Skip to content

feat(compiler): setup node in agent job and safe_outputs job when using custom image runner#25011

Merged
pelikhan merged 5 commits intomainfrom
copilot/update-compiler-node-setup
Apr 7, 2026
Merged

feat(compiler): setup node in agent job and safe_outputs job when using custom image runner#25011
pelikhan merged 5 commits intomainfrom
copilot/update-compiler-node-setup

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 7, 2026
edited
Loading

Summary

When using a non-standard GitHub-hosted runner (self-hosted, custom enterprise runners, GPU runners like aw-gpu-runner-T4), Node.js may not be pre-installed. This PR updates the compiler to automatically add a Node.js setup step in two places:

  1. Agent job — via the runtime manager when a custom image runner is detected
  2. safe_outputs job — before actions/setup when custom tokens are needed (@actions/github is installed by setup.sh via npm install, so Node.js must be on PATH)

Changes

pkg/workflow/runtime_detection.go

  • Added isCustomImageRunner(runsOn string) bool helper function that identifies non-standard runners using an explicit allowlist of known runner labels that have Node.js pre-installed. The allowlist includes official GitHub-hosted labels (e.g. ubuntu-latest, ubuntu-22.04, ubuntu-24.04, ARM variants, Windows variants) as well as ubuntu-slim (gh-aw's default framework runner, which also has Node.js pre-installed). Everything else (self-hosted, enterprise labels, GPU runner labels) is treated as custom:
    • Only allowlisted runners return false — Node.js is pre-installed
    • Self-hosted, custom labels, array form, or object form (group/labels) return true — Node.js may not be present
  • Updated DetectRuntimeRequirements to inject a node runtime requirement when a custom image runner is detected, ensuring actions/setup-node@v6 is emitted in the agent job steps (version respects any runtimes.node.version frontmatter override)
  • Log message is version-agnostic (does not hardcode "v24") since the version may be overridden by frontmatter

pkg/workflow/compiler_safe_outputs_job.go

  • When enableCustomTokens is true (setup action installs @actions/github via npm install) and the safe_outputs job uses a custom image runner, a Setup Node.js step is now emitted before the Setup Scripts (actions/setup) step

pkg/workflow/runtime_setup_test.go

  • Unit tests for isCustomImageRunner covering all runner forms, including ubuntu-slim as standard

pkg/workflow/runtime_setup_integration_test.go

  • Integration tests verifying the full compile pipeline produces a Node.js setup step for custom runners (self-hosted, enterprise custom labels) but not for standard runners
  • Version override test asserts the overridden node-version value appears in the compiled output

pkg/workflow/safe_outputs_runs_on_test.go

  • Tests verifying Node.js setup is emitted before actions/setup in the safe_outputs job when custom tokens are needed and a custom image runner is configured, and is absent when either condition is not met

Recompiled lock files

  • .github/workflows/daily-fact.lock.yml / daily-news.lock.yml — use runs-on: aw-gpu-runner-T4 (custom GPU runner), now include a Node.js setup step in their agent jobs

Why this approach

The runtime manager (DetectRuntimeRequirementsGenerateRuntimeSetupSteps) is the correct place for the agent job logic because it:

  1. Handles version overrides from runtimes.node.version in frontmatter
  2. Deduplicates with user-specified actions/setup-node steps in custom steps
  3. Inserts the setup step at the right position (after checkout, before custom steps)

For the safe_outputs job, the Node.js setup step is emitted directly before actions/setup since the runtime manager does not control the safe_outputs job step order.

Copilot AI requested a review from pelikhan April 7, 2026 04:02
@pelikhan pelikhan marked this pull request as ready for review April 7, 2026 04:03
Copilot AI review requested due to automatic review settings April 7, 2026 04:03
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 7, 2026

@copilot if safe_outputs job needs @actions/github on a custom runner, emit the @actions/setup-node step before action/setup

Copilot AI reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the workflow compiler runtime detection to automatically inject a Node.js setup requirement when compiling workflows that target non-standard/custom runners where Node may not be preinstalled.

