From ee1401f83144c42bdbcb7228c7c100ba4f98492a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 2 Apr 2026 22:12:31 +0000
Subject: [PATCH 1/2] Initial plan
From b5fd3a220cf2f5398b89034bf391951b66a8621d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 2 Apr 2026 22:27:06 +0000
Subject: [PATCH 2/2] chore: Update GitHub Actions versions - 2026-04-02
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- docker/login-action v4 → v4.1.0 in release.md
- actions/upload-artifact v4 → v7 in shared/apm.md
- actions/download-artifact v4 → v8.0.1 in shared/apm.md
- github/stale-repos v9.0.6 → v9.0.7 in stale-repo-identifier.md
- super-linter/super-linter v8.5.0 → v8.6.0 in super-linter.md
- Updated actions-lock.json with new SHA pins
- Recompiled workflow lock files
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/ebf63748-376e-4936-904d-1d58547d242b
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
.github/aw/actions-lock.json | 17 +++++++++-
.github/workflows/release.lock.yml | 32 +++++++++----------
.github/workflows/release.md | 2 +-
.github/workflows/shared/apm.md | 4 +--
.github/workflows/smoke-claude.lock.yml | 4 +--
.../workflows/stale-repo-identifier.lock.yml | 32 +++++++++----------
.github/workflows/stale-repo-identifier.md | 2 +-
.github/workflows/super-linter.lock.yml | 32 +++++++++----------
.github/workflows/super-linter.md | 6 ++--
pkg/workflow/data/action_pins.json | 17 +++++++++-
10 files changed, 89 insertions(+), 59 deletions(-)
diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json
index a4d78b7fdc6..2d1437ab728 100644
--- a/.github/aw/actions-lock.json
+++ b/.github/aw/actions-lock.json
@@ -136,7 +136,12 @@
"docker/login-action@v4": {
"repo": "docker/login-action",
"version": "v4",
- "sha": "b45d80f862d83dbcd57f89517bcf500b2ab88fb2"
+ "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121"
+ },
+ "docker/login-action@v4.1.0": {
+ "repo": "docker/login-action",
+ "version": "v4.1.0",
+ "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121"
},
"docker/metadata-action@v6": {
"repo": "docker/metadata-action",
@@ -168,6 +173,11 @@
"version": "v9.0.6",
"sha": "7683f9d6900857a9e6dad8a3277a33bcc0b51d44"
},
+ "github/stale-repos@v9.0.7": {
+ "repo": "github/stale-repos",
+ "version": "v9.0.7",
+ "sha": "25946246f29e8692a397502045e457c4dc96c6e4"
+ },
"haskell-actions/setup@v2.10.3": {
"repo": "haskell-actions/setup",
"version": "v2.10.3",
@@ -192,6 +202,11 @@
"repo": "super-linter/super-linter",
"version": "v8.5.0",
"sha": "61abc07d755095a68f4987d1c2c3d1d64408f1f9"
+ },
+ "super-linter/super-linter@v8.6.0": {
+ "repo": "super-linter/super-linter",
+ "version": "v8.6.0",
+ "sha": "9e863354e3ff62e0727d37183162c4a88873df41"
}
}
}
diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml
index aa3a26e5483..ea15c431c9e 100644
--- a/.github/workflows/release.lock.yml
+++ b/.github/workflows/release.lock.yml
@@ -26,7 +26,7 @@
# Imports:
# - shared/community-attribution.md
#
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"128dc3cf2dcc46fc99c649a218664042fa068fc3aaf79bde247c915caa21d4dd","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8320cf3937aa521ad81e03ae14a98a09e0bce08e0f87cd11a904d2226bd7c649","strict":true,"agent_id":"copilot"}
name: "Release"
"on":
@@ -148,14 +148,14 @@ jobs:
run: |
bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh
{
- cat << 'GH_AW_PROMPT_c788804fc69d8ab9_EOF'
+ cat << 'GH_AW_PROMPT_0ea4ee22b5eb16b8_EOF'
- GH_AW_PROMPT_c788804fc69d8ab9_EOF
+ GH_AW_PROMPT_0ea4ee22b5eb16b8_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_c788804fc69d8ab9_EOF'
+ cat << 'GH_AW_PROMPT_0ea4ee22b5eb16b8_EOF'
Tools: update_release, missing_tool, missing_data, noop
@@ -187,13 +187,13 @@ jobs:
{{/if}}
- GH_AW_PROMPT_c788804fc69d8ab9_EOF
+ GH_AW_PROMPT_0ea4ee22b5eb16b8_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_c788804fc69d8ab9_EOF'
+ cat << 'GH_AW_PROMPT_0ea4ee22b5eb16b8_EOF'
{{#runtime-import .github/workflows/shared/community-attribution.md}}
{{#runtime-import .github/workflows/release.md}}
- GH_AW_PROMPT_c788804fc69d8ab9_EOF
+ GH_AW_PROMPT_0ea4ee22b5eb16b8_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
@@ -374,12 +374,12 @@ jobs:
mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_9e329ef68acc25ed_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_75aaf3586803c630_EOF'
{"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"update_release":{"max":1}}
- GH_AW_SAFE_OUTPUTS_CONFIG_9e329ef68acc25ed_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_75aaf3586803c630_EOF
- name: Write Safe Outputs Tools
run: |
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_93b4bd7c76cce012_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_552aefe14a45f5be_EOF'
{
"description_suffixes": {
"update_release": " CONSTRAINTS: Maximum 1 release(s) can be updated."
