Add MCP Gateway v0.3.6 container pin to lock data and embedded pin maps#30408
Add MCP Gateway v0.3.6 container pin to lock data and embedded pin maps#30408
Conversation
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/10ef46e1-d17c-4c92-ac29-0598c7b0538e Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the MCP Gateway container pin data so the default gh-aw-mcpg:v0.3.6 tag has a known immutable digest in the repo’s canonical and embedded pin maps, and adds a regression test for lookup.
Changes:
- Added the
ghcr.io/github/gh-aw-mcpg:v0.3.6container digest to.github/aw/actions-lock.json. - Synced the same container pin into the embedded JSON copies used by the codebase.
- Added a focused test asserting
GetContainerPinreturns the expected v0.3.6 digest/reference, plus a changeset note.
Show a summary per file
| File | Description |
|---|---|
pkg/workflow/data/action_pins.json |
Syncs workflow-side embedded pin data with the new MCP Gateway digest. |
pkg/actionpins/data/action_pins.json |
Syncs the actionpins embedded container pin map with the new digest. |
pkg/actionpins/actionpins_internal_test.go |
Adds regression coverage for looking up the new MCP Gateway pin. |
.github/aw/actions-lock.json |
Adds the canonical lock entry for gh-aw-mcpg:v0.3.6. |
.changeset/patch-bump-mcpg-container-pin-v0-3-6.md |
Records the patch release note for the new container pin. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 5/5 changed files
- Comments generated: 1
| "ghcr.io/github/gh-aw-mcpg:v0.3.6": { | ||
| "image": "ghcr.io/github/gh-aw-mcpg:v0.3.6", | ||
| "digest": "sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c", | ||
| "pinned_image": "ghcr.io/github/gh-aw-mcpg:v0.3.6@sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c" |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
|
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Agent Container Tool Check
Result: 11/12 tools available Overall Status: FAIL —
|
🧪 Test Quality Sentinel ReportTest Quality Score: 92/100✅ Excellent test quality
Test Classification Details
Analysis
All assertions carry descriptive messages ✅. Build tag Minor note: The test has no error-path coverage (e.g., asserting that a non-existent version returns Language SupportTests analyzed:
Verdict
📖 Understanding Test ClassificationsDesign Tests (High Value) verify what the system does:
Implementation Tests (Low Value) verify how the system does it:
Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators. References: §25397979980
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Test Quality Sentinel: 92/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). The single new test TestGetContainerPin_MCPGatewayV036IsPinned enforces a concrete behavioral contract with proper build tags, descriptive assertion messages, and no mock libraries.
|
#30420: chore: update source reference in token optimizer workflows Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
|
Smoke Test Run 25397998493 — PARTIAL ✅/
Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information. Note 🔒 Integrity filter blocked 1 itemThe following item was blocked because it doesn't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | none
|
|
👋 Smoke test agent was here! Everything is running smoothly. This is your friendly neighborhood Copilot just dropping by to say the smoke tests are passing! 🚀✨ Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review — all systems nominal! This review was submitted as part of smoke test run 25397998493 to validate the PR review safe output pipeline.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
Note
🔒 Integrity filter blocked 1 item
The following item was blocked because it doesn't meet the GitHub integrity level.
- #30408
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | none💥 [THE END] — Illustrated by Smoke Claude · ● 364.6K
| const image = "ghcr.io/github/gh-aw-mcpg:v0.3.6" | ||
|
|
||
| pin, ok := GetContainerPin(image) | ||
| require.True(t, ok, "Expected embedded container pin for %s", image) |
There was a problem hiding this comment.
👍 Good use of require.True here — it short-circuits on failure and avoids a nil-pointer panic when pin is uninitialized. Consider also adding a t.Logf for the digest on success to aid future debugging.
| }, | ||
| "ghcr.io/github/gh-aw-mcpg:v0.3.6": { | ||
| "image": "ghcr.io/github/gh-aw-mcpg:v0.3.6", | ||
| "digest": "sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c", |
There was a problem hiding this comment.
📌 Digest entry looks correct. One nit: verify that this digest (sha256:2bb8eef8...) is the canonical immutable digest from the container registry, not a manifest list digest — the tests will catch a mismatch, but double-checking prevents latent issues if the registry reuses tags.
|
Smoke Test: Copilot - 25397998497 | PR: Add MCP Gateway v0.3.6 container pin
Overall: ✅ PASS | Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
This PR adds MCP Gateway v0.3.6 container pin data across action_pins.json files and includes a well-structured test. Changes are consistent and correct. No issues found.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · ● 1.6M
| "gh-aw": patch | ||
| --- | ||
|
|
||
| Add MCP Gateway `ghcr.io/github/gh-aw-mcpg:v0.3.6` container pin so default gateway workflows resolve to an immutable digest. |
There was a problem hiding this comment.
