diff --git a/.changeset/patch-fix-template-injection.md b/.changeset/patch-fix-template-injection.md new file mode 100644 index 0000000000..b19ce23a9e --- /dev/null +++ b/.changeset/patch-fix-template-injection.md @@ -0,0 +1,12 @@ +--- +"gh-aw": patch +--- + +Fix template injection vulnerabilities in the workflow compiler by moving +user-controlled inputs into environment variables and securing MCP lockdown +handling. This change updates the way safe-inputs and MCP lockdown values are +passed to runtime steps (moved to `env:` blocks) and simplifies lockdown value +conversion. Affects several workflows and related MCP renderer/server code. + +Fixes: githubnext/gh-aw#9124 + diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 0e57a27cb6..efa2a96c53 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -446,6 +446,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | @@ -475,7 +476,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 196289367b..68adbb970a 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -344,6 +344,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -363,7 +364,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index ede3beed06..3513375017 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -352,6 +352,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -371,7 +372,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 20bfdf09dd..287855f78f 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -312,6 +312,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -331,7 +332,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=actions,repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 14939565ed..1275f4167c 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -410,6 +410,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -431,7 +432,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 126c11fd2c..49e1685d57 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -308,6 +308,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -325,7 +326,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 2c40c6b336..9a67ef7c48 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -330,6 +330,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -367,7 +368,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 742ac3a755..f6d2358d4f 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -330,6 +330,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -349,7 +350,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/campaign-generator.lock.yml b/.github/workflows/campaign-generator.lock.yml index f80d9dd570..498ba3c3be 100644 --- a/.github/workflows/campaign-generator.lock.yml +++ b/.github/workflows/campaign-generator.lock.yml @@ -362,6 +362,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -381,7 +382,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index be74b85319..7781ec955c 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -406,6 +406,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 3d9b41e63a..e1a60ad89e 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -377,6 +377,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -396,7 +397,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 5cd6156c17..d72f973914 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -394,6 +394,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -413,7 +414,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 3242e20af2..f0181ea31a 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -331,6 +331,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -350,7 +351,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 6cb1d6e399..ee2f37c64d 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -343,6 +343,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -360,7 +361,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index f609aa9525..f5b9d4aadd 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -462,6 +462,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -483,7 +484,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index 16609aef7a..c76915f9ab 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -310,6 +310,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -327,7 +328,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index ec06ea10ba..bf168b70a6 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -341,6 +341,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -358,7 +359,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 07395264fa..6ce222b33d 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -383,12 +383,14 @@ jobs: - name: Start Safe Inputs MCP HTTP Server id: safe-inputs-start env: + GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-config.outputs.safe_inputs_port }} + GH_AW_SAFE_INPUTS_API_KEY: ${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_DEBUG: 1 run: | - # Set environment variables for the server - export GH_AW_SAFE_INPUTS_PORT=${{ steps.safe-inputs-config.outputs.safe_inputs_port }} - export GH_AW_SAFE_INPUTS_API_KEY=${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} + # Environment variables are set above to prevent template injection + export GH_AW_SAFE_INPUTS_PORT + export GH_AW_SAFE_INPUTS_API_KEY bash /tmp/gh-aw/actions/start_safe_inputs_server.sh diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 5a69c57025..b7e7d06a6e 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -407,6 +407,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -426,7 +427,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 45713b80f4..bf4fdd4365 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -346,6 +346,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -365,7 +366,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index becc0de696..28153b35b7 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -397,6 +397,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -414,7 +415,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index 54195034b8..3c3011662e 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -379,6 +379,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -398,7 +399,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 36313502ee..74d4becae9 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -341,6 +341,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -360,7 +361,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=issues,pull_requests,repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index fc880f2e13..2763f87fba 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -280,6 +280,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -297,7 +298,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index b6901f6bb3..115e9323dc 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -379,6 +379,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -398,7 +399,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index b1848f7492..a501545577 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -385,6 +385,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -402,7 +403,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index 3aa263c39e..65e4afd7e9 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -405,6 +405,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -424,7 +425,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 0e2fe77564..744f099a1e 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -325,6 +325,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -342,7 +343,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index b63b32cc11..cb2a8a6254 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -279,6 +279,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 9eb712e6cd..8bd142b885 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -349,6 +349,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -368,7 +369,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 105f1de781..a8b3a024cb 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -408,6 +408,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | @@ -444,7 +445,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index bec6ee815f..16893c5cb1 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -448,6 +448,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 840a0ea493..e3d2978ba7 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -350,6 +350,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -369,7 +370,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=repos,code_security", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index b5d192d209..0f7a95fcd8 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -362,6 +362,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -379,7 +380,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index b8f46deb5e..c7f0f6b579 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -463,6 +463,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -482,7 +483,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 34a5a9a69a..f9046361bb 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -811,11 +811,13 @@ jobs: - name: Start Safe Inputs MCP HTTP Server id: safe-inputs-start env: + GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-config.outputs.safe_inputs_port }} + GH_AW_SAFE_INPUTS_API_KEY: ${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - # Set environment variables for the server - export GH_AW_SAFE_INPUTS_PORT=${{ steps.safe-inputs-config.outputs.safe_inputs_port }} - export GH_AW_SAFE_INPUTS_API_KEY=${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} + # Environment variables are set above to prevent template injection + export GH_AW_SAFE_INPUTS_PORT + export GH_AW_SAFE_INPUTS_API_KEY bash /tmp/gh-aw/actions/start_safe_inputs_server.sh @@ -828,6 +830,7 @@ jobs: GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-start.outputs.port }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 2d29eb58f3..7629e70aea 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -382,6 +382,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -401,7 +402,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,discussions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 92dd5e833c..e4ce050353 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -372,6 +372,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -391,7 +392,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,discussions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index fff3aad0a7..8b3244f0c5 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -343,6 +343,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -362,7 +363,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index efa0216514..1cdc74e3d0 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -319,6 +319,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -338,7 +339,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 1127e8a58c..0481431463 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -392,6 +392,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index e4c1a4953e..01ea98755e 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -371,6 +371,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -390,7 +391,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,dependabot", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 5e764b58e0..71e5aa5f7e 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -323,6 +323,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | @@ -359,7 +360,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=pull_requests,actions,repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index dd3e8f2d8d..3d1d55262b 