Fix workflow network allowlist gaps from 2026-04-03 firewall report#24332
Merged
Fix workflow network allowlist gaps from 2026-04-03 firewall report#24332
Conversation
6 tasks
- dependabot-go-checker.md: Add proxy.golang.org, sum.golang.org, pkg.go.dev - glossary-maintainer.md: Add nodejs.org to network allowlist - gpclean.md: Add storage.googleapis.com to network allowlist - ecosystem_domains.json: Remove *.jsr.io wildcard from node and deno ecosystems - Update tests and golden files to reflect ecosystem domain changes - Recompile all affected lock files Agent-Logs-Url: https://github.com/github/gh-aw/sessions/3b7fd1fe-da2b-49fe-828c-e3d001250f2e Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix workflow network allowlist gaps from firewall report
Fix workflow network allowlist gaps from 2026-04-03 firewall report
Apr 3, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates workflow/network allowlists and ecosystem domain definitions to reduce firewall blocks seen in the 2026-04-03 report, primarily by tightening jsr.io matching and adding missing Go/Node domains where needed.
Changes:
- Added/adjusted workflow
network.allowedentries to cover legitimate external fetches (notably Go module and Node release metadata). - Removed the
*.jsr.iowildcard fromdeno/nodeecosystem domain definitions and regenerated dependent lock/golden fixtures. - Updated tests and golden workflow fixtures to reflect the new domain expansion/matching behavior.
Reviewed changes
Copilot reviewed 40 out of 40 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-test-tools.golden | Updates expected compiled workflow output to drop *.jsr.io and keep explicit jsr.io. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden | Updates expected compiled workflow output to drop *.jsr.io and keep explicit jsr.io. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/claude-with-network.golden | Updates expected compiled workflow output to drop *.jsr.io and keep explicit jsr.io. |
| pkg/workflow/ecosystem_domains_test.go | Adjusts ecosystem expansion expectations (removes *.jsr.io). |
| pkg/workflow/domains.go | Updates documentation comment for deno ecosystem domains to remove *.jsr.io. |
| pkg/workflow/domains_test.go | Updates domain→ecosystem test cases to reflect jsr.io exact matching (no wildcard). |
| pkg/workflow/data/ecosystem_domains.json | Removes *.jsr.io from deno ecosystem and from the node-related lists; keeps jsr.io. |
| .github/workflows/workflow-normalizer.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/weekly-issue-summary.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/update-astro.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/smoke-temporary-id.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/smoke-project.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/smoke-multi-pr.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/smoke-copilot.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/smoke-copilot-arm.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/slide-deck-maintainer.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/research.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/release.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/mcp-inspector.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/jsweep.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/gpclean.md | Adds storage.googleapis.com to allow Go proxy/module archive downloads. |
| .github/workflows/gpclean.lock.yml | Regenerated lock file to reflect gpclean.md allowlist change. |
| .github/workflows/glossary-maintainer.md | Adds nodejs.org to allow Node.js release metadata fetches. |
| .github/workflows/firewall.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/firewall-escape.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/docs-noob-tester.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/dependabot-go-checker.md | Switches from network: defaults to explicit allowlist for Go dependency resolution domains. |
| .github/workflows/daily-repo-chronicle.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/daily-news.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/copilot-pr-prompt-analysis.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/copilot-pr-nlp-analysis.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/cli-version-checker.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/cli-consistency-checker.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/changeset.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
| .github/workflows/artifacts-summary.lock.yml | Regenerated lock file to reflect updated allowlist (drops *.jsr.io). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - defaults | ||
| - proxy.golang.org | ||
| - sum.golang.org | ||
| - pkg.go.dev |
There was a problem hiding this comment.
The workflow now explicitly allows Go module domains, but it’s still missing storage.googleapis.com, which the Go module proxy commonly uses to fetch module archives (and is included in this repo’s go ecosystem list in pkg/workflow/data/ecosystem_domains.json). Without it, go/Dependabot checks can still hit firewall blocks when downloads are redirected to GCS. Consider adding storage.googleapis.com to network.allowed here for completeness and consistency with .github/workflows/gpclean.md.
