Skip to content

v0.62.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 19 Mar 19:15
· 1777 commits to main since this release
v0.62.2
ffa4a66
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release focuses on reliability and resilience β€” fixing critical safe-outputs failures, improving signal handling on Linux/WSL, and introducing a new integrity filtering capability for log analysis.

⚠️ Breaking Changes

lockdown: true is replaced by min-integrity: approved

The lockdown: true field under tools.github has been superseded by the min-integrity guard policy. All 13 built-in agentic workflows have been updated automatically, but if you use lockdown: true in your own workflow frontmatter, you must migrate:

# Before (deprecated)
tools:
  github:
    lockdown: true

# After (required)
min-integrity: approved

✨ What's New

  • --filtered-integrity flag for gh aw logs β€” New flag to filter and surface sessions that contain DIFC-filtered items in the gateway logs, making it easier to audit integrity-controlled workflow runs.

πŸ› Bug Fixes & Improvements

  • Safe-outputs artifact 409 conflict resolved β€” The safe_outputs job was uploading artifacts under the same name ("agent") as the agent job, causing consistent 409 Conflict failures with GitHub Actions v4. Now uses a dedicated artifact name to prevent collisions.
  • Reliable Ctrl-C / signal handling on WSL β€” gh aw commands now properly handle SIGINT/SIGTERM via a top-level context with signal propagation, ensuring graceful shutdown across all commands on Linux and WSL.
  • Self-upgrade no longer fails with ETXTBSY on Linux/WSL β€” gh aw upgrade now uses a try-first-rename strategy to work around the kernel's restriction on overwriting a running executable.
  • Unconfigured app credentials no longer cause workflow failures β€” The activation-app.md and safe-output-app.md shared workflows had references to unconfigured vars.APP_ID and secrets.APP_PRIVATE_KEY that caused failures; these are now commented out by default.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

For complete details, see CHANGELOG.

Generated by Release

What's Changed

  • Replace lockdown: true with min-integrity: approved in workflow frontmatter by @Copilot in #21831
  • fix: proper end-to-end Ctrl-C / signal handling for all gh aw commands (WSL) by @Copilot in #21795
  • fix: retry self-upgrade with binary rename on Linux/WSL to avoid ETXTBSY by @Copilot in #21793
  • refactor: consolidate shared JS constants into constants.cjs by @Copilot in #21835
  • docs: optimize slides.md for readability and presentation crispness by @Copilot in #21837
  • Add --filtered-integrity flag to logs command by @Copilot in #21838
  • Comment out unconfigured app credentials in activation-app.md and safe-output-app.md by @Copilot in #21836
  • Fix safe-outputs artifact 409 conflict by using a dedicated artifact name by @Copilot in #21840

Full Changelog: v0.62.1...v0.62.2

Assets 18
Loading