Changeset looks good. The patch bump is appropriate for a pin data update with no API changes.
| pin, ok := GetContainerPin(image) | ||
| require.True(t, ok, "Expected embedded container pin for %s", image) | ||
| assert.Equal(t, image, pin.Image, "Expected image name to match key") | ||
| assert.Equal(t, "sha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171c", pin.Digest, "Expected v0.3.6 digest to match") |
There was a problem hiding this comment.
Good test: verifies the digest and pinned image format for v0.3.6. Consider also testing that GetContainerPin returns ok=false for an unknown tag to ensure negative path coverage.
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
This updates gh-aw’s MCP Gateway pinning data to include
ghcr.io/github/gh-aw-mcpg:v0.3.6, matching the requested gateway bump and ensuring workflows can resolve the new default tag to an immutable digest.The change also aligns embedded pin copies and adds a focused assertion to prevent regressions in container-pin lookup.
Pinset update
ghcr.io/github/gh-aw-mcpg:v0.3.6with digestsha256:2bb8eef86006a4c5963c55616a9c51c32f27bfdecb023b8aa6f91f6718d9171cto.github/aw/actions-lock.json.Embedded pin data sync
pkg/actionpins/data/action_pins.jsonpkg/workflow/data/action_pins.jsonRegression coverage
TestGetContainerPin_MCPGatewayV036IsPinnedinpkg/actionpins/actionpins_internal_test.goto assert the v0.3.6 entry exists and matches the expected digest/pinned reference.Release note
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name .cfg(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw **/*.json --ignore-path ortcfg(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name on' --ignore-path ../../../.prettierignore(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name h ../../../.pret.prettierignore(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 4868535/b435/importcfg sv runs/20260505-18git k/gh-aw/gh-aw/pkrev-parse(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 node sv r/test-repo/actigit scripts/**/*.js /home/REDACTED/wor--show-toplevel git rev-�� --show-toplevel node /usr/bin/git --write ../../../**/*.jsapi /usr/bin/git git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv add myorg /usr/bin/git repo934790738/00gh git x_amd64/vet git rev-�� --git-dir x_amd64/vet /usr/bin/git rite '**/*.cjs' git --jq bin/sh /usr/bin/git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 1035290601 -buildtags e/git-receive-pack -errorsas util -nilfunc(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel gh /usr/bin/git list --json /usr/bin/gh git rev-�� --show-toplevel gh /usr/bin/git r-test1086189778git --jq ps git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/infocmp --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git infocmp -1 xterm-color git /usr/bin/gh --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/gh gh(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv 2458-13646/test-1035290601 --jq "warnings":[]}](http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --show-toplevel(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/agent-performance-analyzer.md l /usr/bin/git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv /repos/actions/setup-node/git/ref/tags/v4 --jq /usr/bin/git user.name Test User /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git user.email test@example.comrev-parse /usr/bin/git git(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv /repos/actions/setup-node/git/ref/tags/v4 --jq /usr/bin/git user.name Test User(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build1514868535/b395/importcfg -pack /tmp/go-build1514868535/b395/_testmain.go ode_��(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv 1096014595/001' 1096014595/001' es/.bin/node(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9.0.0/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv -c=4 -nolocalimports -importcfg /tmp/go-build1514868535/b398/importcfg -embedcfg /tmp/go-build1514868535/b398/embedcfg -pack ode_��(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build1514868535/b411/importcfg -pack /tmp/go-build1514868535/b411/_testmain.go(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu-tests /usr/bin/git 1035290601 /tmp/go-build151api sv git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git ithub/workflows '/tmp/TestParseDrev-parse r: $owner, name:--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv xterm-color node /usr/bin/git Onlymin-integritinfocmp on rkflow/js/**/*.jxterm-color git rev-�� --show-toplevel sh /usr/bin/git npx prettier --wgit git e/git git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv user.name Test User /usr/bin/git --get-regexp --global x_amd64/vet git conf�� user.email test@example.com /usr/bin/git y-test.md --local 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 --jq sv 377572340/.githugh -trimpath 4868535/b355/vet/repos/actions/github-script/git/ref/tags/v9 infocmp -1 xterm-color /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu/tmp/go-build1514868535/b460/_testmain.go /usr/bin/git -unreachable=falgit =develop /opt/hostedtoolc--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile bject.type] | @tsv 1984654/001 -trimpath /usr/bin/infocmp--show-toplevel git rev-�� /ref/tags/v9 infocmp sv xterm-color -goversion 0"}} gh(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv xterm-color -tests ache/node/24.14.1/x64/bin/node(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260505-182458-13646/test-792253240/.github/workflows(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv Mm0ui0x2Iv4Z-LYbBHBh/Mm0ui0x2Iv4Z-LYbBHBh -dwarf=false /opt/hostedtoolcache/node/24.14.1/x64/bin/node go1.25.8 -c=4 -nolocalimports /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� github.event.inputs.enforce_all || 'round-robin' /tmp/go-build1514868535/b460/_testmain.go /usr/bin/git .js' --ignore-pagit(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /home/REDACTED/work/gh-aw/gh-aw/pkg/timeutil/format.go /home/REDACTED/work/gh-aw/gh-aw/pkg/timeutil/format_test.go /usr/bin/docker */*.ts' '**/*.jsgit(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260505-182906-26739/test-1169922289/custom/workflows rev-parse me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } iant-4166241109 git /usr/bin/git git remo�� add origin /usr/bin/git on' --ignore-patgit gh nfig/composer/ve--show-toplevel git(http block)https://api.github.com/repos/aws-actions/configure-aws-credentials/git/ref/tags/v4/usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /tmp/TestHashStagit(http block)/usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel node /usr/bin/git ithub-script/gitgh(http block)/usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel node /usr/bin/git /home/REDACTED/worgit git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel l _id":200}] git(http block)https://api.github.com/repos/azure/login/git/ref/tags/v2/usr/bin/gh gh api /repos/azure/login/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel node /usr/bin/git /tmp/TestHashStagit -tests /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp /tmp/gh-aw-test-infocmp git /usr/bin/git infocmp(http block)/usr/bin/gh gh api /repos/azure/login/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel node /usr/bin/git /home/REDACTED/worgit git ps git rev-�� --show-toplevel ps /usr/bin/gh git eloper-action-ma-1 /usr/bin/git gh(http block)https://api.github.com/repos/docker/login-action/git/ref/tags/v3/usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel gh /usr/bin/git r-test1086189778git --jq ps git rev-�� --show-toplevel ps /usr/bin/git git -trimpath om/myorg/repo.gixterm-color git(http block)/usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel node /usr/bin/git /ref/tags/v9.0.0git git sv git rev-�� --show-toplevel git /usr/bin/infocmp user.email test@example.com-1 /usr/bin/git infocmp(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git es.test -trimpath 1/x64/bin/node git rev-�� --show-toplevel QYSQDdMsvnnTZDbyx2/zg1-jwF1IRoPasY5xy3c/9ezsDU_V--jq /usr/bin/git ithub/workflows/infocmp '/tmp/TestParseD-1 g_.a git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel sh /usr/bin/git /ref/tags/v9 git 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git || 'round-robin'infocmp infocmp e/git git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq /usr/bin/git Gitmain_branch39git Gitmain_branch39rev-parse x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git ions-build/main.git --local x_amd64/compile git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/link /usr/bin/infocmp ithub-script/gitgit git bject.type] | @t--show-toplevel infocmp -1 xterm-color git /usr/bin/git --show-toplevel infocmp /usr/bin/git git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq /usr/bin/infocmp(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv list --json /usr/bin/git --workflow nonexistent-workrev-parse nch,headSha,disp--show-toplevel git -C /tmp/shared-actions-test2855495093 config /usr/bin/git remote.origin.urgit ker/cli-plugins/rev-parse rgo/bin/bash git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-28(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-05(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-02-04(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name on ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /../../.prettiergh erignore(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 4868535/b017/vet.cfg .cfg(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name --jq 64/pkg/tool/linux_amd64/vet /ref/tags/v9 git sv 64/pkg/tool/linux_amd64/vet -c edOutput3882372640/001 git 1/x64/bin/node ithub-script/gitgit git bject.type] | @tuser.email node(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name on ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /../../.prettiergit erignore(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 on x_amd64/vet /../../.prettierinfocmp erignore --quiet x_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name --jq ode --show-toplevel git /usr/bin/git git tion�� y_with_repos_array_c848695155/001 on son ignore erignore(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1234567890/usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch,(http block)/usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch, 35210528/001' 35210528/001' sv --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh --show-toplevel gh /usr/bin/git gh(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name on 64/pkg/tool/linux_amd64/vet /../../.prettiergit erignore(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 on 64/pkg/tool/linux_amd64/link /../../.prettiergh erignore(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name LsRemoteWithRealGitbranch_with_hyphen1605442430/001' es/.bin/node /ref/tags/v9 --jq sv git tion�� y_with_repos_array_c848695155/001 on son ignore erignore bject.type] | @tuser.email sh(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name on 64/pkg/tool/linux_amd64/vet /../../.prettierinfocmp erignore(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 4868535/b016/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name --jq 64/pkg/tool/linux_amd64/vet /ref/tags/v9 r sv 64/pkg/tool/linux_amd64/vet -c git status --porcelain --ignore-submodules | hea-errorsas git ache/node/24.14.1/x64/bin/npx ithub-script/gitdocker git bject.type] | @ttest/concurrent-image:v1.0.0 node(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name .cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /../../.prettier/usr/bin/git erignore(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 stmain.