From d834d44d36c2c8c878ede6c6ec623f1dedbdd25e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 17 Apr 2026 01:46:02 +0000 Subject: [PATCH 1/3] Initial plan From 7c8355682dba2cfebce87a854827314142c97202 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 17 Apr 2026 02:18:12 +0000 Subject: [PATCH 2/3] fix: use writable CODEX_HOME path in AWF codex runs Agent-Logs-Url: https://github.com/github/gh-aw/sessions/eccae58e-823b-4ecc-a720-ebfdd669710c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/agentic_output_test.go | 4 ++-- pkg/workflow/codex_engine.go | 18 ++++++++++-------- pkg/workflow/codex_engine_test.go | 14 ++++++++++++++ 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/pkg/workflow/agentic_output_test.go b/pkg/workflow/agentic_output_test.go index be1a68dcac..b7f1e8f6dd 100644 --- a/pkg/workflow/agentic_output_test.go +++ b/pkg/workflow/agentic_output_test.go @@ -258,8 +258,8 @@ func TestEngineOutputFileDeclarations(t *testing.T) { t.Errorf("Codex engine should declare output files for log collection, got: %v", codexOutputFiles) } - if len(codexOutputFiles) > 0 && codexOutputFiles[0] != "${{ runner.temp }}/gh-aw/mcp-config/logs/" { - t.Errorf("Codex engine should declare ${{ runner.temp }}/gh-aw/mcp-config/logs/, got: %v", codexOutputFiles[0]) + if len(codexOutputFiles) > 0 && codexOutputFiles[0] != "/tmp/gh-aw/mcp-config/logs/" { + t.Errorf("Codex engine should declare /tmp/gh-aw/mcp-config/logs/, got: %v", codexOutputFiles[0]) } // Test Gemini engine declares output files for error log collection diff --git a/pkg/workflow/codex_engine.go b/pkg/workflow/codex_engine.go index ceebb42d5a..9b09d45a09 100644 --- a/pkg/workflow/codex_engine.go +++ b/pkg/workflow/codex_engine.go @@ -109,13 +109,13 @@ func (e *CodexEngine) GetInstallationSteps(workflowData *WorkflowData) []GitHubA return steps } -// GetDeclaredOutputFiles returns the output files that Codex may produce -// Codex (written in Rust) writes logs to ~/.codex/log/codex-tui.log +// GetDeclaredOutputFiles returns the output files that Codex may produce. +// Use /tmp/gh-aw for Codex runtime logs because ${RUNNER_TEMP}/gh-aw is +// mounted read-only inside the AWF chroot sandbox. func (e *CodexEngine) GetDeclaredOutputFiles() []string { - // Return the Codex log directory for artifact collection - // Using mcp-config folder structure for consistency with other engines + // Return the Codex log directory for artifact collection. return []string{ - "${{ runner.temp }}/gh-aw/mcp-config/logs/", + "/tmp/gh-aw/mcp-config/logs/", } } @@ -276,9 +276,11 @@ mkdir -p "$CODEX_HOME/logs" "GITHUB_STEP_SUMMARY": AgentStepSummaryPath, "GH_AW_PROMPT": "/tmp/gh-aw/aw-prompts/prompt.txt", // Tag the step as a GitHub AW agentic execution for discoverability by agents - "GITHUB_AW": "true", - "GH_AW_MCP_CONFIG": "${{ runner.temp }}/gh-aw/mcp-config/config.toml", - "CODEX_HOME": "${{ runner.temp }}/gh-aw/mcp-config", + "GITHUB_AW": "true", + "GH_AW_MCP_CONFIG": "${{ runner.temp }}/gh-aw/mcp-config/config.toml", + // Keep Codex runtime state in /tmp/gh-aw because ${RUNNER_TEMP}/gh-aw is + // mounted read-only inside the AWF chroot sandbox. + "CODEX_HOME": "/tmp/gh-aw/mcp-config", "RUST_LOG": "trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug", "GH_AW_GITHUB_TOKEN": effectiveGitHubToken, "GITHUB_PERSONAL_ACCESS_TOKEN": effectiveGitHubToken, // Used by GitHub MCP server via env_vars diff --git a/pkg/workflow/codex_engine_test.go b/pkg/workflow/codex_engine_test.go index 4d8abbae84..31acd97fa1 100644 --- a/pkg/workflow/codex_engine_test.go +++ b/pkg/workflow/codex_engine_test.go @@ -174,6 +174,20 @@ func TestCodexEngineExecutionIncludesGitHubAWPrompt(t *testing.T) { } } +func TestCodexEngineExecutionUsesWritableCodexHome(t *testing.T) { + engine := NewCodexEngine() + + steps := engine.GetExecutionSteps(&WorkflowData{Name: "test-workflow"}, "/tmp/gh-aw/test.log") + if len(steps) == 0 { + t.Fatal("Expected at least one execution step") + } + + stepContent := strings.Join([]string(steps[0]), "\n") + if !strings.Contains(stepContent, "CODEX_HOME: /tmp/gh-aw/mcp-config") { + t.Errorf("Expected CODEX_HOME to use writable /tmp path, got:\n%s", stepContent) + } +} + func TestCodexEngineRenderMCPConfig(t *testing.T) { engine := NewCodexEngine() From 250b24f3126f157b408b84bcf3a84a93442e9b60 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 17 Apr 2026 02:40:55 +0000 Subject: [PATCH 3/3] chore: recompile workflows for codex writable home path Agent-Logs-Url: https://github.com/github/gh-aw/sessions/90d31021-71a2-49b0-93cb-b04d8e97c873 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ai-moderator.lock.yml | 7 ++----- .github/workflows/changeset.lock.yml | 7 ++----- .github/workflows/codex-github-remote-mcp-test.lock.yml | 7 ++----- .github/workflows/daily-fact.lock.yml | 9 +++------ .github/workflows/daily-observability-report.lock.yml | 9 +++------ .github/workflows/duplicate-code-detector.lock.yml | 9 +++------ .github/workflows/grumpy-reviewer.lock.yml | 9 +++------ .github/workflows/issue-arborist.lock.yml | 9 +++------ .github/workflows/schema-feature-coverage.lock.yml | 9 +++------ .github/workflows/smoke-call-workflow.lock.yml | 9 +++------ .github/workflows/smoke-codex.lock.yml | 9 +++------ 11 files changed, 30 insertions(+), 63 deletions(-) diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index d3af7db13f..e8d9d88b65 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -769,7 +769,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: ${{ vars.GH_AW_MODEL_AGENT_CODEX || '' }} GH_AW_PHASE: agent @@ -834,9 +834,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -915,7 +912,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/proxy-logs/ diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index a86f1084b8..5664e5fe2f 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -790,7 +790,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: gpt-5.1-codex-mini GH_AW_PHASE: agent @@ -868,9 +868,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -931,7 +928,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/agent_usage.json diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index 873827b2a7..eb4de8e4ee 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -456,7 +456,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: ${{ vars.GH_AW_MODEL_DETECTION_CODEX || '' }} GH_AW_PHASE: agent @@ -511,9 +511,6 @@ jobs: - name: Append agent step summary if: always() run: bash "${RUNNER_TEMP}/gh-aw/actions/append_agent_step_summary.sh" - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -568,7 +565,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/agent_usage.json diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 0ebb68777d..fd374cc6c3 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -896,7 +896,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: gpt-5.1-codex-mini GH_AW_PHASE: agent @@ -975,9 +975,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -1058,7 +1055,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/agent_usage.json @@ -1348,7 +1345,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: gpt-5.1-codex-mini GH_AW_PHASE: detection diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 5c06fcecd6..4c34dee5f0 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -824,7 +824,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: ${{ vars.GH_AW_MODEL_AGENT_CODEX || '' }} GH_AW_PHASE: agent @@ -903,9 +903,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -975,7 +972,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/agent_usage.json @@ -1264,7 +1261,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: ${{ vars.GH_AW_MODEL_DETECTION_CODEX || '' }} GH_AW_PHASE: detection diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 79e9241b9d..976d2831fc 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -800,7 +800,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: ${{ vars.GH_AW_MODEL_AGENT_CODEX || '' }} GH_AW_PHASE: agent @@ -878,9 +878,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -941,7 +938,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/agent_usage.json @@ -1223,7 +1220,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: ${{ vars.GH_AW_MODEL_DETECTION_CODEX || '' }} GH_AW_PHASE: detection diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 55db700054..00fa1978ab 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -819,7 +819,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: ${{ vars.GH_AW_MODEL_AGENT_CODEX || '' }} GH_AW_PHASE: agent @@ -898,9 +898,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -972,7 +969,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/proxy-logs/ @@ -1276,7 +1273,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: ${{ vars.GH_AW_MODEL_DETECTION_CODEX || '' }} GH_AW_PHASE: detection diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 577ce820ca..d652c14e0e 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -831,7 +831,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: ${{ vars.GH_AW_MODEL_AGENT_CODEX || '' }} GH_AW_PHASE: agent @@ -909,9 +909,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -972,7 +969,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/proxy-logs/ @@ -1257,7 +1254,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: ${{ vars.GH_AW_MODEL_DETECTION_CODEX || '' }} GH_AW_PHASE: detection diff --git a/.github/workflows/schema-feature-coverage.lock.yml b/.github/workflows/schema-feature-coverage.lock.yml index e95b40ac85..3554b5b1dc 100644 --- a/.github/workflows/schema-feature-coverage.lock.yml +++ b/.github/workflows/schema-feature-coverage.lock.yml @@ -720,7 +720,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: ${{ vars.GH_AW_MODEL_AGENT_CODEX || '' }} GH_AW_PHASE: agent @@ -798,9 +798,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -861,7 +858,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/agent_usage.json @@ -1144,7 +1141,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: ${{ vars.GH_AW_MODEL_DETECTION_CODEX || '' }} GH_AW_PHASE: detection diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 96b66daf2e..e748cb6f10 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -734,7 +734,7 @@ jobs: -- /bin/bash -c 'export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: gpt-5.1-codex-mini GH_AW_PHASE: agent @@ -813,9 +813,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -885,7 +882,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/agent_usage.json @@ -1180,7 +1177,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: gpt-5.1-codex-mini GH_AW_PHASE: detection diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index d6b79fdc80..aa3848635a 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1196,7 +1196,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec -c web_search="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_AGENT_CODEX: ${{ vars.GH_AW_MODEL_AGENT_CODEX || '' }} @@ -1277,9 +1277,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/collect_ndjson_output.cjs'); await main(); - - name: Clean up engine output files - run: | - rm -fr ${{ runner.temp }}/gh-aw/mcp-config/logs/ - name: Parse agent logs for step summary if: always() uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -1369,7 +1366,7 @@ jobs: name: agent path: | /tmp/gh-aw/aw-prompts/prompt.txt - ${{ runner.temp }}/gh-aw/mcp-config/logs/ + /tmp/gh-aw/mcp-config/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ /tmp/gh-aw/mcp-scripts/logs/ @@ -1675,7 +1672,7 @@ jobs: -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_DETECTION_CODEX:+-c model="$GH_AW_MODEL_DETECTION_CODEX" }exec -c web_search="disabled" -c fetch="disabled" --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' 2>&1 | tee -a /tmp/gh-aw/threat-detection/detection.log env: CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }} - CODEX_HOME: ${{ runner.temp }}/gh-aw/mcp-config + CODEX_HOME: /tmp/gh-aw/mcp-config GH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.toml GH_AW_MODEL_DETECTION_CODEX: ${{ vars.GH_AW_MODEL_DETECTION_CODEX || '' }} GH_AW_PHASE: detection