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -293,6 +293,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -312,7 +313,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=issues", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 83c465431e..2517b27d9c 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -396,6 +396,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -413,7 +414,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index a4cb9c8bc9..f34523343e 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -322,6 +322,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -341,7 +342,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 5754cfdaec..21489e7dbf 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -341,6 +341,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -360,7 +361,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/docs-quality-maintenance-project67.campaign.lock.yml b/.github/workflows/docs-quality-maintenance-project67.campaign.lock.yml index 7889b63652..2208a28ea5 100644 --- a/.github/workflows/docs-quality-maintenance-project67.campaign.lock.yml +++ b/.github/workflows/docs-quality-maintenance-project67.campaign.lock.yml @@ -203,7 +203,7 @@ jobs: mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs cat > /tmp/gh-aw/safeoutputs/config.json << 'EOF' - {"add_comment":{"max":10},"create_issue":{"max":1},"create_project_status_update":{"max":1},"missing_tool":{},"noop":{"max":1},"update_project":{"max":15}} + {"add_comment":{"max":10},"copy_project":{"max":1},"create_issue":{"max":1},"create_project_status_update":{"max":1},"missing_tool":{},"noop":{"max":1},"update_project":{"max":15}} EOF cat > /tmp/gh-aw/safeoutputs/tools.json << 'EOF' [ @@ -407,6 +407,36 @@ jobs: "type": "object" }, "name": "update_project" + }, + { + "description": "Copy a GitHub Projects v2 board to create a new project with the same structure, fields, and views. Useful for duplicating project templates or migrating projects between organizations. By default, draft issues are not copied unless includeDraftIssues is set to true. If the workflow has configured default values for source-project or target-owner, those fields become optional in the tool call.", + "inputSchema": { + "additionalProperties": false, + "properties": { + "includeDraftIssues": { + "description": "Whether to copy draft issues from the source project. Default: false.", + "type": "boolean" + }, + "owner": { + "description": "Login name of the organization or user that will own the new project (e.g., 'myorg' or 'username'). The token must have access to this owner. Optional if target-owner is configured in the workflow frontmatter.", + "type": "string" + }, + "sourceProject": { + "description": "Full GitHub project URL of the source project to copy (e.g., 'https://github.com/orgs/myorg/projects/42' or 'https://github.com/users/username/projects/5'). Optional if source-project is configured in the workflow frontmatter.", + "pattern": "^https://github\\.com/(orgs|users)/[^/]+/projects/\\d+$", + "type": "string" + }, + "title": { + "description": "Title for the new project. Should be descriptive and unique within the owner's projects.", + "type": "string" + } + }, + "required": [ + "title" + ], + "type": "object" + }, + "name": "copy_project" } ] EOF @@ -573,6 +603,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -592,7 +623,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions,code_security", "ghcr.io/github/github-mcp-server:v0.27.0" @@ -1280,7 +1311,7 @@ jobs: To create or modify GitHub resources (issues, discussions, pull requests, etc.), you MUST call the appropriate safe output tool. Simply writing content will NOT work - the workflow requires actual tool calls. - **Available tools**: add_comment, create_issue, create_project_status_update, missing_tool, noop, update_project + **Available tools**: add_comment, copy_project, create_issue, create_project_status_update, missing_tool, noop, update_project **Critical**: Tool calls write structured data that downstream jobs process. Without tool calls, follow-up actions will be skipped. @@ -1885,4 +1916,18 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/tmp/gh-aw/actions/update_project.cjs'); await main(); + - name: Copy Project + id: copy_project + if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'copy_project')) + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_COPY_PROJECT_SOURCE: "https://github.com/orgs/githubnext/projects/74" + with: + github-token: ${{ secrets.GH_AW_PROJECT_GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/tmp/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/tmp/gh-aw/actions/copy_project.cjs'); + await main(); diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index f5b0443eac..e1d541194c 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -337,6 +337,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/example-custom-error-patterns.lock.yml b/.github/workflows/example-custom-error-patterns.lock.yml index fb8def67b3..486b540e78 100644 --- a/.github/workflows/example-custom-error-patterns.lock.yml +++ b/.github/workflows/example-custom-error-patterns.lock.yml @@ -151,6 +151,7 @@ jobs: run: bash /tmp/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.27.0 - name: Setup MCPs env: + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -170,7 +171,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index 4fa20f1177..1dc0099289 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -154,6 +154,7 @@ jobs: run: bash /tmp/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.27.0 - name: Setup MCPs env: + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -171,7 +172,7 @@ jobs: "-e", "GITHUB_PERSONAL_ACCESS_TOKEN", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index