fix: install gh-aw CLI extension in workflow pre-steps

[lpcox]

Problem

Multiple workflows using ./gh-aw logs and ./gh-aw compile in frontmatter steps: were silently failing because the gh-aw binary is not available in the runner's working directory.

Root cause: The compiled workflow does a sparse checkout of only the actions/ folder. The steps: (pre-agent bash steps) run before the Copilot CLI/AWF install. There is no ./gh-aw binary, so ./gh-aw logs ... 2>/dev/null || echo "[]" silently produces empty results.

Impact: The Copilot Token Usage Analyzer has been producing empty "noop" reports (e.g., run 23940898307) despite 100+ workflow runs in the preceding 24 hours. All 9 affected workflows have the same issue.

Fix

1. Add an "Install gh-aw CLI" step before the data download step in each workflow
2. Change ./gh-aw → gh aw (extension invocation) in all affected workflows

Affected Workflows (9)

Workflow	Command
copilot-token-usage-analyzer	gh aw logs --engine copilot
claude-token-usage-analyzer	gh aw logs --engine claude
copilot-token-optimizer	gh aw logs --engine copilot
claude-token-optimizer	gh aw logs --engine claude
daily-copilot-token-report	gh aw logs --engine copilot
daily-integrity-analysis	gh aw logs --filtered-integrity
daily-syntax-error-quality	gh aw compile (was make build && ./gh-aw)
portfolio-analyst	gh aw logs
static-analysis-report	gh aw compile --zizmor --poutine --actionlint

[Copilot]

Pull request overview

Updates several agentic workflow definitions so gh-aw is available during pre-agent steps: despite sparse checkouts, by installing the github/gh-aw GitHub CLI extension and switching invocations from ./gh-aw … to gh aw ….

Changes:

• Add a pre-step to install/upgrade the gh-aw GitHub CLI extension in each affected workflow.
• Replace ./gh-aw logs|compile … with gh aw logs|compile … across the impacted workflows.
• Remove local Go build steps for gh-aw where they were previously used only to provide a ./gh-aw binary.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
.github/workflows/static-analysis-report.md	Installs gh-aw extension before pre-steps; switches compile invocation to gh aw compile.
.github/workflows/static-analysis-report.lock.yml	Regenerated compiled workflow to include extension install step and updated compile command.
.github/workflows/portfolio-analyst.md	Installs gh-aw extension before downloading logs; switches to gh aw logs.
.github/workflows/portfolio-analyst.lock.yml	Regenerated compiled workflow reflecting extension install and updated logs command.
.github/workflows/daily-syntax-error-quality.md	Replaces local build/./gh-aw usage with extension install and gh aw compile.
.github/workflows/daily-syntax-error-quality.lock.yml	Regenerated compiled workflow reflecting extension install and updated tool allowlist/commands.
.github/workflows/daily-integrity-analysis.md	Installs gh-aw extension before downloading integrity-filtered logs; switches to gh aw logs.
.github/workflows/daily-integrity-analysis.lock.yml	Regenerated compiled workflow reflecting extension install and updated logs command.
.github/workflows/daily-copilot-token-report.md	Installs gh-aw extension before pre-downloading Copilot logs; switches to gh aw logs.
.github/workflows/daily-copilot-token-report.lock.yml	Regenerated compiled workflow reflecting extension install and updated logs command.
.github/workflows/copilot-token-usage-analyzer.md	Installs gh-aw extension before downloading run data; switches to gh aw logs.
.github/workflows/copilot-token-usage-analyzer.lock.yml	Regenerated compiled workflow reflecting extension install and updated logs command.
.github/workflows/copilot-token-optimizer.md	Installs gh-aw extension before loading run data; switches to gh aw logs.
.github/workflows/copilot-token-optimizer.lock.yml	Regenerated compiled workflow reflecting extension install and updated logs command.
.github/workflows/claude-token-usage-analyzer.md	Installs gh-aw extension before downloading run data; switches to gh aw logs.
.github/workflows/claude-token-usage-analyzer.lock.yml	Regenerated compiled workflow reflecting extension install and updated logs command.
.github/workflows/claude-token-optimizer.md	Installs gh-aw extension before loading run data; switches to gh aw logs.
.github/workflows/claude-token-optimizer.lock.yml	Regenerated compiled workflow reflecting extension install and updated logs command.

Comments suppressed due to low confidence (4)

.github/workflows/copilot-token-usage-analyzer.md:62

• gh aw logs failures are currently silenced (2>/dev/null) and replaced with an empty JSON array, which can reintroduce the “silent noop report” behavior if the command errors (auth, rate limit, network, etc.). Consider preserving stderr (or printing a warning with the exit code) and failing the step when the download fails, so missing data is visible.

      echo "📥 Downloading Copilot workflow runs from last 24 hours..."
      gh aw logs \
        --engine copilot \
        --start-date -1d \
        --json \
        -c 300 \
        > /tmp/token-analyzer/copilot-runs.json 2>/dev/null || echo "[]" > /tmp/token-analyzer/copilot-runs.json

.github/workflows/claude-token-usage-analyzer.md:62

• gh aw logs failures are currently silenced (2>/dev/null) and replaced with an empty JSON array, which can reintroduce the “silent noop report” behavior if the command errors (auth, rate limit, network, etc.). Consider preserving stderr (or printing a warning with the exit code) and failing the step when the download fails, so missing data is visible.

      echo "📥 Downloading Claude workflow runs from last 24 hours..."
      gh aw logs \
        --engine claude \
        --start-date -1d \
        --json \
        -c 300 \
        > /tmp/token-analyzer-claude/claude-runs.json 2>/dev/null || echo "[]" > /tmp/token-analyzer-claude/claude-runs.json

.github/workflows/copilot-token-optimizer.md:70

• gh aw logs failures are currently silenced (2>/dev/null) and replaced with an empty JSON array, which can reintroduce the “silent noop report” behavior if the command errors (auth, rate limit, network, etc.). Consider preserving stderr (or printing a warning with the exit code) and failing the step when the download fails, so missing data is visible.

      echo "📥 Loading Copilot workflow runs from last 24 hours..."
      gh aw logs \
        --engine copilot \
        --start-date -1d \
        --json \
        -c 300 \
        > /tmp/token-optimizer/copilot-runs.json 2>/dev/null || echo "[]" > /tmp/token-optimizer/copilot-runs.json

.github/workflows/claude-token-optimizer.md:70

• gh aw logs failures are currently silenced (2>/dev/null) and replaced with an empty JSON array, which can reintroduce the “silent noop report” behavior if the command errors (auth, rate limit, network, etc.). Consider preserving stderr (or printing a warning with the exit code) and failing the step when the download fails, so missing data is visible.

      echo "📥 Loading Claude workflow runs from last 24 hours..."
      gh aw logs \
        --engine claude \
        --start-date -1d \
        --json \
        -c 300 \
        > /tmp/token-optimizer-claude/claude-runs.json 2>/dev/null || echo "[]" > /tmp/token-optimizer-claude/claude-runs.json

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.