Skip to content

Handle cache updates when detection is disabled and move artifact upload after agent execution#5798

Merged
pelikhan merged 3 commits intomainfrom
copilot/handle-cache-updates-detection-disabled
Dec 8, 2025
Merged

Handle cache updates when detection is disabled and move artifact upload after agent execution#5798
pelikhan merged 3 commits intomainfrom
copilot/handle-cache-updates-detection-disabled

Conversation

Copy link
Contributor

Copilot AI commented Dec 8, 2025
edited
Loading

When threat detection is disabled, cache-memory artifacts are unnecessary since actions/cache auto-saves via post-action. Artifacts are only needed for the threat detection flow where update_cache_memory job requires them after validation.

Additionally, when threat detection is enabled, the artifact upload now happens after agent execution steps to ensure the cache is uploaded after the agent has finished modifying it.

Changes

  • Modified artifact upload logic by splitting generateCacheMemorySteps() into two functions:

    • generateCacheMemorySteps(): Handles cache directory creation and restore (called early)
    • generateCacheMemoryArtifactUpload(): Handles artifact upload (called after agent execution)
    • Conditionally upload artifacts only when threatDetectionEnabled is true
    • Added if: always() to artifact upload when threat detection is enabled

  • Updated test expectations across cache-memory test files to reflect new behavior

  • Repositioned artifact upload to occur after agent execution steps (specifically after "Upload Agent Stdio")

Behavior

Threat detection disabled:

  • Uses actions/cache (auto-saves on post-action)
  • No artifact upload
  • No update_cache_memory job

Threat detection enabled:

  • Uses actions/cache/restore (restore-only) during setup
  • Uploads artifacts with if: always() after agent execution completes
  • Creates update_cache_memory job to save after detection succeeds
# Without threat detection
- name: Cache memory file share data
  uses: actions/cache@v4
# (no artifact upload step)

# With threat detection
# Early in job (setup phase):
- name: Restore cache memory file share data
  uses: actions/cache/restore@v4

# Later in job (after agent execution):
- name: Upload Agent Stdio
  uses: actions/upload-artifact@v5
- name: Upload cache-memory data as artifact
  uses: actions/upload-artifact@v5
  if: always()
Original prompt

This section details on the original issue you should resolve

<issue_title>[plan] Handle cache updates when detection is disabled</issue_title>
<issue_description>## Objective

Implement logic to update cache directly in the agentic job when detection is disabled in the workflow configuration.

Context

When a workflow has detection disabled, there's no detection job to conditionally update the cache. In this case, the agentic job should update cache directly.

Approach

  1. Check workflow configuration to determine if detection is enabled
  2. If detection is disabled:
    • Update cache directly at the end of agentic job
    • Skip artifact upload for memory (not needed without detection)
  3. If detection is enabled:

Files to Modify

  • Workflow compiler logic that generates job steps based on configuration
  • Cache handling code in agentic job implementation
  • Configuration parser that reads detection settings

Acceptance Criteria

  • When detection is disabled, cache is updated directly in agentic job
  • When detection is enabled, artifact approach is used
  • Configuration is checked correctly to determine behavior
  • Both paths are tested and working
  • No unnecessary artifacts created when detection is disabled
    Related to [plan] Update cache memory handling for detection workflow #5762

AI generated by Plan Command for #5760

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@pelikhan
Skip artifact upload when threat detection is disabled
5922f0f 
- Modified generateCacheMemorySteps to only upload artifacts when threat detection is enabled
- Added if: always() condition to artifact upload when threat detection is enabled
- Updated tests to reflect new behavior: no artifacts when detection disabled
- All cache-related tests now pass

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Implement cache update logic for disabled detection Skip cache-memory artifact upload when threat detection is disabled Dec 8, 2025
Copilot AI requested a review from pelikhan December 8, 2025 02:26
pelikhan
pelikhan reviewed Dec 8, 2025
View reviewed changes
.github/workflows/firewall-escape.lock.yml
Comment on lines -434 to -438
- name: Upload cache-memory data as artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
with:
name: cache-memory
path: /tmp/gh-aw/cache-memory
Copy link
Contributor

@pelikhan pelikhan Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot Upload cache-memory as artifact should be done after executing the agent steps

Copy link
Contributor Author

Copilot AI Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in ccf3443. The cache-memory artifact upload now happens after agent execution steps (specifically after "Upload Agent Stdio").

The implementation splits the cache setup into two phases:

  1. Cache restore/directory creation (early, before agent execution)
  2. Artifact upload (after agent execution completes)

This ensures artifacts are uploaded after the agent has finished modifying the cache.

@pelikhan
Move cache-memory artifact upload after agent execution
ccf3443 
- Split generateCacheMemorySteps into setup and artifact upload functions
- Cache restore/setup happens early (before agent execution)
- Artifact upload now happens after agent execution (after Upload Agent Stdio)
- This ensures artifacts are uploaded after the agent has finished modifying the cache

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title Skip cache-memory artifact upload when threat detection is disabled Handle cache updates when detection is disabled and move artifact upload after agent execution Dec 8, 2025
@pelikhan pelikhan marked this pull request as ready for review December 8, 2025 02:58
@pelikhan pelikhan merged commit b2fdf2e into main Dec 8, 2025
5 checks passed
@pelikhan pelikhan deleted the copilot/handle-cache-updates-detection-disabled branch December 8, 2025 02:58
@github-actions github-actions bot mentioned this pull request Dec 8, 2025
Merged
@github-actions github-actions bot mentioned this pull request Dec 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan pelikhan left review comments

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[plan] Handle cache updates when detection is disabled

2 participants

@pelikhan