b6853624b8..c2b4795458 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -323,6 +323,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | @@ -348,7 +349,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/file-size-reduction-project71.campaign.lock.yml b/.github/workflows/file-size-reduction-project71.campaign.lock.yml index 1e44d25802..99ffbd6666 100644 --- a/.github/workflows/file-size-reduction-project71.campaign.lock.yml +++ b/.github/workflows/file-size-reduction-project71.campaign.lock.yml @@ -203,7 +203,7 @@ jobs: mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs cat > /tmp/gh-aw/safeoutputs/config.json << 'EOF' - {"add_comment":{"max":10},"copy_project":{"max":1},"create_issue":{"max":1},"create_project_status_update":{"max":1},"missing_tool":{"max":0},"noop":{"max":1},"update_project":{"max":10}} + {"add_comment":{"max":10},"copy_project":{"max":1},"create_issue":{"max":1},"create_project_status_update":{"max":1},"missing_tool":{},"noop":{"max":1},"update_project":{"max":10}} EOF cat > /tmp/gh-aw/safeoutputs/tools.json << 'EOF' [ @@ -603,6 +603,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -622,7 +623,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions,code_security", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 567e6a9a54..359c969860 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -178,6 +178,7 @@ jobs: run: bash /tmp/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.27.0 - name: Setup MCPs env: + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -197,7 +198,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index aac09025e4..1fdecff7ac 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -154,6 +154,7 @@ jobs: run: bash /tmp/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.27.0 - name: Setup MCPs env: + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -173,7 +174,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 19c855002c..4693729d6b 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -380,6 +380,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -397,7 +398,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=all", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 3d4ca4bffc..0148043e29 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -385,6 +385,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -396,7 +397,7 @@ jobs: "url": "https://api.githubcopilot.com/mcp/", "headers": { "Authorization": "Bearer $GITHUB_MCP_SERVER_TOKEN", - "X-MCP-Lockdown": "${{ steps.determine-automatic-lockdown.outputs.lockdown }}", + "X-MCP-Lockdown": "$([ "$GITHUB_MCP_LOCKDOWN" = "1" ] && echo true || echo false)", "X-MCP-Readonly": "true", "X-MCP-Toolsets": "all" } diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index c9b4853bc6..15dc34ad0d 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -348,6 +348,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -367,7 +368,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index 04647020cd..9544291726 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -332,6 +332,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -349,7 +350,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index d6ab91ad81..ffaa7a5dc7 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -341,6 +341,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -358,7 +359,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index 7fcf274cf3..0fc2f0aeaf 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -331,6 +331,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -358,7 +359,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 0d4026d7ef..77c94c17d6 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -415,6 +415,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -434,7 +435,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=pull_requests,repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index e14fb7ec1b..0f6f1ee8cf 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -349,6 +349,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -368,7 +369,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 12e276d8c8..03a2d14fb3 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -325,6 +325,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -342,7 +343,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 8bf8405304..effe11104a 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -429,6 +429,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/issue-classifier.lock.yml b/.github/workflows/issue-classifier.lock.yml index eba41e11ed..ec280ba5a1 100644 --- a/.github/workflows/issue-classifier.lock.yml +++ b/.github/workflows/issue-classifier.lock.yml @@ -304,6 +304,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -321,7 +322,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 2829493893..e913589e0a 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -341,6 +341,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -360,7 +361,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/issue-template-optimizer.lock.yml b/.github/workflows/issue-template-optimizer.lock.yml index c50ddb24cb..17735c63e1 100644 --- a/.github/workflows/issue-template-optimizer.lock.yml +++ b/.github/workflows/issue-template-optimizer.lock.yml @@ -331,6 +331,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -350,7 +351,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 881c8db728..f7a3bcc0ae 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -310,6 +310,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -329,7 +330,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=issues,labels", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 4211218499..6196b55caa 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -186,7 +186,7 @@ jobs: env: TOKEN_CHECK: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} if: env.TOKEN_CHECK != '' - uses: actions/github-script@v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const determineAutomaticLockdown = require('/tmp/gh-aw/actions/determine_automatic_lockdown.cjs'); @@ -349,6 +349,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -368,7 +369,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 34588d3789..35a914c451 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -321,6 +321,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -340,7 +341,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 1c95472654..4dbe78ea18 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -319,6 +319,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -336,7 +337,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 414260f0d0..f17823370d 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -405,6 +405,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -552,7 +553,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index f13640b97c..55c7f3804a 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -330,6 +330,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -349,7 +350,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=pull_requests,repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 792eb32b8e..08d0de0c41 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -183,6 +183,7 @@ jobs: gh aw --version - name: Setup MCPs env: + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | @@ -205,7 +206,7 @@ jobs: "url": "https://api.githubcopilot.com/mcp/", "headers": { "Authorization": "Bearer \${GITHUB_PERSONAL_ACCESS_TOKEN}", - "X-MCP-Lockdown": "${{ steps.determine-automatic-lockdown.outputs.lockdown }}", + "X-MCP-Lockdown": "$([ "$GITHUB_MCP_LOCKDOWN" = "1" ] && echo true || echo false)", "X-MCP-Readonly": "true", "X-MCP-Toolsets": "context,repos,issues,pull_requests" }, diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 3d1d7a7e83..876f78f0e8 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -280,6 +280,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -299,7 +300,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 13cf86c937..838741545f 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -366,6 +366,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -385,7 +386,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 2e287593d4..af0c989451 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -425,6 +425,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -444,7 +445,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,discussions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/playground-org-project-update-issue.lock.yml b/.github/workflows/playground-org-project-update-issue.lock.yml index 73d0e4e5aa..f540797da9 100644 --- a/.github/workflows/playground-org-project-update-issue.lock.yml +++ b/.github/workflows/playground-org-project-update-issue.lock.yml @@ -343,6 +343,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.TEST_ORG_PROJECT_WRITE }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -362,7 +363,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,projects", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/playground-snapshots-refresh.lock.yml b/.github/workflows/playground-snapshots-refresh.lock.yml index de350db269..6d13629ab2 100644 --- a/.github/workflows/playground-snapshots-refresh.lock.yml +++ b/.github/workflows/playground-snapshots-refresh.lock.yml @@ -334,6 +334,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -353,7 +354,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index aa64ced3ac..ca77037a58 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -879,6 +879,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -898,7 +899,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index 8bdc339128..aaece22fc8 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -408,6 +408,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -434,7 +435,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 61d09781ab..7aa3b50180 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -486,6 +486,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -505,7 +506,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=pull_requests,repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index c353dd6748..f39a707f6d 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -393,6 +393,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -414,7 +415,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=repos,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 98c12e77d7..16ed32dafc 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -393,6 +393,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | @@ -422,7 +423,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 2ea1437278..1b72957e4b 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -459,6 +459,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -485,7 +486,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions,discussions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 6b3f4d241e..633daf30d7 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -324,6 +324,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -343,7 +344,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index e53db641b2..64ab5efe98 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -313,6 +313,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -332,7 +333,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index d39282612d..38de9edb6e 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -339,6 +339,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -358,7 +359,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index e72e80604e..d4e7e97ba6 