Skip to content

v0.54.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 07 Mar 02:21
· 2295 commits to main since this release
v0.54.0
7699775
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on expanding workflow capabilities with Agent Package Manager support and broader temporary ID coverage, while hardening security and improving reliability for public repository workflows.

✨ What's New

  • Agent Package Manager (APM) support β€” Workflows can now declare microsoft/apm dependencies directly in frontmatter. The compiler emits a SHA-pinned microsoft/apm-action step to install packages before agent execution, making it easier to manage agent dependencies declaratively.

  • Temporary IDs for all project operations β€” #aw_* temporary IDs are now supported across all project-related safe outputs, enabling cross-references between operations within the same workflow run.

  • Engines always use latest versions β€” Agentic engines (Copilot, Claude Code, Codex, Gemini) now bind to "latest" instead of pinned versions, ensuring workflows automatically benefit from the newest AI capabilities without manual version bumps. CLI versions in this release: Claude Code 2.1.70, Copilot CLI 0.0.422, Codex 0.111.0.

πŸ› Bug Fixes & Improvements

  • Fixed gh aw add auth failure for public repos β€” The downloadFileFromGitHubWithDepth function now falls back to git/raw-URL when REST client creation fails with an auth error, resolving failures when adding workflows from public repositories in agentic contexts.

  • Security: Go module cache disabled in agentic setup β€” The actions/setup-go step now runs with cache: false in agentic workflows, closing a potential cache poisoning vector via prompt injection. This mirrors the existing mitigation already in place for Node.js.

πŸ“š Documentation

  • Streamlined the SideRepoOps patterns page for better readability.

For complete details, see CHANGELOG.

Generated by Release

What's Changed

  • Update CLI versions: Claude Code 2.1.70, Copilot CLI 0.0.422, Codex 0.111.0 by @Copilot in #19854
  • Reclassify 5 minor changesets as major breaking changes by @Copilot in #19870
  • fix: disable Go module cache in agentic setup actions to prevent cache poisoning by @Copilot in #19865
  • [dead-code] chore: remove 10 dead functions from analyzer batch run by @github-actions[bot] in #19880
  • [code-simplifier] refactor: use ExtraWithFields merge in Go go-mod-file setup path by @github-actions[bot] in #19884
  • Fix gh aw add auth failure for public repos in agentic workflows by @Copilot in #19853
  • [docs] docs: unbloat SideRepoOps page by @github-actions[bot] in #19906
  • [docs] Consolidate developer specs: fix 2 tone issues (v3.8) by @github-actions[bot] in #19904
  • [instructions] Sync github-agentic-workflows.md with v0.40.1 by @github-actions[bot] in #19902
  • [log] Add debug logging to spinner, import processor, and utility packages by @github-actions[bot] in #19894
  • Bind all agentic engines to "latest" instead of pinning versions by @Copilot in #19882
  • chore(deps): bump express-rate-limit from 8.2.1 to 8.3.0 in /.github/workflows in the npm_and_yarn group across 1 directory by @dependabot[bot] in #19881
  • Allow temporary IDs for all project operations by @Copilot in #19573
  • Add microsoft/apm dependencies support to frontmatter by @Copilot in #19883

Full Changelog: v0.53.6...v0.54.0

Contributors

dependabot
Assets 18
Loading