Changes:

  • Add isCustomImageRunner and use it in DetectRuntimeRequirements to ensure a node runtime requirement is added for custom runners.
  • Add unit + integration tests validating runner detection and Node setup injection behavior.
  • Recompile affected lock workflows so agent jobs include actions/setup-node@v6 with Node 24 on custom runners.
Show a summary per file
File Description
pkg/workflow/runtime_detection.go Adds custom-runner detection and injects a Node runtime requirement when detected.
pkg/workflow/runtime_setup_test.go Adds unit tests for isCustomImageRunner and runtime requirement injection/deduping.
pkg/workflow/runtime_setup_integration_test.go Adds integration coverage ensuring compiled lock output includes/excludes Node setup appropriately.
.github/workflows/daily-news.lock.yml Recompiled lockfile now includes Node setup step for the agent job on the custom GPU runner.
.github/workflows/daily-fact.lock.yml Recompiled lockfile now includes Node setup step for the agent job on the custom GPU runner.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 5/5 changed files
  • Comments generated: 4

pkg/workflow/runtime_detection.go
Comment on lines +208 to +215
const keyPrefix = "runs-on: "
if value, ok := strings.CutPrefix(runsOn, keyPrefix); ok {
// Single-line value: extract the runner label and check against known standard prefixes.
value = strings.TrimSpace(value)
lower := strings.ToLower(value)
// Standard GitHub-hosted runners that ship with Node.js pre-installed.
return !strings.HasPrefix(lower, "ubuntu-") && !strings.HasPrefix(lower, "windows-")
}
Copy link

Copilot AI Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isCustomImageRunner treats any label starting with ubuntu- as a standard GitHub-hosted runner. This misclassifies repo-specific/custom runner labels like ubuntu-slim (used as constants.DefaultActivationJobRunnerImage) and any self-hosted runner label that happens to start with ubuntu-, causing Node setup to be skipped when it may be required. Consider using an allowlist of known GitHub-hosted labels (e.g., ubuntu-latest, ubuntu-24.04, ubuntu-22.04, ubuntu-20.04, plus any supported *-arm variants) and treat everything else (including ubuntu-slim) as custom.

Copilot uses AI. Check for mistakes.
pkg/workflow/runtime_setup_test.go
Comment on lines +914 to +916
name: "ubuntu-slim is standard",
runsOn: "runs-on: ubuntu-slim",
expected: false,
Copy link

Copilot AI Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test encodes ubuntu-slim as a “standard” runner (expected false for custom). In this repo, ubuntu-slim is not a GitHub-hosted label and is used as the default framework runner (constants.DefaultActivationJobRunnerImage), so it should be treated as a custom label by isCustomImageRunner if the goal is to detect non-GitHub-hosted runners.

Suggested change
name: "ubuntu-slim is standard",
runsOn: "runs-on: ubuntu-slim",
expected: false,
name: "ubuntu-slim is custom",
runsOn: "runs-on: ubuntu-slim",
expected: true,

Copilot uses AI. Check for mistakes.
pkg/workflow/runtime_detection.go Outdated
Comment on lines +27 to +33
// When using a custom image runner, ensure Node.js v24 is set up.
// Standard GitHub-hosted runners (ubuntu-*, windows-*) have Node.js pre-installed,
// but custom image runners (self-hosted, enterprise runners, non-standard labels) may not.
// Node.js is required for gh-aw scripts such as start_safe_outputs_server.sh and
// start_mcp_scripts_server.sh that invoke `node` directly.
if isCustomImageRunner(workflowData.RunsOn) {
runtimeSetupLog.Printf("Custom image runner detected (%q), ensuring Node.js v24 is set up", workflowData.RunsOn)
Copy link

Copilot AI Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The log message hardcodes “Node.js v24”, but this code adds the node runtime with an empty version (default) and the version may later be overridden by frontmatter (runtimes.node.version). Consider logging a version-agnostic message (or log the resolved version after overrides) to avoid misleading diagnostics.

Suggested change
// When using a custom image runner, ensure Node.js v24 is set up.
// Standard GitHub-hosted runners (ubuntu-*, windows-*) have Node.js pre-installed,
// but custom image runners (self-hosted, enterprise runners, non-standard labels) may not.
// Node.js is required for gh-aw scripts such as start_safe_outputs_server.sh and
// start_mcp_scripts_server.sh that invoke `node` directly.
if isCustomImageRunner(workflowData.RunsOn) {
runtimeSetupLog.Printf("Custom image runner detected (%q), ensuring Node.js v24 is set up", workflowData.RunsOn)
// When using a custom image runner, ensure Node.js is set up.
// Standard GitHub-hosted runners (ubuntu-*, windows-*) have Node.js pre-installed,
// but custom image runners (self-hosted, enterprise runners, non-standard labels) may not.
// Node.js is required for gh-aw scripts such as start_safe_outputs_server.sh and
// start_mcp_scripts_server.sh that invoke `node` directly.
if isCustomImageRunner(workflowData.RunsOn) {
runtimeSetupLog.Printf("Custom image runner detected (%q), ensuring Node.js is set up", workflowData.RunsOn)