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -316,6 +316,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -335,7 +336,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index f0b7aad813..97e0524370 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -345,6 +345,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -366,7 +367,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 2f642121af..63f61751e8 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -321,6 +321,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -332,7 +333,7 @@ jobs: "url": "https://api.githubcopilot.com/mcp/", "headers": { "Authorization": "Bearer $GITHUB_MCP_SERVER_TOKEN", - "X-MCP-Lockdown": "${{ steps.determine-automatic-lockdown.outputs.lockdown }}", + "X-MCP-Lockdown": "$([ "$GITHUB_MCP_LOCKDOWN" = "1" ] && echo true || echo false)", "X-MCP-Readonly": "true", "X-MCP-Toolsets": "context,repos,issues,pull_requests,discussions" } diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index 00bfe38870..c53b7bbfff 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -389,6 +389,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -435,7 +436,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index d148159d6f..81770546bf 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -344,6 +344,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -363,7 +364,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=repos,search,code_security", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/security-fix-pr.lock.yml b/.github/workflows/security-fix-pr.lock.yml index 20e51e1696..d47af9d473 100644 --- a/.github/workflows/security-fix-pr.lock.yml +++ b/.github/workflows/security-fix-pr.lock.yml @@ -333,6 +333,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -350,7 +351,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,code_security,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index a8e216449c..37a754da51 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -367,6 +367,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -384,7 +385,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 690b71709f..14f4f9b313 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -348,6 +348,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -367,7 +368,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 7ab066f832..f8b06af3da 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -453,6 +453,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -470,7 +471,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=repos,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/smoke-codex-firewall.lock.yml b/.github/workflows/smoke-codex-firewall.lock.yml index 393fe0ce31..0dee6df452 100644 --- a/.github/workflows/smoke-codex-firewall.lock.yml +++ b/.github/workflows/smoke-codex-firewall.lock.yml @@ -454,6 +454,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index a6764969e6..e074b0bfb6 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -477,6 +477,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config diff --git a/.github/workflows/smoke-copilot-no-firewall.lock.yml b/.github/workflows/smoke-copilot-no-firewall.lock.yml index 05ae1e0eed..6b228d9f35 100644 --- a/.github/workflows/smoke-copilot-no-firewall.lock.yml +++ b/.github/workflows/smoke-copilot-no-firewall.lock.yml @@ -448,12 +448,14 @@ jobs: - name: Start Safe Inputs MCP HTTP Server id: safe-inputs-start env: + GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-config.outputs.safe_inputs_port }} + GH_AW_SAFE_INPUTS_API_KEY: ${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_DEBUG: 1 run: | - # Set environment variables for the server - export GH_AW_SAFE_INPUTS_PORT=${{ steps.safe-inputs-config.outputs.safe_inputs_port }} - export GH_AW_SAFE_INPUTS_API_KEY=${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} + # Environment variables are set above to prevent template injection + export GH_AW_SAFE_INPUTS_PORT + export GH_AW_SAFE_INPUTS_API_KEY bash /tmp/gh-aw/actions/start_safe_inputs_server.sh @@ -464,6 +466,7 @@ jobs: GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-start.outputs.port }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_DEBUG: 1 + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -483,7 +486,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" @@ -584,6 +587,7 @@ jobs: GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-start.outputs.port }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_DEBUG: 1 + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-gateway-logs diff --git a/.github/workflows/smoke-copilot-playwright.lock.yml b/.github/workflows/smoke-copilot-playwright.lock.yml index 9b52f6d1aa..ef5c1eb247 100644 --- a/.github/workflows/smoke-copilot-playwright.lock.yml +++ b/.github/workflows/smoke-copilot-playwright.lock.yml @@ -541,12 +541,14 @@ jobs: - name: Start Safe Inputs MCP HTTP Server id: safe-inputs-start env: + GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-config.outputs.safe_inputs_port }} + GH_AW_SAFE_INPUTS_API_KEY: ${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_DEBUG: 1 run: | - # Set environment variables for the server - export GH_AW_SAFE_INPUTS_PORT=${{ steps.safe-inputs-config.outputs.safe_inputs_port }} - export GH_AW_SAFE_INPUTS_API_KEY=${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} + # Environment variables are set above to prevent template injection + export GH_AW_SAFE_INPUTS_PORT + export GH_AW_SAFE_INPUTS_API_KEY bash /tmp/gh-aw/actions/start_safe_inputs_server.sh @@ -557,6 +559,7 @@ jobs: GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-start.outputs.port }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_DEBUG: 1 + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -576,7 +579,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/smoke-copilot-safe-inputs.lock.yml b/.github/workflows/smoke-copilot-safe-inputs.lock.yml index f876bc0e47..7f22c0a7ab 100644 --- a/.github/workflows/smoke-copilot-safe-inputs.lock.yml +++ b/.github/workflows/smoke-copilot-safe-inputs.lock.yml @@ -429,12 +429,14 @@ jobs: - name: Start Safe Inputs MCP HTTP Server id: safe-inputs-start env: + GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-config.outputs.safe_inputs_port }} + GH_AW_SAFE_INPUTS_API_KEY: ${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_DEBUG: 1 run: | - # Set environment variables for the server - export GH_AW_SAFE_INPUTS_PORT=${{ steps.safe-inputs-config.outputs.safe_inputs_port }} - export GH_AW_SAFE_INPUTS_API_KEY=${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }} + # Environment variables are set above to prevent template injection + export GH_AW_SAFE_INPUTS_PORT + export GH_AW_SAFE_INPUTS_API_KEY bash /tmp/gh-aw/actions/start_safe_inputs_server.sh diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index c05dc8f03d..69f6be2a1e 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -442,6 +442,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -461,7 +462,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/smoke-detector.lock.yml b/.github/workflows/smoke-detector.lock.yml index c8f835ba47..d859108144 100644 --- a/.github/workflows/smoke-detector.lock.yml +++ b/.github/workflows/smoke-detector.lock.yml @@ -438,6 +438,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -459,7 +460,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/smoke-srt-custom-config.lock.yml b/.github/workflows/smoke-srt-custom-config.lock.yml index ab624bce24..82fed68f28 100644 --- a/.github/workflows/smoke-srt-custom-config.lock.yml +++ b/.github/workflows/smoke-srt-custom-config.lock.yml @@ -162,6 +162,7 @@ jobs: run: bash /tmp/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.27.0 - name: Setup MCPs env: + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -181,7 +182,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/smoke-srt.lock.yml b/.github/workflows/smoke-srt.lock.yml index 1a5c50351d..0eb94ec2a8 100644 --- a/.github/workflows/smoke-srt.lock.yml +++ b/.github/workflows/smoke-srt.lock.yml @@ -270,6 +270,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -289,7 +290,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/spec-kit-execute.lock.yml b/.github/workflows/spec-kit-execute.lock.yml index 9e8d8332d6..d0657a09b4 100644 --- a/.github/workflows/spec-kit-execute.lock.yml +++ b/.github/workflows/spec-kit-execute.lock.yml @@ -336,6 +336,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -348,7 +349,7 @@ jobs: "url": "https://api.githubcopilot.com/mcp/", "headers": { "Authorization": "Bearer \${GITHUB_PERSONAL_ACCESS_TOKEN}", - "X-MCP-Lockdown": "${{ steps.determine-automatic-lockdown.outputs.lockdown }}", + "X-MCP-Lockdown": "$([ "$GITHUB_MCP_LOCKDOWN" = "1" ] && echo true || echo false)", "X-MCP-Readonly": "true", "X-MCP-Toolsets": "context,repos,issues,pull_requests" }, diff --git a/.github/workflows/spec-kit-executor.lock.yml b/.github/workflows/spec-kit-executor.lock.yml index c98b363fe6..35e503a590 100644 --- a/.github/workflows/spec-kit-executor.lock.yml +++ b/.github/workflows/spec-kit-executor.lock.yml @@ -339,6 +339,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -358,7 +359,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/speckit-dispatcher.lock.yml b/.github/workflows/speckit-dispatcher.lock.yml index ea92c16d1a..576b9e2d3f 100644 --- a/.github/workflows/speckit-dispatcher.lock.yml +++ b/.github/workflows/speckit-dispatcher.lock.yml @@ -493,6 +493,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -512,7 +513,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index fff683cb7e..c0d653c99c 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -344,6 +344,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -365,7 +366,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 6c0cb46ee3..b5e2f11a5a 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -350,6 +350,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -369,7 +370,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=issues", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 5d2a421da7..c859a0bd85 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -354,6 +354,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -373,7 +374,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 2c6e24a9c0..e89caffcdd 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -423,6 +423,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -442,7 +443,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 86d0da858f..dc472b160f 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -317,6 +317,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -336,7 +337,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=repos", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index e26b9b5936..d932dac96e 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -415,6 +415,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -434,7 +435,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 9cb3d8e592..624393da27 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -319,6 +319,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -336,7 +337,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index f7bcd283a7..990a72cb89 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -324,6 +324,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -343,7 +344,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 857c5a19ff..249e007e04 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -440,6 +440,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -457,7 +458,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 