Skip to content

Update gh-aw (upon mcp policy changes)#13526

Merged
JanKrivanek merged 2 commits into
mainfrom
dev/jankrivanek/update-gh-aw
Apr 13, 2026
Merged

Update gh-aw (upon mcp policy changes)#13526
JanKrivanek merged 2 commits into
mainfrom
dev/jankrivanek/update-gh-aw

Conversation

@JanKrivanek

Copy link
Copy Markdown
Member

Fixes #13519 #13521 #13524

Details: github/gh-aw#25656

Context

gh-aw needs to be updated upon recent copilot mcp policy changes (copilot cli is implicit server side dep)

@JanKrivanek JanKrivanek requested a review from a team as a code owner April 11, 2026 08:23
Copilot AI review requested due to automatic review settings April 11, 2026 08:23
@JanKrivanek JanKrivanek enabled auto-merge April 11, 2026 08:24

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s gh-aw compiled workflow lock files to align with recent GitHub Copilot MCP policy changes and newer gh-aw/AWF/Copilot CLI tooling, addressing the reported agent workflow failures.

Changes:

  • Bump gh-aw compiler references from v0.67.1 to v0.68.1 and refresh pinned action SHAs accordingly.
  • Update runtime components used by the workflows (AWF container images, MCP gateway image, and Copilot CLI version), and adjust how safe-outputs tooling is generated.
  • Add/propagate new activation outputs (e.g., stale lock-file failure) and minor hardening (quoted bash invocations, log file creation).
Show a summary per file
File Description
.github/workflows/review.agent.lock.yml Regenerated “/review” workflow lock with updated gh-aw/AWF/Copilot CLI + safe-outputs tooling generation changes.
.github/workflows/review-on-open.agent.lock.yml Regenerated “on open” workflow lock with the same toolchain/policy updates.
.github/workflows/close-stale-prs.agent.lock.yml Regenerated stale PR maintenance workflow lock with the same toolchain/policy updates.
.github/aw/actions-lock.json Updates the repo’s action pin mapping for gh-aw-related actions (notably actions/github-script@v9 and gh-aw-actions/[email protected]).

Copilot's findings

Comments suppressed due to low confidence (3)

.github/workflows/review.agent.lock.yml:1186

  • (umask 177 && touch …/detection.log) won’t tighten permissions if the file already exists. This workflow already creates detection.log earlier via a plain touch, so the log may still end up world-readable (0644). Consider creating the file the first time under the stricter umask (or explicitly chmod 600 before writing).
          set -o pipefail
          touch /tmp/gh-aw/agent-step-summary.md
          (umask 177 && touch /tmp/gh-aw/threat-detection/detection.log)
          # shellcheck disable=SC1003

.github/workflows/review-on-open.agent.lock.yml:1131

  • (umask 177 && touch …/detection.log) won’t change permissions if detection.log was already created earlier in the job (it is, via a plain touch). If the goal is to avoid world-readable logs, create the file initially under the stricter umask or add an explicit chmod 600 before writing.
          set -o pipefail
          touch /tmp/gh-aw/agent-step-summary.md
          (umask 177 && touch /tmp/gh-aw/threat-detection/detection.log)
          # shellcheck disable=SC1003

.github/workflows/close-stale-prs.agent.lock.yml:1077

  • (umask 177 && touch …/detection.log) won’t tighten permissions if detection.log already exists. Since this job already does a plain touch earlier, the file may still be created with default (potentially world-readable) perms. Create the file the first time under the stricter umask or explicitly chmod 600 before writing.
          set -o pipefail
          touch /tmp/gh-aw/agent-step-summary.md
          (umask 177 && touch /tmp/gh-aw/threat-detection/detection.log)
          # shellcheck disable=SC1003
  • Files reviewed: 4/4 changed files
  • Comments generated: 4

Comment thread .github/workflows/review.agent.lock.yml
Comment thread .github/workflows/review-on-open.agent.lock.yml
Comment thread .github/workflows/close-stale-prs.agent.lock.yml
Comment thread .github/aw/actions-lock.json Outdated

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Expert Review — PR #13526: Update gh-aw (upon mcp policy changes)

Verdict: ✅ LGTM — Clean infrastructure update with positive security improvements

This PR is a compiler-generated update of gh-aw (GitHub Agentic Workflows) infrastructure files. No MSBuild source code, tests, targets, or engine logic is changed. Of the 24 review dimensions, only Build Infrastructure (#19), Security (#24), Dependency Management (#23), and Scope (#20) are applicable.