Copilot uses AI. Check for mistakes.
pkg/workflow/runtime_setup_integration_test.go
Comment on lines +443 to +456
{
name: "custom runner with node version override uses overridden version",
workflowMarkdown: `---
on: push
engine: copilot
runs-on: self-hosted
runtimes:
node:
version: '22'
---

# Test workflow`,
expectNodeSetup: true,
},
Copy link

Copilot AI Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test case named “custom runner with node version override uses overridden version” only asserts that a setup-node step exists, not that it uses the overridden node-version: '22'. Adding an assertion for the version in the agent job section would cover the override interaction introduced by this change.

Copilot uses AI. Check for mistakes.
@pelikhan
feat(safe-outputs): emit setup-node before actions/setup on custom ru…
4d77a3c 
…nner when custom tokens needed

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/ce07a588-4938-4c89-b085-78d7a224a99a

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 7, 2026
edited
Loading

@copilot if safe_outputs job needs @actions/github on a custom runner, emit the @actions/setup-node step before action/setup

Done in commit 4d77a3c. When enableCustomTokens is true (the setup action will run npm install @actions/github) and the safe_outputs job uses a custom image runner, a Setup Node.js step is now emitted before Setup Scripts (actions/setup). Standard GitHub-hosted runners (ubuntu-*, windows-*) already have Node.js pre-installed so they are unaffected.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --local x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git /php.ini --local x_amd64/vet git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go ngci-lint&#34; ]; thgo GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false /tmp/go-build3706051080/b236/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet ler_safe_outputsgit ler_safe_outputsrev-parse ler_safe_outputs--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /home/REDACTED/.config/composer/vendor/bin/bash -errorsas -ifaceassert -nilfunc bash (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --noprofile (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --get-regexp --global k/_temp/uv-pytho-nilfunc (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha PASS|FAIL|RUN -tests /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git ppend.*steps\|gegit k/gh-aw/gh-aw/pkrev-parse 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git --noprofile .cfg 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build3706051080/b089/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build3706051080/b213/vet.cfg 6051080/b314/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git --local pull.rebase x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git --verify copilot/update-crev-parse 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build3706051080/b041/vet.cfg 6051080/b278/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -bool -buildtags 6051080/b251/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3706051080/b178/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -bool -buildtags 6051080/b325/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3706051080/b193/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -bool -buildtags 6051080/b297/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build3706051080/b182/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build3706051080/b093/vet.cfg 6051080/b313/vet.cfg (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha 0838758/b001/_pkg_.a /tmp/go-build3706051080/b043/vet.cfg 0838758/b001=&gt; (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha cd actions/setupGOINSECURE GOPROXY $name) { hasDiscussionsEnabled } } GOSUMDB GOWORK 64/bin/go sh -c &#34;prettier&#34; --che-f sh 64/bin/go &#34;prettier&#34; --wrigit git 64/bin/go go (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title feat(compiler): setup node v24 in agent job when using custom image runner feat(compiler): setup node v24 in agent job and safe_outputs job when using custom image runner Apr 7, 2026
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 7, 2026

@copilot Review comments

@github-actions github-actions bot mentioned this pull request Apr 7, 2026
Closed
@pelikhan
fix(runtime-detection): use allowlist for standard runners, ubuntu-sl…
d4b70ac 
…im is custom, version-agnostic log

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/f5ab582e-5ab4-429c-b062-78243b07802a

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 7, 2026
edited
Loading

@copilot Review comments

Addressed all 4 review points in commit d4b70ac:

  1. Allowlist for standard runners — replaced prefix-based matching with an explicit allowlist of known GitHub-hosted runner labels (ubuntu-latest, ubuntu-22.04, ubuntu-24.04, ARM variants, Windows variants). ubuntu-slim and any other non-listed label are now correctly treated as custom.
  2. ubuntu-slim test — updated to expect true (custom).
  3. Version-agnostic log — removed "v24" from the log message.
  4. Version override assertion — added expectNodeVersion: "22" to the override test case and a corresponding assert.Contains check for node-version: '22' in the agent job section.

