Update gh-aw (upon mcp policy changes)#13526
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the repository’s gh-aw compiled workflow lock files to align with recent GitHub Copilot MCP policy changes and newer gh-aw/AWF/Copilot CLI tooling, addressing the reported agent workflow failures.
Changes:
- Bump gh-aw compiler references from v0.67.1 to v0.68.1 and refresh pinned action SHAs accordingly.
- Update runtime components used by the workflows (AWF container images, MCP gateway image, and Copilot CLI version), and adjust how safe-outputs tooling is generated.
- Add/propagate new activation outputs (e.g., stale lock-file failure) and minor hardening (quoted bash invocations, log file creation).
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/review.agent.lock.yml | Regenerated “/review” workflow lock with updated gh-aw/AWF/Copilot CLI + safe-outputs tooling generation changes. |
| .github/workflows/review-on-open.agent.lock.yml | Regenerated “on open” workflow lock with the same toolchain/policy updates. |
| .github/workflows/close-stale-prs.agent.lock.yml | Regenerated stale PR maintenance workflow lock with the same toolchain/policy updates. |
| .github/aw/actions-lock.json | Updates the repo’s action pin mapping for gh-aw-related actions (notably actions/github-script@v9 and gh-aw-actions/[email protected]). |
Copilot's findings
Comments suppressed due to low confidence (3)
.github/workflows/review.agent.lock.yml:1186
(umask 177 && touch …/detection.log)won’t tighten permissions if the file already exists. This workflow already createsdetection.logearlier via a plaintouch, so the log may still end up world-readable (0644). Consider creating the file the first time under the stricter umask (or explicitlychmod 600before writing).
set -o pipefail
touch /tmp/gh-aw/agent-step-summary.md
(umask 177 && touch /tmp/gh-aw/threat-detection/detection.log)
# shellcheck disable=SC1003
.github/workflows/review-on-open.agent.lock.yml:1131
(umask 177 && touch …/detection.log)won’t change permissions ifdetection.logwas already created earlier in the job (it is, via a plaintouch). If the goal is to avoid world-readable logs, create the file initially under the stricter umask or add an explicitchmod 600before writing.
set -o pipefail
touch /tmp/gh-aw/agent-step-summary.md
(umask 177 && touch /tmp/gh-aw/threat-detection/detection.log)
# shellcheck disable=SC1003
.github/workflows/close-stale-prs.agent.lock.yml:1077
(umask 177 && touch …/detection.log)won’t tighten permissions ifdetection.logalready exists. Since this job already does a plaintouchearlier, the file may still be created with default (potentially world-readable) perms. Create the file the first time under the stricter umask or explicitlychmod 600before writing.
set -o pipefail
touch /tmp/gh-aw/agent-step-summary.md
(umask 177 && touch /tmp/gh-aw/threat-detection/detection.log)
# shellcheck disable=SC1003
- Files reviewed: 4/4 changed files
- Comments generated: 4
There was a problem hiding this comment.
Expert Review — PR #13526: Update gh-aw (upon mcp policy changes)
Verdict: ✅ LGTM — Clean infrastructure update with positive security improvements
This PR is a compiler-generated update of gh-aw (GitHub Agentic Workflows) infrastructure files. No MSBuild source code, tests, targets, or engine logic is changed. Of the 24 review dimensions, only Build Infrastructure (#19), Security (#24), Dependency Management (#23), and Scope (#20) are applicable.
Dimension 19: Build Infrastructure — ✅ Good
All version bumps are consistent across all three workflow files:
gh-aw-actions/setup: v0.67.1 → v0.68.1 (SHA-pinned)actions/github-script: v8 → v9 (SHA-pinned)- AWF firewall images: 0.25.13 → 0.25.18
- MCP gateway: v0.2.14 → v0.2.17
- Copilot CLI:
"latest"→"1.0.21"(explicit pinning — good)
The old github/gh-aw-actions/[email protected] entry was properly removed from actions-lock.json.