Dimension 19: Build Infrastructure — ✅ Good

All version bumps are consistent across all three workflow files:

  • gh-aw-actions/setup: v0.67.1 → v0.68.1 (SHA-pinned)
  • actions/github-script: v8 → v9 (SHA-pinned)
  • AWF firewall images: 0.25.13 → 0.25.18
  • MCP gateway: v0.2.14 → v0.2.17
  • Copilot CLI: "latest""1.0.21" (explicit pinning — good)

The old github/gh-aw-actions/[email protected] entry was properly removed from actions-lock.json.

Dimension 24: Security — ✅ Improved

Positive changes:

  1. Shell quoting hardened — All RUNNER_TEMP usages in run: steps are now properly double-quoted, preventing word-splitting/globbing. This is a real security improvement.
  2. Explicit bash invocation — Steps previously running scripts directly now use bash "...", ensuring a known shell interpreter.
  3. Restrictive file permissions — New (umask 177 && touch ...) creates log files with owner-only read/write.
  4. Version pinning — Moving from "latest" to "1.0.21" for Copilot CLI eliminates supply-chain risk from floating versions.
  5. New actions: read permission — Minimal, read-only scope increase for lock file staleness checks. Appropriate and justified.

Observation (informational, not blocking):

  • Two distinct SHAs are used for actions/github-script@v9: 373c709c... (for determine-automatic-lockdown only, present in actions-lock.json) and 3a2844b7... (for all other steps, listed in gh-aw-manifest but not in actions-lock.json). This appears to be by design of the gh-aw compiler infrastructure.
  • Inside the bash -c '...' strings of the awf invocations, RUNNER_TEMP remains unquoted. This is technically safe since it is a GitHub-controlled path without spaces, and the expansion happens inside the container. However, it is inconsistent with the quoting discipline applied elsewhere. Since this is compiler-generated code, this is informational only.

Dimension 23: Dependency Management — ✅ Good

All dependencies are SHA-pinned. Version bumps are coordinated across all workflow files. No new external dependencies introduced.

Dimension 20: Scope — ✅ Clean

Pure infrastructure update. No MSBuild behavioral changes. Correctly references issues #13519, #13521, #13524. New stale_lock_file_failed output propagation is properly wired through activation → agent failure handling.

Other behavioral changes noted:

  • Safe outputs tools generation moved from shell cat/node to actions/github-script step (more robust)
  • New copilot_driver.cjs wrapper around Copilot CLI invocation (new in v0.68.1)
  • Reporting condition expanded: stale_lock_file_failed now also triggers the reporting job
  • Step name casing normalized (e.g., "Record Missing Tool" → "Record missing tool")

Dimensions N/A for this PR:

1–18, 21–22: No MSBuild C# code, targets, evaluation, API, or test changes.


Summary: This is a well-structured, compiler-generated infrastructure update with genuine security improvements (shell quoting, version pinning, file permissions). No concerns found. Ship it.

Generated by Expert Code Review (on open) for issue #13526 · ● 14.7M

@JanKrivanek JanKrivanek merged commit 9cee5f7 into main Apr 13, 2026
10 checks passed
@JanKrivanek JanKrivanek deleted the dev/jankrivanek/update-gh-aw branch April 13, 2026 08:14
github-actions Bot pushed a commit to IntelliTect/Multitool that referenced this pull request Jun 29, 2026
Updated [Microsoft.Build](https://github.com/dotnet/msbuild) from 18.6.3
to 18.7.1.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Build's
releases](https://github.com/dotnet/msbuild/releases)._