Suggested change
| - pkg.go.dev | |
| - pkg.go.dev | |
| - storage.googleapis.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
28 firewall blocks across 15 workflow runs from the daily report — several were legitimate allowlist gaps causing silent failures.
Allowlist fixes
dependabot-go-checker.md: Was usingnetwork: defaults(no AWF enforcement). Addedproxy.golang.org,sum.golang.org,pkg.go.dev— fixes 6 blocked Go dependency resolution requests.glossary-maintainer.md: Addednodejs.orgfor Node.js release metadata fetches.gpclean.md: Addedstorage.googleapis.com— used by the Go module proxy for module archive downloads.Expected blocks (no change needed)
github.com/api.github.comblocks are expected — git diff/log operate on pre-fetched refs; pushes go through thepush_to_pull_request_branchsafe output.Ecosystem cleanup
Removed
*.jsr.iowildcard from bothnodeanddenoecosystems inecosystem_domains.json. The regex rule had 0 hits;jsr.io(exact) is retained. This affects 33 compiled lock files (regenerated viamake recompile).Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/cmd/gh-aw/main.go(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ility-kit.md(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GOMOD 64/bin/go -d **/*.cjs 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE tomic_wasm.s(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name "prettier" --wriGOINSECURE git 64/bin/go --show-toplevel 82b60758..HEAD ache/uv/0.11.3/x"prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha user.email test@example.com /usr/bin/git ub/workflows GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel /usr/bin/git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /opt/hostedtoolcache/node/24.14.0/x64/bin/bash -json GO111MODULE ode_modules/.bin--show-toplevel bash(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha ithub/workflows/audit-workflows.md -importcfg /usr/bin/infocmp -s -w -buildmode=exe infocmp -1 xterm-color -extld=gcc /usr/bin/git ./cmd/... ./pkg/... 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha prettier --check /opt/hostedtoolcache/go/1.25.0/x64/bin/go **/*.ts **/*.json --ignore-path go env GOPATH node /usr/bin/git tierignore **/*.cjs 64/bin/go git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 973037042 2mnLS362T 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet ns-l�� ortcfg hmGu04qL0 ache/go/1.25.0/x64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linuremote.origin.url(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha GOMODCACHE 64/pkg/tool/linu/tmp/go-build1496503958/b424/_testmain.go /usr/bin/git a.out GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/asm /usr/bin/git -json rotocol/go-sdk@vrev-parse 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 5758803/b234/_pkgit bhj8/yVsZXSY1_TCrev-parse 0/x64/bin/node git rev-�� .*/\1/p e/git /usr/bin/git SameOutput397368git -trimpath /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build1496503958/b113/vet.cfg /opt/hostedtoolcache/node/24.14.0/x64/bin/node -json GO111MODULE x_amd64/compile node /tmp�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/ace-editor.md MEyT6qO/ilPel1urrev-parse /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha GOMODCACHE go /usr/bin/git -json GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel ache/go/1.25.0/x-extld=gcc /usr/bin/git ace-editor.md GO111MODULE 5758803/b129=> git rev-�� --show-toplevel go /usr/bin/git 0-0n/jrpYP2NCpeGgit GO111MODULE 0/x64/bin/node git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -goversion go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build2245758803/b207/importcfg -pack -o /tmp/go-build819-p o 64/bin/go -p main -lang=go1.25 go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 01 .go 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha ub.actor }} -dwarf=false /usr/bin/git go1.25.0 -c=4 -nolocalimports git rev-�� --show-toplevel /tmp/go-build1496503958/b437/_testmain.go /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha ets.TOKEN }} go /usr/bin/git -json GO111MODULE x_amd64/asm git remo�� remove origin /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env i-lint >/dev/null 2>&1 || [ -x "$GOPATH/bin/golangci-lint" ]; then \ PATH="$GOPATH/bin:$PATH" ggit GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha(http block)https://api.github.com/repos/github/gh-aw/usr/bin/gh gh api /repos/github/gh-aw --jq .visibility(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -c go /usr/bin/git -json GO111MODULE x_amd64/compile git -C /tmp/gh-aw-test-runs/20260403-154459-34131/test-2598191732 rev-parse /usr/bin/git @{u} lGitbranch_with_rev-parse x_amd64/compile git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel go /usr/bin/git ath ../../../.prgit GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha g/sliceutil/sliceutil.go g/sliceutil/sliceutil_test.go ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -p log/slog -lang=go1.25 ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -V=f�� 6503958/b436/_pkg_.a BnHvriLGPCMV_McQl5bd/BnHvriLGPCMV_McQl5bd 0/x64/bin/node -goversion b/gh-aw/pkg/strirev-parse -c=4 0/x64/bin/node(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/node/24.14.0/x64/bin/node GOINSECURE GOMOD GOMODCACHE node(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 4459-34131/test-2598191732 -trimpath 6503958/b431/semverutil.test -p github.com/goccyrev-parse -lang=go1.21 6503958/b431/semverutil.test e=/t�� t0 -parallel=4 0/x64/bin/node m0s ./...