Dimension 24: Security — ✅ Improved
Positive changes:
- Shell quoting hardened — All
RUNNER_TEMPusages inrun:steps are now properly double-quoted, preventing word-splitting/globbing. This is a real security improvement. - Explicit
bashinvocation — Steps previously running scripts directly now usebash "...", ensuring a known shell interpreter. - Restrictive file permissions — New
(umask 177 && touch ...)creates log files with owner-only read/write. - Version pinning — Moving from
"latest"to"1.0.21"for Copilot CLI eliminates supply-chain risk from floating versions. - New
actions: readpermission — Minimal, read-only scope increase for lock file staleness checks. Appropriate and justified.
Observation (informational, not blocking):
- Two distinct SHAs are used for
actions/github-script@v9:373c709c...(fordetermine-automatic-lockdownonly, present inactions-lock.json) and3a2844b7...(for all other steps, listed in gh-aw-manifest but not inactions-lock.json). This appears to be by design of the gh-aw compiler infrastructure. - Inside the
bash -c '...'strings of the awf invocations,RUNNER_TEMPremains unquoted. This is technically safe since it is a GitHub-controlled path without spaces, and the expansion happens inside the container. However, it is inconsistent with the quoting discipline applied elsewhere. Since this is compiler-generated code, this is informational only.
Dimension 23: Dependency Management — ✅ Good
All dependencies are SHA-pinned. Version bumps are coordinated across all workflow files. No new external dependencies introduced.
Dimension 20: Scope — ✅ Clean
Pure infrastructure update. No MSBuild behavioral changes. Correctly references issues #13519, #13521, #13524. New stale_lock_file_failed output propagation is properly wired through activation → agent failure handling.
Other behavioral changes noted:
- Safe outputs tools generation moved from shell
cat/nodetoactions/github-scriptstep (more robust) - New
copilot_driver.cjswrapper around Copilot CLI invocation (new in v0.68.1) - Reporting condition expanded:
stale_lock_file_failednow also triggers the reporting job - Step name casing normalized (e.g., "Record Missing Tool" → "Record missing tool")
Dimensions N/A for this PR:
1–18, 21–22: No MSBuild C# code, targets, evaluation, API, or test changes.
Summary: This is a well-structured, compiler-generated infrastructure update with genuine security improvements (shell quoting, version pinning, file permissions). No concerns found. Ship it.
Generated by Expert Code Review (on open) for issue #13526 · ● 14.7M
Updated [Microsoft.Build](https://github.com/dotnet/msbuild) from 18.6.3 to 18.7.1. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Build's releases](https://github.com/dotnet/msbuild/releases)._ ## 18.7.1 ## What's Changed * Fix TraceEngine file contention deadlock in multithreaded mode by @JanProvaznik in dotnet/msbuild#13446 * Remove duplicate test cases in MultithreadableTaskAnalyzer by @Youssef1313 in dotnet/msbuild#13483 * Ensure ThreadSafeTaskAnalyzer.Tests is considered as a unit test project by @Youssef1313 in dotnet/msbuild#13481 * Fix MSBuildTask0002 analyzer warnings in already-migrated tasks by @JanProvaznik in dotnet/msbuild#13466 * Fix race conditions in task host path resolution by @AR-May in dotnet/msbuild#13485 * Migrate ToolTask and Al task to TaskEnvironment API by @OvesN in dotnet/msbuild#13423 * Bump main to 18.7, add vs18.6 to merge flow by @MichalPavlik in dotnet/msbuild#13472 * Avoid allocations in GetHashCode implementations by @DustinCampbell in dotnet/msbuild#13475 * Add PATs rotation to agentic workflow(s) by @JanKrivanek in dotnet/msbuild#13496 * Fix ASP.NET WebSite projects to copy netstandard.dll facade when required by @JanProvaznik in dotnet/msbuild#13058 * Migrate AspNetCompiler to TaskEnvironment API by @OvesN in dotnet/msbuild#13424 * Add review workflow by @JanKrivanek in dotnet/msbuild#13503 * Strengthen reviewer skill: add step-back