@@ -387,8 +387,8 @@ jobs:
"repo_params": {},
"dynamic_tools": []
}
- GH_AW_SAFE_OUTPUTS_TOOLS_META_93b4bd7c76cce012_EOF
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_5a31d409180c0962_EOF'
+ GH_AW_SAFE_OUTPUTS_TOOLS_META_552aefe14a45f5be_EOF
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_aa58c13243672dd6_EOF'
{
"missing_data": {
"defaultMax": 20,
@@ -473,7 +473,7 @@ jobs:
}
}
}
- GH_AW_SAFE_OUTPUTS_VALIDATION_5a31d409180c0962_EOF
+ GH_AW_SAFE_OUTPUTS_VALIDATION_aa58c13243672dd6_EOF
node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs
- name: Generate Safe Outputs MCP Server Config
id: safe-outputs-config
@@ -543,7 +543,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.11'
mkdir -p /home/runner/.copilot
- cat << GH_AW_MCP_CONFIG_85c7893264a84bb6_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
+ cat << GH_AW_MCP_CONFIG_c313bb4a07e4ca32_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
{
"mcpServers": {
"github": {
@@ -584,7 +584,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_85c7893264a84bb6_EOF
+ GH_AW_MCP_CONFIG_c313bb4a07e4ca32_EOF
- name: Download activation artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
@@ -1385,7 +1385,7 @@ jobs:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
- name: Log in to GitHub Container Registry
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
+ uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
diff --git a/.github/workflows/release.md b/.github/workflows/release.md
index 7c3c4df6aba..a21ed471fa3 100644
--- a/.github/workflows/release.md
+++ b/.github/workflows/release.md
@@ -330,7 +330,7 @@ jobs:
uses: docker/setup-buildx-action@v4
- name: Log in to GitHub Container Registry
- uses: docker/login-action@v4
+ uses: docker/login-action@v4.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
diff --git a/.github/workflows/shared/apm.md b/.github/workflows/shared/apm.md
index aee02e99a58..36782afa401 100644
--- a/.github/workflows/shared/apm.md
+++ b/.github/workflows/shared/apm.md
@@ -58,7 +58,7 @@ jobs:
working-directory: /tmp/gh-aw/apm-workspace
- name: Upload APM bundle artifact
if: success()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v7
with:
name: ${{ needs.activation.outputs.artifact_prefix }}apm
path: ${{ steps.apm_pack.outputs.bundle-path }}
@@ -66,7 +66,7 @@ jobs:
steps:
- name: Download APM bundle artifact
- uses: actions/download-artifact@v4
+ uses: actions/download-artifact@v8.0.1
with:
name: ${{ needs.activation.outputs.artifact_prefix }}apm
path: /tmp/gh-aw/apm-bundle
diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml
index d7154e9a16c..f687b3b264f 100644
--- a/.github/workflows/smoke-claude.lock.yml
+++ b/.github/workflows/smoke-claude.lock.yml
@@ -796,7 +796,7 @@ jobs:
env:
GH_TOKEN: ${{ github.token }}
- name: Download APM bundle artifact
- uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ${{ needs.activation.outputs.artifact_prefix }}apm
path: /tmp/gh-aw/apm-bundle
@@ -2332,7 +2332,7 @@ jobs:
working-directory: /tmp/gh-aw/apm-workspace
- name: Upload APM bundle artifact
if: success()
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
with:
name: ${{ needs.activation.outputs.artifact_prefix }}apm
path: ${{ steps.apm_pack.outputs.bundle-path }}
diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml
index f6e637133a9..3872cfefeba 100644
--- a/.github/workflows/stale-repo-identifier.lock.yml
+++ b/.github/workflows/stale-repo-identifier.lock.yml
@@ -30,7 +30,7 @@
# - shared/reporting.md
# - shared/trending-charts-simple.md
#
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ad4ae7cfa286504852c789e807486605e3da246a6f31154bb025398ff47c8262","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"771b4788c1532c9d57dcb31e2c09ee99602cb99270beebe73d8c1e79e768eda2","strict":true,"agent_id":"copilot"}
name: "Stale Repository Identifier"
"on":
@@ -149,15 +149,15 @@ jobs:
run: |
bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh
{
- cat << 'GH_AW_PROMPT_be259b00779d7244_EOF'
+ cat << 'GH_AW_PROMPT_15bdcf8c07f5565d_EOF'
- GH_AW_PROMPT_be259b00779d7244_EOF
+ GH_AW_PROMPT_15bdcf8c07f5565d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_be259b00779d7244_EOF'
+ cat << 'GH_AW_PROMPT_15bdcf8c07f5565d_EOF'
Tools: create_issue(max:10), upload_asset, missing_tool, missing_data, noop
@@ -191,9 +191,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_be259b00779d7244_EOF
+ GH_AW_PROMPT_15bdcf8c07f5565d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_be259b00779d7244_EOF'
+ cat << 'GH_AW_PROMPT_15bdcf8c07f5565d_EOF'
{{#runtime-import .github/workflows/shared/github-guard-policy.md}}
{{#runtime-import .github/workflows/shared/python-dataviz.md}}
@@ -201,7 +201,7 @@ jobs:
{{#runtime-import .github/workflows/shared/trending-charts-simple.md}}
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/stale-repo-identifier.md}}
- GH_AW_PROMPT_be259b00779d7244_EOF
+ GH_AW_PROMPT_15bdcf8c07f5565d_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
@@ -397,7 +397,7 @@ jobs:
ORGANIZATION: ${{ env.ORGANIZATION }}
id: stale-repos
name: Run stale-repos tool
- uses: github/stale-repos@7683f9d6900857a9e6dad8a3277a33bcc0b51d44 # v9.0.6
+ uses: github/stale-repos@25946246f29e8692a397502045e457c4dc96c6e4 # v9.0.7
- env:
INACTIVE_REPOS: ${{ steps.stale-repos.outputs.inactiveRepos }}
name: Save stale repos output
@@ -467,12 +467,12 @@ jobs:
mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_92764b1d01a6befe_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_44ccd17c6debcb36_EOF'
{"create_issue":{"expires":48,"group":true,"labels":["stale-repository","automated-analysis","cookie"],"max":10,"title_prefix":"[Stale Repository] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg"],"branch":"assets/${{ github.workflow }}","max-size":10240}}
- GH_AW_SAFE_OUTPUTS_CONFIG_92764b1d01a6befe_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_44ccd17c6debcb36_EOF
- name: Write Safe Outputs Tools
run: |
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_cc2e01d80ecf1001_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_2da6dc811fdfcdc4_EOF'
{
"description_suffixes": {
"create_issue": " CONSTRAINTS: Maximum 10 issue(s) can be created. Title will be prefixed with \"[Stale Repository] \". Labels [\"stale-repository\" \"automated-analysis\" \"cookie\"] will be automatically added.",
@@ -481,8 +481,8 @@ jobs:
"repo_params": {},
"dynamic_tools": []
}
- GH_AW_SAFE_OUTPUTS_TOOLS_META_cc2e01d80ecf1001_EOF
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_9aeb01a057a49082_EOF'
+ GH_AW_SAFE_OUTPUTS_TOOLS_META_2da6dc811fdfcdc4_EOF
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_9839b8d8917b59f2_EOF'
{
"create_issue": {
"defaultMax": 1,
@@ -584,7 +584,7 @@ jobs:
}
}
}
- GH_AW_SAFE_OUTPUTS_VALIDATION_9aeb01a057a49082_EOF
+ GH_AW_SAFE_OUTPUTS_VALIDATION_9839b8d8917b59f2_EOF
node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs
- name: Generate Safe Outputs MCP Server Config
id: safe-outputs-config
@@ -655,7 +655,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.11'
mkdir -p /home/runner/.copilot
- cat << GH_AW_MCP_CONFIG_907a1f67810a7780_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
+ cat << GH_AW_MCP_CONFIG_ebcf5ba4522a9a8c_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
{
"mcpServers": {
"github": {
@@ -699,7 +699,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_907a1f67810a7780_EOF
+ GH_AW_MCP_CONFIG_ebcf5ba4522a9a8c_EOF
- name: Download activation artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
diff --git a/.github/workflows/stale-repo-identifier.md b/.github/workflows/stale-repo-identifier.md
index 170cc65692c..2a85b92a835 100644
--- a/.github/workflows/stale-repo-identifier.md
+++ b/.github/workflows/stale-repo-identifier.md
@@ -71,7 +71,7 @@ env:
steps:
- name: Run stale-repos tool
id: stale-repos
- uses: github/stale-repos@v9.0.6
+ uses: github/stale-repos@v9.0.7
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ORGANIZATION: ${{ env.ORGANIZATION }}
diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml
index d9783bd09f0..d116078d81e 100644
--- a/.github/workflows/super-linter.lock.yml
+++ b/.github/workflows/super-linter.lock.yml
@@ -26,7 +26,7 @@
# Imports:
# - shared/reporting.md
#
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5b9cd290de19c2efeff8252adba4ccf92c1ed04fd02a082e0ec221ec5ef8de02","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2ce2d0b512b7d66eaad655313191a13858000f445b94035ad25b974fbe30a84e","strict":true,"agent_id":"copilot"}
name: "Super Linter Report"
"on":
@@ -138,15 +138,15 @@ jobs:
run: |
bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh
{
- cat << 'GH_AW_PROMPT_d6daea83f2b7f2f9_EOF'
+ cat << 'GH_AW_PROMPT_f9312b7d4d7ec843_EOF'
- GH_AW_PROMPT_d6daea83f2b7f2f9_EOF
+ GH_AW_PROMPT_f9312b7d4d7ec843_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_d6daea83f2b7f2f9_EOF'
+ cat << 'GH_AW_PROMPT_f9312b7d4d7ec843_EOF'
Tools: create_issue, missing_tool, missing_data, noop
@@ -178,13 +178,13 @@ jobs:
{{/if}}
- GH_AW_PROMPT_d6daea83f2b7f2f9_EOF
+ GH_AW_PROMPT_f9312b7d4d7ec843_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_d6daea83f2b7f2f9_EOF'
+ cat << 'GH_AW_PROMPT_f9312b7d4d7ec843_EOF'
{{#runtime-import .github/workflows/shared/reporting.md}}
{{#runtime-import .github/workflows/super-linter.md}}
- GH_AW_PROMPT_d6daea83f2b7f2f9_EOF
+ GH_AW_PROMPT_f9312b7d4d7ec843_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
@@ -384,12 +384,12 @@ jobs:
mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_a9ec6f51acf85ea6_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_e31b82dc27fd45ad_EOF'
{"create_issue":{"expires":48,"labels":["automation","code-quality","cookie"],"max":1,"title_prefix":"[linter] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"}}
- GH_AW_SAFE_OUTPUTS_CONFIG_a9ec6f51acf85ea6_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_e31b82dc27fd45ad_EOF
- name: Write Safe Outputs Tools
run: |
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_fb8ab4920bf3ab66_EOF'
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_43d2fc9abe622dfe_EOF'
{
"description_suffixes": {
"create_issue": " CONSTRAINTS: Maximum 1 issue(s) can be created. Title will be prefixed with \"[linter] \". Labels [\"automation\" \"code-quality\" \"cookie\"] will be automatically added."
