From ad7828258366e26f0c5a91b2a80baef26cc5ea89 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 11:05:06 +0000 Subject: [PATCH] Sync github-agentic-workflows.md with v0.68.3 Document three fields present in code/schema but missing from instructions: - pre-steps: (runs before checkout, useful for token minting) - run-install-scripts: (security opt-in for npm install scripts) - on.stale-check: (disable frontmatter hash check for cross-repo rulesets) Co-Authored-By: Claude Sonnet 4.6 --- .github/aw/github-agentic-workflows.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/aw/github-agentic-workflows.md b/.github/aw/github-agentic-workflows.md index 94ca318b169..b02407b4aad 100644 --- a/.github/aw/github-agentic-workflows.md +++ b/.github/aw/github-agentic-workflows.md @@ -177,6 +177,9 @@ The YAML frontmatter supports these fields: private-key: ${{ secrets.APP_PRIVATE_KEY }} ``` + - **`stale-check:`** - Control whether the activation job verifies the frontmatter hash matches the compiled workflow (boolean, default: `true`) + - When `false`, disables the hash check step; useful when workflow files are managed outside the default repository context (e.g., cross-repo org rulesets) + - **`permissions:`** - GitHub token permissions - Object with permission levels: `read`, `none` - Available permissions: `contents`, `issues`, `pull-requests`, `discussions`, `actions`, `checks`, `statuses`, `models`, `deployments`, `security-events` @@ -206,6 +209,7 @@ The YAML frontmatter supports these fields: - **`if:`** - Conditional execution expression (string) - **`run-name:`** - Custom workflow run name (string) - **`name:`** - Workflow name (string) +- **`pre-steps:`** - Custom workflow steps to run at the very beginning of the agent job, before checkout (object). Use for token minting or setup that must happen before the repository is checked out. Step outputs are available via `${{ steps..outputs. }}` and can be referenced in `checkout.github-token` to avoid masked-value cross-job boundary issues. Same security restrictions apply as for `steps:`. - **`steps:`** - Custom workflow steps before AI execution (object). **Security Notice**: Custom steps run OUTSIDE the firewall sandbox with standard GitHub Actions security but NO network egress controls. Use only for deterministic data preparation, not agentic compute. **Secrets restriction**: Using `${{ secrets.* }}` expressions (other than `secrets.GITHUB_TOKEN`) in custom steps is an error in strict mode and a warning otherwise — move secret-dependent operations to a separate job outside the agent job. - **`post-steps:`** - Custom workflow steps after AI execution (object). **Security Notice**: Post-execution steps run OUTSIDE the firewall sandbox. Use only for deterministic cleanup, artifact uploads, or notifications—not agentic compute or untrusted AI execution. Same secrets restriction applies as for `steps:`. - **`environment:`** - Environment that the job references for protection rules (string or object) @@ -347,6 +351,12 @@ The YAML frontmatter supports these fields: if: "hashFiles('go.mod') != ''" # Only install Go when go.mod exists ``` +- **`run-install-scripts:`** - Allow npm pre/post install scripts to execute during package installation (boolean, default: `false`) + - By default, `--ignore-scripts` is added to all generated npm install commands to prevent supply chain attacks via malicious install hooks + - When `true`, disables this protection globally for all runtimes that generate `npm install` commands + - A supply chain security warning is emitted at compile time; in strict mode this is an error + - Per-runtime control is also available via `runtimes.node.run-install-scripts: true` to limit scope to a specific runtime + - **`checkout:`** - Override how the repository is checked out in the agent job (object, array, or `false`) - By default, the workflow automatically checks out the repository. Use this field to customize checkout behavior. - Set to `false` to disable automatic checkout entirely (reduces startup time when repo access is not needed):