analysis dimensions by @JanProvaznik in dotnet/msbuild#13504 * Add 'Request Speedometer Perf Run' to VS experimental insertion build policies by @Copilot in dotnet/msbuild#13505 * Remove duplicate @ prefix from issueAuthor in GitOps by @akoeplinger in dotnet/msbuild#13492 * Improve review aw by @JanKrivanek in dotnet/msbuild#13510 * Migrates unit tests to use RoslynCodeTaskFactory to enable running tests under .NET Core by @jankratochvilcz in dotnet/msbuild#13500 * Fix cross-AppDomain TaskItem modifier cache regression by @DustinCampbell in dotnet/msbuild#13493 * Discourage review agent from approving PRs by @JanKrivanek in dotnet/msbuild#13512 * Stop trying to deploy ValueTuple by @rainersigwald in dotnet/msbuild#13507 * Ad-hoc re-sign bootstrap dotnet on macOS to prevent SIGKILL by @jankratochvilcz in dotnet/msbuild#13513 * RoslynCodeTaskFactory: Log MSB3753 when task class does not implement ITask by @jankratochvilcz in dotnet/msbuild#13517 * Update gh-aw (upon mcp policy changes) by @JanKrivanek in dotnet/msbuild#13526 * Eliminate XmlChildNodes allocations in GetXmlNodeInnerContents by @nareshjo in dotnet/msbuild#13509 * Fix telemetry allocation regression: per-engine collector ownership by @JanProvaznik in dotnet/msbuild#13516 * Migrate to xunit.v3 by @Youssef1313 in dotnet/msbuild#13482 * Fix stray brace in HandleBuildCancel trace string causing MSB1025 by @Copilot in dotnet/msbuild#13535 * Bumping to 10.0.4 runtime packages by @MichalPavlik in dotnet/msbuild#13533 * Remove early return in GetCanonicalForm, always call System.IO.Path by @OvesN in dotnet/msbuild#13532 * Do not overwrite GetCopyToOutputDirectoryItemsDependsOn, just add new… by @snechaev in dotnet/msbuild#13474 * Migrate GetReferenceAssemblyPaths task to TaskEnvironment API by @OvesN in dotnet/msbuild#13495 * Stabilize ToolTaskThatTimeoutAndRetry test by @rainersigwald in dotnet/msbuild#13489 * [automated] Merge branch 'vs18.6' => 'main' by @github-actions[bot] in dotnet/msbuild#13506 * Add extra test assertions around tests by @Youssef1313 in dotnet/msbuild#13536 * Add static eval for repo skills/agents via skill-validator by @JanKrivanek in dotnet/msbuild#13537 * Migrate SGen task to Task environment API by @OvesN in dotnet/msbuild#13457 * Fix TerminalLogger assert failure for metaproj files and cached project eval ID by @OvesN in dotnet/msbuild#13480 * Filter out approving review from pr-reviewer agent by @JanKrivanek in dotnet/msbuild#13553 * Use a unique task name per invocation to tabilize RoslynCodeTaskFactory_ReuseCompilation test by @huulinhnguyen-dev in dotnet/msbuild#13551 * Brief doc on feedback/logging/data systems by @rainersigwald in dotnet/msbuild#13554 * Localized file check-in by OneLocBuild Task: Build definition ID 9434: Build ID 13881982 by @dotnet-bot in dotnet/msbuild#13437 * Stage 3: Forward BuildProjectFile* callbacks from OOP TaskHost to worker node by @JanProvaznik in dotnet/msbuild#13350 * Enable TaskHost Callbacks by default by @JanProvaznik in dotnet/msbuild#13579 * Remove unactionable info from reviewer agent by @JanKrivanek in dotnet/msbuild#13578 * Enlighten RequiresFramework35SP1Assembly task for multithreaded mode by @jankratochvilcz in dotnet/msbuild#13575 * Make SdkResolver-provided environment variables take precedence over ambient environment by @Copilot in dotnet/msbuild#12655 * Add dotnet/skills marketplace and enable plugins by @Evangelink in dotnet/msbuild#13582 * The skills/agents check filters-in only touched files by @JanKrivanek in dotnet/msbuild#13586 * Fix skill-validation workflow failing when agents directory is deleted by @JeremyKuhne in dotnet/msbuild#13592 ... (truncated) Commits viewable in [compare view](dotnet/msbuild@v18.6.3...v18.7.1). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fixes #13519 #13521 #13524
Details: github/gh-aw#25656
Context
gh-aw needs to be updated upon recent copilot mcp policy changes (copilot cli is implicit server side dep)