diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 51ab9e68bf..abd6a1e2e2 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -33,7 +33,7 @@ # - shared/reporting.md # - shared/trends.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b6b3608f03cb4a4699aaa9f4b357d9429b712addd4d8a75e8e78721654be5f0a","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f2fb43769085ff516643a1936f28392af5c7584aff342ff3810a9eef6678b77b","strict":true,"agent_id":"codex"} name: "Daily Issues Report Generator" "on": @@ -148,15 +148,15 @@ jobs: run: | bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh { - cat << 'GH_AW_PROMPT_e86edbc33406c255_EOF' + cat << 'GH_AW_PROMPT_caeee7938ac161e2_EOF' - GH_AW_PROMPT_e86edbc33406c255_EOF + GH_AW_PROMPT_caeee7938ac161e2_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_e86edbc33406c255_EOF' + cat << 'GH_AW_PROMPT_caeee7938ac161e2_EOF' Tools: create_discussion, upload_asset, missing_tool, missing_data, noop @@ -190,9 +190,9 @@ jobs: {{/if}} - GH_AW_PROMPT_e86edbc33406c255_EOF + GH_AW_PROMPT_caeee7938ac161e2_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_e86edbc33406c255_EOF' + cat << 'GH_AW_PROMPT_caeee7938ac161e2_EOF' {{#runtime-import .github/workflows/shared/github-guard-policy.md}} {{#runtime-import .github/workflows/shared/jqschema.md}} @@ -202,7 +202,7 @@ jobs: {{#runtime-import .github/workflows/shared/trends.md}} {{#runtime-import .github/workflows/shared/reporting.md}} {{#runtime-import .github/workflows/daily-issues-report.md}} - GH_AW_PROMPT_e86edbc33406c255_EOF + GH_AW_PROMPT_caeee7938ac161e2_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -354,7 +354,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} name: Fetch issues data - run: "# Create output directories\nmkdir -p /tmp/gh-aw/issues-data\nmkdir -p /tmp/gh-aw/cache-memory\n\n# Get today's date for cache identification\nTODAY=$(date '+%Y-%m-%d')\nCACHE_DIR=\"/tmp/gh-aw/cache-memory\"\n\n# Check if cached data exists from today\nif [ -f \"$CACHE_DIR/issues-${TODAY}.json\" ] && [ -s \"$CACHE_DIR/issues-${TODAY}.json\" ]; then\n echo \"✓ Found cached issues data from ${TODAY}\"\n cp \"$CACHE_DIR/issues-${TODAY}.json\" /tmp/gh-aw/issues-data/issues.json\n \n # Regenerate schema if missing\n if [ ! -f \"$CACHE_DIR/issues-${TODAY}-schema.json\" ]; then\n /tmp/gh-aw/jqschema.sh < /tmp/gh-aw/issues-data/issues.json > \"$CACHE_DIR/issues-${TODAY}-schema.json\"\n fi\n cp \"$CACHE_DIR/issues-${TODAY}-schema.json\" /tmp/gh-aw/issues-data/issues-schema.json\n \n echo \"Using cached data from ${TODAY}\"\n echo \"Total issues in cache: $(jq 'length' /tmp/gh-aw/issues-data/issues.json)\"\nelse\n echo \"⬇ Downloading fresh issues data...\"\n \n # Fetch all issues (open and closed) using gh CLI\n # Using --limit 1000 to get the last 1000 issues, unfiltered\n echo \"Fetching the last 1000 issues...\"\n gh issue list --repo ${{ github.repository }} \\\n --state all \\\n --json number,title,author,createdAt,state,url,body,labels,updatedAt,closedAt,milestone,assignees,comments \\\n --limit 1000 \\\n > /tmp/gh-aw/issues-data/issues.json\n\n # Generate schema for reference\n /tmp/gh-aw/jqschema.sh < /tmp/gh-aw/issues-data/issues.json > /tmp/gh-aw/issues-data/issues-schema.json\n\n # Store in cache with today's date\n cp /tmp/gh-aw/issues-data/issues.json \"$CACHE_DIR/issues-${TODAY}.json\"\n cp /tmp/gh-aw/issues-data/issues-schema.json \"$CACHE_DIR/issues-${TODAY}-schema.json\"\n\n echo \"✓ Issues data saved to cache: issues-${TODAY}.json\"\n echo \"Total issues found: $(jq 'length' /tmp/gh-aw/issues-data/issues.json)\"\nfi\n\n# Always ensure data is available at expected locations for backward compatibility\necho \"Issues data available at: /tmp/gh-aw/issues-data/issues.json\"\necho \"Schema available at: /tmp/gh-aw/issues-data/issues-schema.json\"" + run: "# Create output directories\nmkdir -p /tmp/gh-aw/issues-data\nmkdir -p /tmp/gh-aw/cache-memory\n\n# Get