chore: bump shared/apm.md to microsoft/apm-action@v1.4.2#904
Merged
danielmeppiel merged 1 commit intomainfrom Apr 24, 2026
Merged
chore: bump shared/apm.md to microsoft/apm-action@v1.4.2#904danielmeppiel merged 1 commit intomainfrom
danielmeppiel merged 1 commit intomainfrom
Conversation
v1.4.2 fixes the restore-mode workspace pollution that caused #901 and the CI failure surfaced in #889. With v1.4.2, restore mode installs APM and uses 'apm unpack' to extract bundles, writing only files declared in the lockfile's deployed_files instead of overwriting tracked apm.lock.yaml / apm.yml / apm_modules in the caller's git workspace. - shared/apm.md: bump both pack + restore steps to @v1.4.2 - pr-review-panel.lock.yml: regenerated via 'gh aw compile' (SHA pin updated) - actions-lock.json: SHA pin updated Closes #902. Upstream: microsoft/apm-action#27, release v1.4.2. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Bumps the pinned microsoft/apm-action version used by the shared agentic-workflow template to pick up the v1.4.2 restore-mode fix (clean workspace / avoid overwriting tracked files), and regenerates the dependent gh-aw lock artifacts.
Changes:
- Update
.github/workflows/shared/apm.mdto usemicrosoft/apm-action@v1.4.2for both pack and restore steps. - Regenerate
.github/workflows/pr-review-panel.lock.ymlto reflect the new pinned action SHA/version. - Update
.github/aw/actions-lock.jsonto pinmicrosoft/apm-action@v1.4.2to the new SHA.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/shared/apm.md | Bumps microsoft/apm-action from v1.4.1 to v1.4.2 in pack + restore. |
| .github/workflows/pr-review-panel.lock.yml | Updates the compiled workflow lock to the new microsoft/apm-action SHA/version. |
| .github/aw/actions-lock.json | Updates the action lock entry for microsoft/apm-action@v1.4.2 and its SHA. |
Copilot's findings
- Files reviewed: 3/3 changed files
- Comments generated: 0
This was referenced Apr 25, 2026
Merged
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps
microsoft/apm-actionfromv1.4.1tov1.4.2in our shared agentic-workflowshared/apm.md.v1.4.2 fixes the restore-mode workspace pollution that caused #901 and the CI failure surfaced in #889. With v1.4.2, restore mode installs APM and uses
apm unpackto extract bundles, writing only files declared in the lockfile'sdeployed_filesinstead of overwriting trackedapm.lock.yaml/apm.yml/apm_modulesin the caller's git workspace.Closes #902.
Changes
.github/workflows/shared/apm.md— bump both pack and restore steps to@v1.4.2(lines 49 and 77)..github/workflows/pr-review-panel.lock.yml— regenerated viagh aw compile(SHA pin updated to9fe9337…)..github/aw/actions-lock.json— SHA pin updated.No other workflow files needed regeneration; only
pr-review-panelconsumesshared/apm.md.Verification
gh aw compileran cleanly (4 workflows, 0 errors).cli-consistency-checker,daily-doc-updater,daily-test-improver,agentics-maintenance) was reverted to keep this PR minimal.test-restore-clean-workspacereproducing the feat(audit): close audit-blindness gap for local .apm/ content (#887) #889 scenario end-to-end).Why pin a patch version, not
@v1Supply-chain hygiene: immutable patch pins survive a tag rewrite. The
v1floating tag has already been retagged tov1.4.2, so consumers pinned to@v1are also on the fix.