diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index fd4e170782e..6e1fa56f40f 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fd178852a30ebfb9988ae8d15e30e67b297eb3689ff6eabbc2fedd19afc5ca02","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"869b3b7da437d108347555f117c98d89b01ab2ed5a2be53b6a2742578863909b","strict":true,"agent_id":"claude"} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -159,16 +159,16 @@ jobs: run: | bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh { - cat << 'GH_AW_PROMPT_8758499c2b24a61d_EOF' + cat << 'GH_AW_PROMPT_c31a1f75b7e5048e_EOF' - GH_AW_PROMPT_8758499c2b24a61d_EOF + GH_AW_PROMPT_c31a1f75b7e5048e_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/agentic_workflows_guide.md" cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_8758499c2b24a61d_EOF' + cat << 'GH_AW_PROMPT_c31a1f75b7e5048e_EOF' Tools: create_issue(max:3), create_discussion, missing_tool, missing_data, noop @@ -200,13 +200,13 @@ jobs: {{/if}} - GH_AW_PROMPT_8758499c2b24a61d_EOF + GH_AW_PROMPT_c31a1f75b7e5048e_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_8758499c2b24a61d_EOF' + cat << 'GH_AW_PROMPT_c31a1f75b7e5048e_EOF' {{#runtime-import .github/workflows/shared/reporting.md}} {{#runtime-import .github/workflows/static-analysis-report.md}} - GH_AW_PROMPT_8758499c2b24a61d_EOF + GH_AW_PROMPT_c31a1f75b7e5048e_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -486,12 +486,12 @@ jobs: mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_9a50545c6505d3d7_EOF' + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_e6b1577951691eef_EOF' {"create_discussion":{"category":"security","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1},"create_issue":{"expires":168,"labels":["security","automation"],"max":3,"title_prefix":"[runner-guard] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"}} - GH_AW_SAFE_OUTPUTS_CONFIG_9a50545c6505d3d7_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_e6b1577951691eef_EOF - name: Write Safe Outputs Tools run: | - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_62d189da2111f489_EOF' + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_5103370786937518_EOF' { "description_suffixes": { "create_discussion": " CONSTRAINTS: Maximum 1 discussion(s) can be created. Discussions will be created in category \"security\".", @@ -500,8 +500,8 @@ jobs: "repo_params": {}, "dynamic_tools": [] } - GH_AW_SAFE_OUTPUTS_TOOLS_META_62d189da2111f489_EOF - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_29e512618de29162_EOF' + GH_AW_SAFE_OUTPUTS_TOOLS_META_5103370786937518_EOF + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_c72312fa038a016e_EOF' { "create_discussion": { "defaultMax": 1, @@ -620,7 +620,7 @@ jobs: } } } - GH_AW_SAFE_OUTPUTS_VALIDATION_29e512618de29162_EOF + GH_AW_SAFE_OUTPUTS_VALIDATION_c72312fa038a016e_EOF node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs - name: Generate Safe Outputs MCP Server Config id: safe-outputs-config @@ -690,7 +690,7 @@ jobs: export GH_AW_ENGINE="claude" export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.14' - cat << GH_AW_MCP_CONFIG_dd311f6fe490ccdb_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh + cat << GH_AW_MCP_CONFIG_a00060c74c91676a_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh { "mcpServers": { "agenticworkflows": { @@ -748,7 +748,7 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_dd311f6fe490ccdb_EOF + GH_AW_MCP_CONFIG_a00060c74c91676a_EOF - name: Download activation artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: @@ -1316,7 +1316,7 @@ jobs: with: persist-credentials: false - name: Install runner-guard - run: go install github.com/Vigilant-LLC/runner-guard/cmd/runner-guard@v2.6.0 + run: go install github.com/Vigilant-LLC/runner-guard/v2/cmd/runner-guard@v2.6.0 - name: Run runner-guard scan run: | RUNNER_GUARD="$(go env GOPATH)/bin/runner-guard" diff --git a/.github/workflows/static-analysis-report.md b/.github/workflows/static-analysis-report.md index 0f442ab438b..d8614b3a115 100644 --- a/.github/workflows/static-analysis-report.md +++ b/.github/workflows/static-analysis-report.md @@ -43,7 +43,7 @@ jobs: with: persist-credentials: false - name: Install runner-guard - run: go install github.com/Vigilant-LLC/runner-guard/cmd/runner-guard@v2.6.0 + run: go install github.com/Vigilant-LLC/runner-guard/v2/cmd/runner-guard@v2.6.0 - name: Run runner-guard scan run: | RUNNER_GUARD="$(go env GOPATH)/bin/runner-guard"