Bundle shell scripts in setup action and call directly

[Copilot]

Bundle Shell Scripts in Setup Action

Completed:

• Analyze which shell scripts should be bundled (exclude ones with templating)
• Update buildSetupAction in actions_build_command.go to copy shell scripts to sh/ directory
• Update setup.sh to copy shell scripts with executable permissions (chmod +x)
• Verify shell scripts are bundled correctly (6 scripts)
• Update workflow compiler to call shell scripts directly instead of embedding them inline
• Verify shell scripts are called from /tmp/gh-aw/actions/ directory
• Update documentation
• Verify no templating in bundled scripts
• Merge main branch
• Recompile all workflows

Summary

Successfully updated the setup action to bundle shell scripts and modified the workflow compiler to call them directly instead of embedding them inline. Merged latest changes from main branch and recompiled all workflows.

Changes Made:

1. Added GetBundledShellScripts() function in pkg/workflow/sh.go

   • Returns shell scripts without GitHub Actions templating
   • Excludes checkout_pr.sh and print_safe_outputs_summary.sh (use templating)

2. Updated buildSetupAction() in pkg/cli/actions_build_command.go

   • Copies shell scripts to actions/setup/sh/ directory
   • Sets executable permissions (0755) on shell scripts
   • Logs each script being copied

3. Updated setup.sh script

   • Copies shell scripts from sh/ directory to destination
   • Sets chmod +x on all shell scripts
   • Includes shell scripts in file count output

4. Updated ActionsCleanCommand() in pkg/cli/actions_build_command.go

   • Cleans the sh/ directory for setup action

5. Updated workflow compiler to call scripts directly:

   • compiler_yaml_main_job.go: create_gh_aw_tmp_dir.sh
   • compiler_yaml.go: create_prompt_first.sh, print_prompt_summary.sh
   • mcp_servers.go: start_safe_inputs_server.sh
   • cache.go: create_cache_memory_dir.sh

6. Updated documentation

   • Updated actions/setup/README.md to document shell scripts
   • Lists all 6 bundled shell scripts with descriptions

7. Merged main branch

   • Integrated latest changes from main branch
   • Resolved merge conflicts in lock files

8. Recompiled workflows

   • Recompiled all 123 workflows with updated shell script calls
   • Generated fresh lock files with direct script invocations

Shell Scripts Bundled:

Included (no templating - safe to bundle):

• ✅ create_gh_aw_tmp_dir.sh - Creates temporary directory structure
• ✅ start_safe_inputs_server.sh - Starts safe-inputs HTTP server
• ✅ print_prompt_summary.sh - Prints prompt summary to logs
• ✅ generate_git_patch.sh - Generates git patches
• ✅ create_cache_memory_dir.sh - Creates cache-memory directory
• ✅ create_prompt_first.sh - Creates prompt directory

Excluded (uses GitHub Actions templating):

• ❌ checkout_pr.sh - uses ${{ github.event_name }}, ${{ github.event.issue.number }}
• ❌ print_safe_outputs_summary.sh - uses ${{ env.GH_AW_SAFE_OUTPUTS }}

Benefits:

1. Smaller workflow files: Shell scripts are no longer embedded inline
2. Easier maintenance: Scripts can be updated in one place
3. Better reusability: Scripts can be called from multiple jobs
4. Consistent execution: Same script logic for all workflows
5. Proper permissions: Scripts are executable (chmod +x)

Original prompt

Update actions/setup to bundle the .sh script, and also copy them to the destination (and setting the proper file chmod). Then call the scripts directly. Check that they do not use templating.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[pelikhan]

@copilot merge main, recompile

[Copilot]

@copilot merge main, recompile

Merged main branch and recompiled all workflows. Commit: 9f1a73e

[github-actions]

Smoke Test Results

✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20473336625.txt
✅ Bash Tool: Verified file content successfully
✅ Safe Input gh Tool: Executed gh pr list --state merged --limit 2

Status: PASS

Ahoy! This treasure was crafted by 🏴‍☠️ Smoke Copilot Safe Inputs fer issue #7446 🗺️

[github-actions]

OpenAI curl blocked: ✅
GitHub MCP latest merged PRs:

• Optimize maintenance workflow schedules and fix missing GitHub MCP configuration
• docs: clarify fine-grained PAT requirements for organization-owned Projects v2
  File write/read: ✅
  example.com blocked: ✅
  Network: SANDBOXED
  Overall: PASS

🔥 Firewall tested by Smoke Codex Firewall fer issue #7446 🗺️

[github-actions]

Smoke Test Results - Copilot Engine (No Firewall)

Last 2 Merged PRs:

• Optimize maintenance workflow schedules and fix missing GitHub MCP configuration #7448: Optimize maintenance workflow schedules and fix missing GitHub MCP configuration
• docs: clarify fine-grained PAT requirements for organization-owned Projects v2 #7449: docs: clarify fine-grained PAT requirements for organization-owned Projects v2

Test Results:

✅ GitHub MCP - Successfully retrieved last 2 merged PRs
✅ File Writing - Created /tmp/gh-aw/agent/smoke-test-copilot-20473336615.txt
✅ Bash Tool - Verified file creation with cat
✅ Playwright MCP - Navigated to github.com, title contains "GitHub"
❌ Safe Input gh Tool - Command safeinputs-gh not found

Overall Status: FAIL (1/5 tests failed)

Note: The safeinputs-gh tool appears to not be available in this environment.

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #7446 🗺️

[github-actions]

PRs: Optimize maintenance workflow schedules and fix missing GitHub MCP configuration; chore: clean up comment on github token in workflow
Tests: GitHub MCP ✅ | File write+cat ✅ | Playwright title ✅ | Cache memory ✅ | safeinputs-gh issues list ❌ (tool unavailable)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #7446 🗺️

[github-actions]

Smoke Test Results

• ❌ Playwright MCP - Inspector mode incompatible with automation
• ✅ Cache Memory - File created and verified at /tmp/gh-aw/cache-memory/smoke-test-20473336627.txt
• ✅ Safe Input GH - Confirmed gh CLI not authenticated (expected behavior)

Overall Status: PARTIAL FAIL

Note: Playwright test requires proper MCP client integration, not inspector mode.

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #7446 🗺️