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name git ache/node/24.14.1/x64/bin/bash --show-toplevel r(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name .cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /../../.prettier/usr/bin/git erignore(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 4868535/b018/vet.cfg x_amd64/compile(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name git 64/pkg/tool/linux_amd64/vet --show-toplevel git /usr/bin/git 64/pkg/tool/linu--json -c edOutput38823726--limit git 1/x64/bin/node /ref/tags/v9 git sv node(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name on ache/go/1.25.8/x64/pkg/tool/linu-nolocalimports /../../.prettiergit erignore(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 o ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name git 64/pkg/tool/linux_amd64/vet --show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path on' --ignore-path ../../../.prettierignore(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6(http block)https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md/tmp/go-build1514868535/b404/cli.test /tmp/go-build1514868535/b404/cli.test -test.testlogfile=/tmp/go-build1514868535/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true(http block)/tmp/go-build3252680897/b404/cli.test /tmp/go-build3252680897/b404/cli.test -test.testlogfile=/tmp/go-build3252680897/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true --show-toplevel git /usr/bin/infocmp"prettier" --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore git rev-�� ithub-script/git/ref/tags/v9 a bject.type] | @tsv /ref/tags/v9 git sv git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel /tmp/go-build1514868535/b460/tty.test(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv rity3624177113/001 4868535/b003/vet.cfg .cfg(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv on son 64/pkg/tool/linux_amd64/vet erignore git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv le-frontmatter.md gh(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv json' --ignore-p--thin git /usr/bin/git ithub-script/gitgit git bject.type] | @t/tmp/gh-aw-test-runs/20260505-182906-26739/test-2047223174/.github/workflows git phen�� th .prettierignore --log-level=error git ode_modules/.bin/node --show-toplevel git /usr/bin/git git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv json' --ignore-path ../../../.pr**/*.json gh(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv Gitmain_branch39-p Gitmain_branch39main x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv json' --ignore-p--exclude-hidden=receive --jq ndor/bin/sh xterm-color infocmp /usr/bin/git git rev-�� th .prettierignore --log-level=error git es/.bin/node /ref/tags/v9 infocmp sv git(http block)https://api.github.com/repos/google-github-actions/auth/git/ref/tags/v2/usr/bin/gh gh api /repos/google-github-actions/auth/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git /tmp/gh-aw-test-git rev-parse /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git /tmp/go-build151git -trimpath om/owner/repo.gi--show-toplevel git(http block)/usr/bin/gh gh api /repos/google-github-actions/auth/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel gh /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp --show-toplevel eloper-action-marev-parse mple.com/org/rep--show-toplevel infocmp(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv rity3624177113/001 4868535/b056/vet.cfg kflow.lock.yml(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv --exclude-standard on 1/x64/bin/node --show-toplevel erignore /usr/bin/git node t-ha�� ository }} format:cjs 1/x64/bin/node ithub-script/git/usr/bin/git Add new feature bject.type] | @t--get-regexp sh(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --glob !.git --with-filename /bin/sh -c ll-sweep (enforce_all)' /home/REDACTED/work/gh-aw/gh-aw/cmd e_modules/.bin/node /home/REDACTED/worgit git bject.type] | @t--show-toplevel node(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo cal/bin/git(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo _modules/.bin/sh(http block)/usr/bin/gh gh workflow list --repo owner/repo --json name,path,state /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --ignore-path ../../../.prettirev-parse(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name on' --ignore-path ../../../.prettierignore(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name h ../../../.pret.prettierignore --jq(http block)https://api.github.com/repos/test/repo/usr/bin/gh gh api /repos/test/repo --jq .default_branch ithub-script/git/ref/tags/v9 .cfg ache/node/24.14.1/x64/bin/node(http block)/usr/bin/gh gh api /repos/test/repo --jq .default_branch 2906-26739/test-3132678083/.github/workflows infocmp /usr/bin/gcc xterm-color git(http block)If you need me to access, download, or install something from one of these locations, you can either:
Changeset
✨ PR Review Safe Output Test - Run 25397998493
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.
Note
🔒 Integrity filter blocked 1 item
The following item was blocked because it doesn't meet the GitHub integrity level.
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".To allow these resources, lower
min-integrityin your GitHub frontmatter: