t, output, "if: always()", + "Git commit step should always run") + assert.Contains(t, output, "GH_AW_CACHE_DIR: /tmp/gh-aw/cache-memory", + "Should set the cache dir env var") +} + +// TestCacheMemoryGitCommitSteps_RestoreOnlySkipped verifies that restore-only caches +// do not get a git commit step. +func TestCacheMemoryGitCommitSteps_RestoreOnlySkipped(t *testing.T) { + data := &WorkflowData{ + CacheMemoryConfig: &CacheMemoryConfig{ + Caches: []CacheMemoryEntry{ + {ID: "default", RestoreOnly: true}, + }, + }, + } + + var builder strings.Builder + generateCacheMemoryGitCommitSteps(&builder, data) + output := builder.String() + + assert.Empty(t, output, "Restore-only caches should not generate a git commit step") +} diff --git a/pkg/workflow/cache_memory_import_test.go b/pkg/workflow/cache_memory_import_test.go index 5d7b1b0f0e5..087e765275d 100644 --- a/pkg/workflow/cache_memory_import_test.go +++ b/pkg/workflow/cache_memory_import_test.go @@ -80,13 +80,14 @@ Test cache-memory import without local definition. lockStr := string(lockContent) // We expect the imported caches to be present + // Custom keys now get the integrity/policy prefix to prevent cross-integrity cache sharing expectedStrings := []string{ "- name: Create cache-memory directory (session)", "path: /tmp/gh-aw/cache-memory-session", - "key: shared-session-${{ github.run_id }}", + "key: memory-none-nopolicy-shared-session-${{ github.run_id }}", "- name: Create cache-memory directory (logs)", "path: /tmp/gh-aw/cache-memory-logs", - "key: shared-logs-${{ github.run_id }}", + "key: memory-none-nopolicy-shared-logs-${{ github.run_id }}", "cache_memory_prompt_multi.md", // Template file reference instead of literal content "- **session**: `/tmp/gh-aw/cache-memory-session/`", "- **logs**: `/tmp/gh-aw/cache-memory-logs/`", diff --git a/pkg/workflow/cache_memory_integration_test.go b/pkg/workflow/cache_memory_integration_test.go index 314788691cb..fd2c87188bf 100644 --- a/pkg/workflow/cache_memory_integration_test.go +++ b/pkg/workflow/cache_memory_integration_test.go @@ -40,7 +40,7 @@ tools: "- name: Create cache-memory directory", "- name: Cache cache-memory file share data", "uses: actions/cache@", - "key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + "key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", "path: /tmp/gh-aw/cache-memory", "cat \"${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md\"", "GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/'", @@ -78,12 +78,12 @@ tools: "- name: Create cache-memory directory (default)", "mkdir -p /tmp/gh-aw/cache-memory", "- name: Cache cache-memory file share data (default)", - "key: memory-default-${{ github.run_id }}", + "key: memory-none-nopolicy-memory-default-${{ github.run_id }}", "path: /tmp/gh-aw/cache-memory", "- name: Create cache-memory directory (session)", "mkdir -p /tmp/gh-aw/cache-memory-session", "- name: Cache cache-memory file share data (session)", - "key: memory-session-${{ github.run_id }}", + "key: memory-none-nopolicy-memory-session-${{ github.run_id }}", "path: /tmp/gh-aw/cache-memory-session", "cache_memory_prompt_multi.md", // Template file reference for multiple caches "- **default**: `/tmp/gh-aw/cache-memory/`", @@ -118,11 +118,11 @@ tools: expectedInLock: []string{ "- name: Create cache-memory directory (data)", "mkdir -p /tmp/gh-aw/cache-memory-data", - "key: memory-data-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + "key: memory-none-nopolicy-data-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", "path: /tmp/gh-aw/cache-memory-data", "- name: Create cache-memory directory (logs)", "mkdir -p /tmp/gh-aw/cache-memory-logs", - "key: memory-logs-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + "key: memory-none-nopolicy-logs-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", "path: /tmp/gh-aw/cache-memory-logs", "cache_memory_prompt_multi.md", // Template file reference for multiple caches "- **data**: `/tmp/gh-aw/cache-memory-data/`", diff --git a/pkg/workflow/cache_memory_restore_keys_test.go b/pkg/workflow/cache_memory_restore_keys_test.go index cdb90941659..88a7a6b1646 100644 --- a/pkg/workflow/cache_memory_restore_keys_test.go +++ b/pkg/workflow/cache_memory_restore_keys_test.go @@ -67,9 +67,9 @@ tools: allowed: [get_repository] ---`, expectedInLock: []string{ - // Should have workflow-specific restore key + // Should have integrity-scoped workflow-specific restore key "restore-keys: |", - "memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", + "memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", }, genericFallbacks: []string{"memory-"}, }, @@ -91,10 +91,10 @@ tools: allowed: [get_repository] ---`, expectedInLock: []string{ - // Custom key becomes memory-chroma-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} - // Restore key should only remove run_id: memory-chroma-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}- + // Key becomes memory-none-nopolicy-chroma-... (default key match → integrity-aware format) + // Restore key should only remove run_id "restore-keys: |", - "memory-chroma-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", + "memory-none-nopolicy-chroma-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", }, genericFallbacks: []string{"memory-chroma-", "memory-"}, }, @@ -118,10 +118,12 @@ tools: allowed: [get_repository] ---`, expectedInLock: []string{ - // Custom keys become memory-*-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }} - // Restore keys should only remove run_id - "memory-default-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", - "memory-session-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", + // "default" cache: custom key `memory-default-...` does NOT match generateDefaultCacheKey("default") + // (which produces `memory-{workflowID}-...`), so it goes through the custom key prefix path. + // "session" cache: custom key `memory-session-...` DOES match generateDefaultCacheKey("session"), + // so it goes through the integrity-aware non-custom path. + "memory-none-nopolicy-memory-default-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", + "memory-none-nopolicy-session-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", }, genericFallbacks: []string{"memory-default-", "memory-session-", "memory-"}, }, @@ -144,9 +146,9 @@ safe-outputs: expectedInLock: []string{ // Should use restore action "uses: actions/cache/restore@", - // Should have workflow-specific restore key + // Should have integrity-scoped workflow-specific restore key "restore-keys: |", - "memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", + "memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-", }, genericFallbacks: []string{"memory-"}, }, diff --git a/pkg/workflow/cache_memory_restore_only_test.go b/pkg/workflow/cache_memory_restore_only_test.go index bae2efe814c..49a67a04c4a 100644 --- a/pkg/workflow/cache_memory_restore_only_test.go +++ b/pkg/workflow/cache_memory_restore_only_test.go @@ -37,7 +37,7 @@ tools: "# Cache memory file share configuration from frontmatter processed below", "- name: Restore cache-memory file share data", "uses: actions/cache/restore@", // SHA varies, just check action name - "key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + "key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", "path: /tmp/gh-aw/cache-memory", }, notExpectedInLock: []string{ @@ -67,10 +67,10 @@ tools: "# Cache memory file share configuration from frontmatter processed below", "- name: Cache cache-memory file share data (default)", "uses: actions/cache@", // SHA varies - "key: memory-default-${{ github.run_id }}", + "key: memory-none-nopolicy-memory-default-${{ github.run_id }}", "- name: Restore cache-memory file share data (readonly)", "uses: actions/cache/restore@", // SHA varies - "key: memory-readonly-${{ github.run_id }}", + "key: memory-none-nopolicy-memory-readonly-${{ github.run_id }}", }, notExpectedInLock: []string{ // Should NOT upload artifacts when detection is disabled diff --git a/pkg/workflow/cache_memory_threat_detection_test.go b/pkg/workflow/cache_memory_threat_detection_test.go index dab50ef2463..896fb1748d6 100644 --- a/pkg/workflow/cache_memory_threat_detection_test.go +++ b/pkg/workflow/cache_memory_threat_detection_test.go @@ -44,7 +44,7 @@ Test workflow with cache-memory and threat detection enabled.`, // In agent job, should use actions/cache/restore instead of actions/cache "- name: Restore cache-memory file share data", "uses: actions/cache/restore@", - "key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + "key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", // Should upload artifact with if: always() "- name: Upload cache-memory data as artifact", "uses: actions/upload-artifact@", @@ -84,7 +84,7 @@ Test workflow with cache-memory but no threat detection.`, // Without threat detection, should use regular actions/cache "- name: Cache cache-memory file share data", "uses: actions/cache@", - "key: memory-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", + "key: memory-none-nopolicy-${{ env.GH_AW_WORKFLOW_ID_SANITIZED }}-${{ github.run_id }}", }, notExpectedInLock: []string{ // Should NOT upload artifact when detection is disabled @@ -123,9 +123,9 @@ Test workflow with multiple cache-memory and threat detection enabled.`, // Both caches should use restore "- name: Restore cache-memory file share data (default)", "uses: actions/cache/restore@", - "key: memory-default-${{ github.run_id }}", + "key: memory-none-nopolicy-memory-default-${{ github.run_id }}", "- name: Restore cache-memory file share data (session)", - "key: memory-session-${{ github.run_id }}", + "key: memory-none-nopolicy-memory-session-${{ github.run_id }}", // Should upload both artifacts with if: always() "- name: Upload cache-memory data as artifact (default)", "if: always()", diff --git a/pkg/workflow/compiler_yaml_main_job.go b/pkg/workflow/compiler_yaml_main_job.go index 85f81434417..01657c081a5 100644 --- a/pkg/workflow/compiler_yaml_main_job.go +++ b/pkg/workflow/compiler_yaml_main_job.go @@ -502,6 +502,10 @@ func (c *Compiler) generateMainJobSteps(yaml *strings.Builder, data *WorkflowDat // Add repo-memory artifact upload to save state for push job generateRepoMemoryArtifactUpload(yaml, data) + // Add cache-memory git commit steps (after agent execution, before validation) + // This commits agent-written changes to the current integrity branch. + generateCacheMemoryGitCommitSteps(yaml, data) + // Add cache-memory validation (after agent execution) // This validates file types before cache is saved or uploaded generateCacheMemoryValidation(yaml, data)