today's date for cache identification\nTODAY=$(date '+%Y-%m-%d')\nCACHE_DIR=\"/tmp/gh-aw/cache-memory\"\n\n# Check if cached data exists from today\nif [ -f \"$CACHE_DIR/issues-${TODAY}.json\" ] && [ -s \"$CACHE_DIR/issues-${TODAY}.json\" ]; then\n echo \"✓ Found cached issues data from ${TODAY}\"\n cp \"$CACHE_DIR/issues-${TODAY}.json\" /tmp/gh-aw/issues-data/issues.json\n \n # Regenerate schema if missing\n if [ ! -f \"$CACHE_DIR/issues-${TODAY}-schema.json\" ]; then\n /tmp/gh-aw/jqschema.sh < /tmp/gh-aw/issues-data/issues.json > \"$CACHE_DIR/issues-${TODAY}-schema.json\"\n fi\n cp \"$CACHE_DIR/issues-${TODAY}-schema.json\" /tmp/gh-aw/issues-data/issues-schema.json\n \n echo \"Using cached data from ${TODAY}\"\n echo \"Total issues in cache: $(jq 'length' /tmp/gh-aw/issues-data/issues.json)\"\nelse\n echo \"⬇ Downloading fresh issues data...\"\n \n # Fetch all issues (open and closed) using gh CLI\n # Using --limit 1000 to get the last 1000 issues, unfiltered\n echo \"Fetching the last 1000 issues...\"\n if ! gh issue list --repo ${{ github.repository }} \\\n --state all \\\n --json number,title,author,createdAt,state,url,body,labels,updatedAt,closedAt,milestone,assignees,comments \\\n --limit 1000 \\\n > /tmp/gh-aw/issues-data/issues.json; then\n echo \"::warning::Failed to fetch issues data (issues may be disabled or temporarily unavailable). Using empty dataset. Downstream analysis will report zero issues — check repository Issues settings or retry the workflow if this is unexpected.\"\n echo \"[]\" > /tmp/gh-aw/issues-data/issues.json\n fi\n\n # Generate schema for reference\n /tmp/gh-aw/jqschema.sh < /tmp/gh-aw/issues-data/issues.json > /tmp/gh-aw/issues-data/issues-schema.json\n\n # Store in cache with today's date\n cp /tmp/gh-aw/issues-data/issues.json \"$CACHE_DIR/issues-${TODAY}.json\"\n cp /tmp/gh-aw/issues-data/issues-schema.json \"$CACHE_DIR/issues-${TODAY}-schema.json\"\n\n echo \"✓ Issues data saved to cache: issues-${TODAY}.json\"\n echo \"Total issues found: $(jq 'length' /tmp/gh-aw/issues-data/issues.json)\"\nfi\n\n# Always ensure data is available at expected locations for backward compatibility\necho \"Issues data available at: /tmp/gh-aw/issues-data/issues.json\"\necho \"Schema available at: /tmp/gh-aw/issues-data/issues-schema.json\"" - name: Setup Python environment run: "# Create working directory for Python scripts\nmkdir -p /tmp/gh-aw/python\nmkdir -p /tmp/gh-aw/python/data\nmkdir -p /tmp/gh-aw/python/charts\nmkdir -p /tmp/gh-aw/python/artifacts\n\necho \"Python environment setup complete\"\necho \"Working directory: /tmp/gh-aw/python\"\necho \"Data directory: /tmp/gh-aw/python/data\"\necho \"Charts directory: /tmp/gh-aw/python/charts\"\necho \"Artifacts directory: /tmp/gh-aw/python/artifacts\"\n" - name: Install Python scientific libraries @@ -449,12 +449,12 @@ jobs: mkdir -p ${RUNNER_TEMP}/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_407b53c4045cbcb1_EOF' + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_47e5d795abd90a36_EOF' {"create_discussion":{"category":"audits","close_older_discussions":true,"expires":72,"fallback_to_issue":true,"max":1,"title_prefix":"[daily issues] "},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"upload_asset":{"allowed-exts":[".png",".jpg",".jpeg"],"branch":"assets/${{ github.workflow }}","max-size":10240}} - GH_AW_SAFE_OUTPUTS_CONFIG_407b53c4045cbcb1_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_47e5d795abd90a36_EOF - name: Write Safe Outputs Tools run: | - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_026468ec84444cbd_EOF' + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/tools_meta.