@@ -397,8 +397,8 @@ jobs:
"repo_params": {},
"dynamic_tools": []
}
- GH_AW_SAFE_OUTPUTS_TOOLS_META_fb8ab4920bf3ab66_EOF
- cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_a02512d0a41fab85_EOF'
+ GH_AW_SAFE_OUTPUTS_TOOLS_META_43d2fc9abe622dfe_EOF
+ cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_d2eea57464929003_EOF'
{
"create_issue": {
"defaultMax": 1,
@@ -491,7 +491,7 @@ jobs:
}
}
}
- GH_AW_SAFE_OUTPUTS_VALIDATION_a02512d0a41fab85_EOF
+ GH_AW_SAFE_OUTPUTS_VALIDATION_d2eea57464929003_EOF
node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs
- name: Generate Safe Outputs MCP Server Config
id: safe-outputs-config
@@ -561,7 +561,7 @@ jobs:
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.11'
mkdir -p /home/runner/.copilot
- cat << GH_AW_MCP_CONFIG_f9d5fed765588cd7_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
+ cat << GH_AW_MCP_CONFIG_9891f0fddf3fb195_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh
{
"mcpServers": {
"github": {
@@ -602,7 +602,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_f9d5fed765588cd7_EOF
+ GH_AW_MCP_CONFIG_9891f0fddf3fb195_EOF
- name: Download activation artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
@@ -1162,7 +1162,7 @@ jobs:
persist-credentials: false
- name: Super-linter
id: super-linter
- uses: super-linter/super-linter@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0
+ uses: super-linter/super-linter@9e863354e3ff62e0727d37183162c4a88873df41 # v8.6.0
env:
CREATE_LOG_FILE: "true"
DEFAULT_BRANCH: main
diff --git a/.github/workflows/super-linter.md b/.github/workflows/super-linter.md
index b37b4c05dbb..7996fc264b9 100644
--- a/.github/workflows/super-linter.md
+++ b/.github/workflows/super-linter.md
@@ -37,7 +37,7 @@ jobs:
persist-credentials: false
- name: Super-linter
- uses: super-linter/super-linter@v8.5.0 # x-release-please-version
+ uses: super-linter/super-linter@v8.6.0 # x-release-please-version
id: super-linter
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -183,7 +183,7 @@ docker run --rm \
-e RUN_LOCAL=true \
-e VALIDATE_MARKDOWN=true \
-v $(pwd):/tmp/lint \
- ghcr.io/super-linter/super-linter:slim-v8.5.0
+ ghcr.io/super-linter/super-linter:slim-v8.6.0
# Run super-linter on specific file types only
# For example, to validate only Markdown files:
@@ -191,7 +191,7 @@ docker run --rm \
-e RUN_LOCAL=true \
-e VALIDATE_MARKDOWN=true \
-v $(pwd):/tmp/lint \
- ghcr.io/super-linter/super-linter:slim-v8.5.0
+ ghcr.io/super-linter/super-linter:slim-v8.6.0
```
**Note**: The Docker command uses the same super-linter configuration as this workflow. Files are mounted from your current directory to `/tmp/lint` in the container.
diff --git a/pkg/workflow/data/action_pins.json b/pkg/workflow/data/action_pins.json
index a4d78b7fdc6..2d1437ab728 100644
--- a/pkg/workflow/data/action_pins.json
+++ b/pkg/workflow/data/action_pins.json
@@ -136,7 +136,12 @@
"docker/login-action@v4": {
"repo": "docker/login-action",
"version": "v4",
- "sha": "b45d80f862d83dbcd57f89517bcf500b2ab88fb2"
+ "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121"
+ },
+ "docker/login-action@v4.1.0": {
+ "repo": "docker/login-action",
+ "version": "v4.1.0",
+ "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121"
},
"docker/metadata-action@v6": {
"repo": "docker/metadata-action",
@@ -168,6 +173,11 @@
"version": "v9.0.6",
"sha": "7683f9d6900857a9e6dad8a3277a33bcc0b51d44"
},
+ "github/stale-repos@v9.0.7": {
+ "repo": "github/stale-repos",
+ "version": "v9.0.7",
+ "sha": "25946246f29e8692a397502045e457c4dc96c6e4"
+ },
"haskell-actions/setup@v2.10.3": {
"repo": "haskell-actions/setup",
"version": "v2.10.3",
@@ -192,6 +202,11 @@
"repo": "super-linter/super-linter",
"version": "v8.5.0",
"sha": "61abc07d755095a68f4987d1c2c3d1d64408f1f9"
+ },
+ "super-linter/super-linter@v8.6.0": {
+ "repo": "super-linter/super-linter",
+ "version": "v8.6.0",
+ "sha": "9e863354e3ff62e0727d37183162c4a88873df41"
}
}
}