## 18.7.1

## What's Changed
* Fix TraceEngine file contention deadlock in multithreaded mode by
@​JanProvaznik in dotnet/msbuild#13446
* Remove duplicate test cases in MultithreadableTaskAnalyzer by
@​Youssef1313 in dotnet/msbuild#13483
* Ensure ThreadSafeTaskAnalyzer.Tests is considered as a unit test
project by @​Youssef1313 in dotnet/msbuild#13481
* Fix MSBuildTask0002 analyzer warnings in already-migrated tasks by
@​JanProvaznik in dotnet/msbuild#13466
* Fix race conditions in task host path resolution by @​AR-May in
dotnet/msbuild#13485
* Migrate ToolTask and Al task to TaskEnvironment API by @​OvesN in
dotnet/msbuild#13423
* Bump main to 18.7, add vs18.6 to merge flow by @​MichalPavlik in
dotnet/msbuild#13472
* Avoid allocations in GetHashCode implementations by @​DustinCampbell
in dotnet/msbuild#13475
* Add PATs rotation to agentic workflow(s) by @​JanKrivanek in
dotnet/msbuild#13496
* Fix ASP.NET WebSite projects to copy netstandard.dll facade when
required by @​JanProvaznik in
dotnet/msbuild#13058
* Migrate AspNetCompiler to TaskEnvironment API by @​OvesN in
dotnet/msbuild#13424
* Add review workflow by @​JanKrivanek in
dotnet/msbuild#13503
* Strengthen reviewer skill: add step-back analysis dimensions by
@​JanProvaznik in dotnet/msbuild#13504
* Add 'Request Speedometer Perf Run' to VS experimental insertion build
policies by @​Copilot in dotnet/msbuild#13505
* Remove duplicate @ prefix from issueAuthor in GitOps by @​akoeplinger
in dotnet/msbuild#13492
* Improve review aw by @​JanKrivanek in
dotnet/msbuild#13510
* Migrates unit tests to use RoslynCodeTaskFactory to enable running
tests under .NET Core by @​jankratochvilcz in
dotnet/msbuild#13500
* Fix cross-AppDomain TaskItem modifier cache regression by
@​DustinCampbell in dotnet/msbuild#13493
* Discourage review agent from approving PRs by @​JanKrivanek in
dotnet/msbuild#13512
* Stop trying to deploy ValueTuple by @​rainersigwald in
dotnet/msbuild#13507
* Ad-hoc re-sign bootstrap dotnet on macOS to prevent SIGKILL by
@​jankratochvilcz in dotnet/msbuild#13513
* RoslynCodeTaskFactory: Log MSB3753 when task class does not implement
ITask by @​jankratochvilcz in
dotnet/msbuild#13517
* Update gh-aw (upon mcp policy changes) by @​JanKrivanek in
dotnet/msbuild#13526
* Eliminate XmlChildNodes allocations in GetXmlNodeInnerContents by
@​nareshjo in dotnet/msbuild#13509
* Fix telemetry allocation regression: per-engine collector ownership by
@​JanProvaznik in dotnet/msbuild#13516
* Migrate to xunit.v3 by @​Youssef1313 in
dotnet/msbuild#13482
* Fix stray brace in HandleBuildCancel trace string causing MSB1025 by
@​Copilot in dotnet/msbuild#13535
* Bumping to 10.0.4 runtime packages by @​MichalPavlik in
dotnet/msbuild#13533
* Remove early return in GetCanonicalForm, always call System.IO.Path by
@​OvesN in dotnet/msbuild#13532
* Do not overwrite GetCopyToOutputDirectoryItemsDependsOn, just add new…
by @​snechaev in dotnet/msbuild#13474
* Migrate GetReferenceAssemblyPaths task to TaskEnvironment API by
@​OvesN in dotnet/msbuild#13495
* Stabilize ToolTaskThatTimeoutAndRetry test by @​rainersigwald in
dotnet/msbuild#13489
* [automated] Merge branch 'vs18.6' => 'main' by @​github-actions[bot]
in dotnet/msbuild#13506
* Add extra test assertions around tests by @​Youssef1313 in
dotnet/msbuild#13536
* Add static eval for repo skills/agents via skill-validator by
@​JanKrivanek in dotnet/msbuild#13537
* Migrate SGen task to Task environment API by @​OvesN in
dotnet/msbuild#13457
* Fix TerminalLogger assert failure for metaproj files and cached
project eval ID by @​OvesN in
dotnet/msbuild#13480
* Filter out approving review from pr-reviewer agent by @​JanKrivanek in
dotnet/msbuild#13553
* Use a unique task name per invocation to tabilize
RoslynCodeTaskFactory_ReuseCompilation test by @​huulinhnguyen-dev in
dotnet/msbuild#13551
* Brief doc on feedback/logging/data systems by @​rainersigwald in
dotnet/msbuild#13554
* Localized file check-in by OneLocBuild Task: Build definition ID 9434:
Build ID 13881982 by @​dotnet-bot in
dotnet/msbuild#13437
* Stage 3: Forward BuildProjectFile* callbacks from OOP TaskHost to
worker node by @​JanProvaznik in
dotnet/msbuild#13350
* Enable TaskHost Callbacks by default by @​JanProvaznik in
dotnet/msbuild#13579
* Remove unactionable info from reviewer agent by @​JanKrivanek in
dotnet/msbuild#13578
* Enlighten RequiresFramework35SP1Assembly task for multithreaded mode
by @​jankratochvilcz in dotnet/msbuild#13575
* Make SdkResolver-provided environment variables take precedence over
ambient environment by @​Copilot in
dotnet/msbuild#12655
* Add dotnet/skills marketplace and enable plugins by @​Evangelink in
dotnet/msbuild#13582
* The skills/agents check filters-in only touched files by @​JanKrivanek
in dotnet/msbuild#13586
* Fix skill-validation workflow failing when agents directory is deleted
by @​JeremyKuhne in dotnet/msbuild#13592
 ... (truncated)

Commits viewable in [compare
view](dotnet/msbuild@v18.6.3...v18.7.1).
</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This was referenced Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[aw] Expert Code Review (on open) failed

4 participants