3d737dff76..46d5160bc3 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -344,6 +344,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -363,7 +364,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 02934df6c8..406f94885f 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -360,6 +360,7 @@ jobs: GH_AW_ASSETS_BRANCH: ${{ env.GH_AW_ASSETS_BRANCH }} GH_AW_ASSETS_MAX_SIZE_KB: ${{ env.GH_AW_ASSETS_MAX_SIZE_KB }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -379,7 +380,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=issues", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 038004386d..87ac43bbc2 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -385,6 +385,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -404,7 +405,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index cd3d4e1830..185ca693f4 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -438,6 +438,7 @@ jobs: - name: Setup MCPs env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} + GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | mkdir -p /tmp/gh-aw/mcp-config @@ -457,7 +458,7 @@ jobs: "-e", "GITHUB_READ_ONLY=1", "-e", - "GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}", + "GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN", "-e", "GITHUB_TOOLSETS=context,repos,issues,pull_requests,actions", "ghcr.io/github/github-mcp-server:v0.27.0" diff --git a/pkg/workflow/mcp_renderer.go b/pkg/workflow/mcp_renderer.go index 51fca136bc..5865d8366b 100644 --- a/pkg/workflow/mcp_renderer.go +++ b/pkg/workflow/mcp_renderer.go @@ -486,9 +486,11 @@ func RenderGitHubMCPDockerConfig(yaml *strings.Builder, options GitHubMCPDockerO } if options.LockdownFromStep { - // Use lockdown value from step output (determined based on repository visibility) + // Security: Use environment variable instead of template expression to prevent template injection + // The GITHUB_MCP_LOCKDOWN env var is set in Setup MCPs step from step output + // Value is already converted to "1" or "0" in the environment variable yaml.WriteString(" \"-e\",\n") - yaml.WriteString(" \"GITHUB_LOCKDOWN_MODE=${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}\",\n") + yaml.WriteString(" \"GITHUB_LOCKDOWN_MODE=$GITHUB_MCP_LOCKDOWN\",\n") } else if options.Lockdown { // Use explicit lockdown value from configuration yaml.WriteString(" \"-e\",\n") @@ -584,8 +586,9 @@ func RenderGitHubMCPRemoteConfig(yaml *strings.Builder, options GitHubMCPRemoteO // Add X-MCP-Lockdown header if lockdown mode is enabled if options.LockdownFromStep { - // Use lockdown value from step output (determined based on repository visibility) - headers["X-MCP-Lockdown"] = "${{ steps.determine-automatic-lockdown.outputs.lockdown }}" + // Security: Use environment variable instead of template expression to prevent template injection + // The GITHUB_MCP_LOCKDOWN env var contains "1" or "0", convert to "true" or "false" for header + headers["X-MCP-Lockdown"] = "$([ \"$GITHUB_MCP_LOCKDOWN\" = \"1\" ] && echo true || echo false)" } else if options.Lockdown { // Use explicit lockdown value from configuration headers["X-MCP-Lockdown"] = "true" diff --git a/pkg/workflow/mcp_servers.go b/pkg/workflow/mcp_servers.go index 032106e837..02983761d1 100644 --- a/pkg/workflow/mcp_servers.go +++ b/pkg/workflow/mcp_servers.go @@ -68,6 +68,13 @@ func collectMCPEnvironmentVariables(tools map[string]any, mcpTools []string, wor customGitHubToken := getGitHubToken(githubTool) effectiveToken := getEffectiveGitHubToken(customGitHubToken, workflowData.GitHubToken) envVars["GITHUB_MCP_SERVER_TOKEN"] = effectiveToken + + // Add lockdown value if it's determined from step output + // Security: Pass step output through environment variable to prevent template injection + // Convert "true"/"false" to "1"/"0" at the source to avoid shell conversion in templates + if !hasGitHubLockdownExplicitlySet(githubTool) { + envVars["GITHUB_MCP_LOCKDOWN"] = "${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }}" + } } // Check for safe-outputs env vars @@ -394,10 +401,14 @@ func (c *Compiler) generateMCPSetup(yaml *strings.Builder, tools map[string]any, yaml.WriteString(" - name: Start Safe Inputs MCP HTTP Server\n") yaml.WriteString(" id: safe-inputs-start\n") - // Add env block with tool-specific secrets so they're available to the Node.js MCP server process + // Add env block with step outputs and tool-specific secrets + // Security: Pass step outputs through environment variables to prevent template injection + yaml.WriteString(" env:\n") + yaml.WriteString(" GH_AW_SAFE_INPUTS_PORT: ${{ steps.safe-inputs-config.outputs.safe_inputs_port }}\n") + yaml.WriteString(" GH_AW_SAFE_INPUTS_API_KEY: ${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }}\n") + safeInputsSecrets := collectSafeInputsSecrets(workflowData.SafeInputs) if len(safeInputsSecrets) > 0 { - yaml.WriteString(" env:\n") // Sort env var names for consistent output envVarNames := make([]string, 0, len(safeInputsSecrets)) for envVarName := range safeInputsSecrets { @@ -412,9 +423,9 @@ func (c *Compiler) generateMCPSetup(yaml *strings.Builder, tools map[string]any, } yaml.WriteString(" run: |\n") - yaml.WriteString(" # Set environment variables for the server\n") - yaml.WriteString(" export GH_AW_SAFE_INPUTS_PORT=${{ steps.safe-inputs-config.outputs.safe_inputs_port }}\n") - yaml.WriteString(" export GH_AW_SAFE_INPUTS_API_KEY=${{ steps.safe-inputs-config.outputs.safe_inputs_api_key }}\n") + yaml.WriteString(" # Environment variables are set above to prevent template injection\n") + yaml.WriteString(" export GH_AW_SAFE_INPUTS_PORT\n") + yaml.WriteString(" export GH_AW_SAFE_INPUTS_API_KEY\n") yaml.WriteString(" \n") // Call the bundled shell script to start the server