diff --git a/pkg/workflow/compiler_yaml_step_conversion.go b/pkg/workflow/compiler_yaml_step_conversion.go index 02860a3236f..97ddacf8eaf 100644 --- a/pkg/workflow/compiler_yaml_step_conversion.go +++ b/pkg/workflow/compiler_yaml_step_conversion.go @@ -53,6 +53,7 @@ func ConvertStepToYAML(stepMap map[string]any) (string, error) { // This is needed because the YAML marshaller quotes strings containing #, but GitHub Actions // expects unquoted uses values with inline comments. func unquoteUsesWithComments(yamlStr string) string { + stepConversionLog.Printf("Post-processing YAML to unquote uses-with-comments: %d chars", len(yamlStr)) lines := strings.Split(yamlStr, "\n") for i, line := range lines { // Look for uses: followed by a quoted string containing a # comment diff --git a/pkg/workflow/compiler_yaml_step_generation.go b/pkg/workflow/compiler_yaml_step_generation.go index 6679eca8637..fbe8be26de0 100644 --- a/pkg/workflow/compiler_yaml_step_generation.go +++ b/pkg/workflow/compiler_yaml_step_generation.go @@ -89,6 +89,7 @@ func (c *Compiler) generateCheckoutActionsFolder(data *WorkflowData) []string { // // Returns the YAML for the step as a single string (for inclusion in a []string steps slice). func (c *Compiler) generateRestoreActionsSetupStep() string { + compilerYamlStepGenerationLog.Print("Generating restore actions setup step") var step strings.Builder step.WriteString(" - name: Restore actions folder\n") step.WriteString(" if: always()\n") @@ -135,6 +136,7 @@ func (c *Compiler) generateSetupStep(setupActionRef string, destination string, } // Dev/Release mode: use the setup action + compilerYamlStepGenerationLog.Printf("Generating setup step: ref=%s, destination=%s, customTokens=%t, traceID=%q", setupActionRef, destination, enableCustomTokens, traceID) lines := []string{ " - name: Setup Scripts\n", " id: setup\n", @@ -157,6 +159,7 @@ func (c *Compiler) generateSetupStep(setupActionRef string, destination string, // is not available there (only in step-level env: and run: blocks). // The step ID "set-runtime-paths" is referenced by downstream steps that consume these outputs. func (c *Compiler) generateSetRuntimePathsStep() []string { + compilerYamlStepGenerationLog.Print("Generating set-runtime-paths step") return []string{ " - name: Set runtime paths\n", " id: set-runtime-paths\n", diff --git a/pkg/workflow/glob_validation.go b/pkg/workflow/glob_validation.go index e3e7aa13527..da2d682db01 100644 --- a/pkg/workflow/glob_validation.go +++ b/pkg/workflow/glob_validation.go @@ -211,6 +211,9 @@ func runGlobValidation(pat string, isRef bool) []invalidGlobPattern { v := globValidator{} v.isRef = isRef v.validate(pat) + if len(v.errs) > 0 { + globValidationLog.Printf("Glob validation found %d error(s) for pattern %q (isRef=%t)", len(v.errs), pat, isRef) + } return v.errs } @@ -240,6 +243,7 @@ func validatePathGlob(pat string) []invalidGlobPattern { // Reject '.', '..', './', and '../' (#521 in actionlint) stripped := strings.TrimPrefix(p, "!") if stripped == "." || stripped == ".." || strings.HasPrefix(stripped, "./") || strings.HasPrefix(stripped, "../") { + globValidationLog.Printf("Path glob rejected due to invalid prefix: %s", stripped) errs = append(errs, invalidGlobPattern{"'.', '..', and paths starting with './' or '../' are not allowed in glob path", 0}) } diff --git a/pkg/workflow/mcp_config_playwright_renderer.go b/pkg/workflow/mcp_config_playwright_renderer.go index 195e8f72707..e6542b2fada 100644 --- a/pkg/workflow/mcp_config_playwright_renderer.go +++ b/pkg/workflow/mcp_config_playwright_renderer.go @@ -156,6 +156,7 @@ func renderPlaywrightMCPConfigWithOptions(yaml *strings.Builder, playwrightConfi // Add volume mounts // When guard policies follow, mounts is not the last field (add trailing comma) + mcpPlaywrightLog.Printf("Adding volume mounts: guard_policies=%d", len(guardPolicies)) if len(guardPolicies) > 0 { yaml.WriteString(" \"mounts\": [\"/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw\"],\n") renderGuardPoliciesJSON(yaml, guardPolicies, " ") @@ -171,4 +172,5 @@ func renderPlaywrightMCPConfigWithOptions(yaml *strings.Builder, playwrightConfi } else { yaml.WriteString(" },\n") } + mcpPlaywrightLog.Printf("Playwright MCP config rendered: is_last=%t, entrypoint_args=%d", isLast, len(entrypointArgs)) } diff --git a/pkg/workflow/permissions.go b/pkg/workflow/permissions.go index baa36c363d5..8b466080f01 100644 --- a/pkg/workflow/permissions.go +++ b/pkg/workflow/permissions.go @@ -266,7 +266,11 @@ func GetAllGitHubAppOnlyScopes() []PermissionScope { // IsGitHubAppOnlyScope returns true if the scope is a GitHub App-only permission // (not supported by GITHUB_TOKEN). These scopes require a GitHub App to exercise. func IsGitHubAppOnlyScope(scope PermissionScope) bool { - return slices.Contains(GetAllGitHubAppOnlyScopes(), scope) + isAppOnly := slices.Contains(GetAllGitHubAppOnlyScopes(), scope) + if isAppOnly { + permissionsLog.Printf("Scope %q requires GitHub App (not supported by GITHUB_TOKEN)", scope) + } + return isAppOnly } // Permissions represents GitHub Actions permissions