(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /home/REDACTED/go/bin/node GOINSECURE GOMOD GOMODCACHE node(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1970910998/.github/workflows FtlqRiP0t 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE tions/setup/js/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build1496503958/b440/_testmain.go env 1443886060/.github/workflows oding@v0.5.4/json/codec.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env LsRemoteWithRealGitbranch_with_hremote.origin.url LsRemoteWithRealGitbranch_with_hyphen574415419/001' ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD b3c8b65a 64/pkg/tool/linux_amd64/compile env 1443886060/.github/workflows GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go itbr�� -json GO111MODULE 0/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a rotocol/go-sdk@v1.4.1/internal/util/net.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE tions/setup/js/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE Dg/mCTHgOgtaCf7iQExit-m/eomy2WHMX-sif4aHRWEK env 850467167/.github/workflows 0/language/coverage.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE tions/setup/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a Ufpu1I6li 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go eWit�� -json GO111MODULE tions/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 850467167/.github/workflows 0/internal/language/compact/compact.go x_amd64/vet GOINSECURE GOMOD abis x_amd64/vet(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE de_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path -e -f 64/bin/go -d unsafe 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linuorigin env g_.a GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/asm /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linutest@example.com /usr/bin/git g_.a GO111MODULE 64/pkg/tool/linugit-upload-pack 'origin' git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel go /usr/bin/git th .prettierignogit GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/xgit-upload-pack 'origin' git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE or_wasm.o 64/src/math/floo--show-toplevel 64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha th .prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha h ../../../.pret.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE INanK0V/feetP4W5config(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE MEyT6qO/ilPel1urrev-parse(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha h ../../../.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags//usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha re re cal/bin/git(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha g_.a GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE nal/alias GOMODCACHE 64/pkg/tool/linux_amd64/compile env b/workflows 9bJpVeol4 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha th .prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com env y_with_explicit_repo4018112443/001 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE de/node/bin/sh GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go -d **/*.cjs 64/bin/go VNgnGPLEQds7 env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go -n1 --format=format:-o 35574491e27f46f5/tmp/go-build2245758803/b221/_pkg_.a go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go --show-toplevel /tmp/go-build149-c /usr/bin/git go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build1496503958/b396/cli.test /tmp/go-build1496503958/b396/cli.test -test.testlogfile=/tmp/go-build1496503958/b396/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build2245758803/b206/importcfg -pack env -json GOMOD 64/bin/go tierignore **/*.cjs 64/bin/go go(http block)/tmp/go-build1469906399/b396/cli.test /tmp/go-build1469906399/b396/cli.test -test.testlogfile=/tmp/go-build1469906399/b396/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true tierignore /opt/hostedtoolcenv /usr/bin/git node /hom�� --write ../../../**/*.jsGOMOD 64/bin/go --ignore-path ../../../.pretti-c ache/node/24.14."prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOPATH=$(go env -p node 64/bin/go tierignore **/*.cjs 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name "prettier" --wriGOINSECURE git 64/bin/go --show-toplevel git /usr/bin/git go env -json GO111MODULE /node GOINSECURE GOMOD GOMODCACHE go(http block)If you need me to access, download, or install something from one of these locations, you can either: