update to aw 0.61.2#1080
Merged
Merged
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
main, but PRs should target staged.
The main branch is auto-published from staged and should not receive direct PRs.
Please close this PR and re-open it against the staged branch.
You can change the base branch using the Edit button at the top of this PR,
or run: gh pr edit 1080 --base staged
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the repository’s agentic workflow lockfiles to match gh-aw v0.61.2 output, including related runtime/script path changes and new MCP/guard configuration. Also updates the Learning Hub updater workflow source to align with the repo’s staged-base PR convention.
Changes:
- Regenerated multiple
.github/workflows/*.lock.ymlfiles with gh-aw v0.61.2 (and AWF v0.24.3), updating setup action pins and runtime paths. - Updated MCP gateway configuration (guard policies) and Safe Outputs tool generation flow.
- Adjusted Learning Hub updater workflow source to set allowed domains under
safe-outputsand requirestagedas the PR base branch.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/resource-staleness-report.lock.yml | Regenerated workflow lockfile for gh-aw v0.61.2; updates setup/action paths, AWF version, and safe-outputs/MCP config. |
| .github/workflows/pr-duplicate-check.lock.yml | Regenerated workflow lockfile for gh-aw v0.61.2; updates setup/action paths, AWF version, and safe-outputs/MCP config. |
| .github/workflows/learning-hub-updater.md | Moves allowed domains under safe-outputs and clarifies PRs must target staged with required labels. |
| .github/workflows/learning-hub-updater.lock.yml | Regenerated workflow lockfile for gh-aw v0.61.2; includes staged base-branch handling and updated safe-outputs/MCP config. |
| .github/workflows/duplicate-resource-detector.lock.yml | Regenerated workflow lockfile for gh-aw v0.61.2; updates setup/action paths, AWF version, and safe-outputs/MCP config. |
| .github/workflows/codeowner-update.lock.yml | Regenerated workflow lockfile for gh-aw v0.61.2; updates setup/action paths, AWF version, and safe-outputs/MCP config. |
| .github/aw/actions-lock.json | Adds v0.61.2 lock entries for gh-aw setup actions. |
You can also share your feedback on Copilot code review. Take the survey.
| touch /tmp/gh-aw/agent-step-summary.md | ||
| # shellcheck disable=SC1003 | ||
| sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.24.2 --skip-pull --enable-api-proxy \ | ||
| sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.24.3 --skip-pull --enable-api-proxy \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.