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_META_609c78ea1e52948c_EOF' { "description_suffixes": { "create_discussion": " CONSTRAINTS: Maximum 1 discussion(s) can be created. Title will be prefixed with \"[daily issues] \". Discussions will be created in category \"audits\".", @@ -463,8 +463,8 @@ jobs: "repo_params": {}, "dynamic_tools": [] } - GH_AW_SAFE_OUTPUTS_TOOLS_META_026468ec84444cbd_EOF - cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_64233acbadcd4a57_EOF' + GH_AW_SAFE_OUTPUTS_TOOLS_META_609c78ea1e52948c_EOF + cat > ${RUNNER_TEMP}/gh-aw/safeoutputs/validation.json << 'GH_AW_SAFE_OUTPUTS_VALIDATION_713495a9954b4c52_EOF' { "create_discussion": { "defaultMax": 1, @@ -559,7 +559,7 @@ jobs: } } } - GH_AW_SAFE_OUTPUTS_VALIDATION_64233acbadcd4a57_EOF + GH_AW_SAFE_OUTPUTS_VALIDATION_713495a9954b4c52_EOF node ${RUNNER_TEMP}/gh-aw/actions/generate_safe_outputs_tools.cjs - name: Generate Safe Outputs MCP Server Config id: safe-outputs-config @@ -629,7 +629,7 @@ jobs: export GH_AW_ENGINE="codex" export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.12' - cat > /tmp/gh-aw/mcp-config/config.toml << GH_AW_MCP_CONFIG_27a2f59aba248014_EOF + cat > /tmp/gh-aw/mcp-config/config.toml << GH_AW_MCP_CONFIG_77f821b27d834424_EOF [history] persistence = "none" @@ -656,10 +656,10 @@ jobs: [mcp_servers.safeoutputs."guard-policies".write-sink] accept = ["*"] - GH_AW_MCP_CONFIG_27a2f59aba248014_EOF + GH_AW_MCP_CONFIG_77f821b27d834424_EOF # Generate JSON config for MCP gateway - cat << GH_AW_MCP_CONFIG_27a2f59aba248014_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh + cat << GH_AW_MCP_CONFIG_77f821b27d834424_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh { "mcpServers": { "github": { @@ -702,7 +702,7 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_27a2f59aba248014_EOF + GH_AW_MCP_CONFIG_77f821b27d834424_EOF - name: Download activation artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: diff --git a/.github/workflows/shared/issues-data-fetch.md b/.github/workflows/shared/issues-data-fetch.md index 94465dbb88..d2154ffd79 100644 --- a/.github/workflows/shared/issues-data-fetch.md +++ b/.github/workflows/shared/issues-data-fetch.md @@ -49,11 +49,14 @@ steps: # Fetch all issues (open and closed) using gh CLI # Using --limit 1000 to get the last 1000 issues, unfiltered echo "Fetching the last 1000 issues..." - gh issue list --repo ${{ github.repository }} \ + if ! gh issue list --repo ${{ github.repository }} \ --state all \ --json number,title,author,createdAt,state,url,body,labels,updatedAt,closedAt,milestone,assignees,comments \ --limit 1000 \ - > /tmp/gh-aw/issues-data/issues.json + > /tmp/gh-aw/issues-data/issues.json; then + echo "::warning::Failed to fetch issues data (issues may be disabled or temporarily unavailable). Using empty dataset. Downstream analysis will report zero issues — check repository Issues settings or retry the workflow if this is unexpected." + echo "[]" > /tmp/gh-aw/issues-data/issues.json + fi # Generate schema for reference /tmp/gh-aw/jqschema.sh < /tmp/gh-aw/issues-data/issues.json > /tmp/gh-aw/issues-data/issues-schema.json diff --git a/actions/setup/sh/install_awf_binary.sh b/actions/setup/sh/install_awf_binary.sh index 98d2c379bc..dcb0519990 100755 --- a/actions/setup/sh/install_awf_binary.sh +++ b/actions/setup/sh/install_awf_binary.sh @@ -210,7 +210,15 @@ else fi # Verify installation -which awf -awf --version +# Use the absolute path to avoid PATH issues on self-hosted or GPU runners +# where ${AWF_INSTALL_DIR} may not be in the user PATH. The binary is always +# accessible in subsequent steps via sudo (which includes /usr/local/bin). +# Also clear DIFC (Data Integrity and Filtering Controls) proxy env vars +# set by start_difc_proxy.sh. When the DIFC proxy is active, GITHUB_API_URL +# and GITHUB_GRAPHQL_URL point to localhost:18443 and GH_HOST is overridden. +# The AWF bundle may try to reach these endpoints on startup, causing the +# version check to fail with a connection error if the proxy rejects the request. +env -u GITHUB_API_URL -u GITHUB_GRAPHQL_URL -u GH_HOST \ + "${AWF_INSTALL_DIR}/${AWF_INSTALL_NAME}" --version echo "✓ AWF installation complete"