The ubuntu-slim reclassification also triggered recompilation of several workflows (issue-monster, smoke-*, workflow-generator) that use the default runner with custom-token safe outputs — they now correctly include a Setup Node.js step before actions/setup.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 5677596/b060/vetjs/fuzz_mentions_harness.cjs .cfg git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git se 5677596/b172/vetjs/fuzz_sanitize_output_harness.cjs ache/go/1.25.8/x64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 5677596/b043/vetjs/fuzz_mentions_harness.cjs .cfg git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git HEAD (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b202/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --local credential.helper ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --noprofile -tests /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b023/vet.cfg 5677596/b292/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b030/vet.cfg 5677596/b173/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git up^{commit} (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha /tmp/go-build4195677596/b124/_pkg_.a -trimpath 5677596/b254/vet.cfg -p github.com/charmrev-parse -lang=go1.24 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build4195677596/b098/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -c=4 -nolocalimports -importcfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b026/vet.cfg 5677596/b303/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b032/vet.cfg 5677596/b253/vet.cfg (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b025/vet.cfg 5677596/b300/vet.cfg (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b022/vet.cfg 5677596/b295/vet.cfg (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet credential.userngit (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git HEAD (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility unset GOROOT; export PATH=&#34;$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2&gt;/dev/nullgit /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git -unreachable=falgit /tmp/go-build419-C /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet r: $owner, name: $name) { hasDiscussionsEnabled } } -bool -buildtags /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -unreachable=false /tmp/go-build4195677596/b012/vet.cfg 5677596/b272/vet.cfg (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha uG_pcmOLn .cfg 64/pkg/tool/linux_amd64/vet user.name (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha JuGJHAz8U ompiler-node-setup 64/pkg/tool/linux_amd64/vet credential.userngit (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet $name) { hasDiscussionsEnabled } } --noprofile (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title feat(compiler): setup node v24 in agent job and safe_outputs job when using custom image runner feat(compiler): setup node in agent job and safe_outputs job when using custom image runner Apr 7, 2026
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Apr 7, 2026

@copilot ubuntu-slim is a supported runner with builtin node.

@pelikhan
fix(runtime-detection): add ubuntu-slim to standard runner allowlist …
0041331 
…(has built-in Node.js)

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/7e7deaba-2564-443b-9f51-831b9215b378

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 7, 2026
edited
Loading

@copilot ubuntu-slim is a supported runner with builtin node.

Fixed in commit 0041331. ubuntu-slim is now in the standardGitHubHostedRunners allowlist so it's treated as standard (no Node.js setup injected). The 7 lock files that incorrectly got a Node.js setup step have been reverted.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw /tmp/go-build3486891806/b001/importcfg -pack /tmp/go-build3486891806/b001/_testmain.go (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -embedcfg /tmp/go-build1927804080/b063/embedcfg -pack (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config /usr/bin/git remote.origin.urgit (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ithub/workflows -buildtags /home/REDACTED/go/bin/bash -errorsas -ifaceassert -nilfunc bash --no�� k/gh-aw/gh-aw/.github/workflows -tests (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --noprofile x_amd64/vet /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linurev-parse /usr/bin/git ROOT&#34; ] &amp;&amp; exporgit 6891806/b215/vetrev-parse me: String!) { --show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git ithub/workflows (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha graphql -f /home/REDACTED/go/bin/node -f owner=github -f node /opt�� view -- /usr/bin/docker name (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config /usr/bin/git remote.origin.urgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linurev-parse /usr/bin/git se 6891806/b042/vetrev-parse .cfg git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuconfig /usr/bin/git ithub/workflows 6891806/b217/vetrev-parse ache/go/1.25.8/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha k/gh-aw/gh-aw/.github/workflows (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha graphql -f /usr/bin/git -f owner=github -f git -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config /usr/bin/gh remote.origin.urgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha xterm-color (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha graphql -f /usr/bin/infocmp -f owner=github -f infocmp -1 xterm-color x_amd64/vet /usr/bin/git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse /opt/hostedtoolcache/node/24.14.1/x64/bin/node flib/difflib.go (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha ithub/workflows /tmp/go-build3486891806/b090/vet.cfg (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha k/gh-aw/gh-aw/.github/workflows -f /usr/bin/docker -f owner=github -f docker imag�� inspect mcp/context7 (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha ithub/workflows -buildtags er: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabl--show-toplevel -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� ithub/workflows /tmp/go-build3486891806/b202/vet.cfg (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows -buildtags 6891806/b330/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linuconfig -uns�� ithub/workflows /tmp/go-build3486891806/b203/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel x_amd64/compile /usr/bin/git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan merged commit 6f2145b into main Apr 7, 2026
@pelikhan pelikhan deleted the copilot/update-compiler-node-setup branch April 7, 2026 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan