fix: SHA-pin setup-cli action reference in copilot-setup-steps.yml on upgrade#19496
fix: SHA-pin setup-cli action reference in copilot-setup-steps.yml on upgrade#19496
Conversation
When gh aw upgrade runs, it now resolves the commit SHA for the github/gh-aw/actions/setup-cli action via the GitHub API and writes a SHA-pinned reference (e.g. @abc123... # v0.52.1) instead of a bare version tag (@v0.52.1). Falls back to the version tag if SHA resolution fails (e.g. no network access in tests). Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR updates gh aw upgrade / Copilot setup steps generation to produce SHA-pinned uses: references for github/gh-aw/actions/setup-cli in release mode, aligning with the repository’s general action pinning approach.
Changes:
- Extend
getActionRefand related helpers to optionally resolve a tag to a commit SHA and format the ref as@<sha> # <version>. - Build and thread a
workflow.ActionSHAResolverthrough Copilot setup steps generation/upgrade paths in release mode. - Add unit tests for SHA resolver behavior and an end-to-end upgrade scenario using a mock resolver.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| pkg/cli/copilot_setup.go | Adds SHA resolver plumbing and SHA-pinned action ref formatting for Copilot setup steps generation/upgrade. |
| pkg/cli/copilot_setup_test.go | Adds mock resolver and tests for SHA-pinned refs and upgrade behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| if resolver != nil { | ||
| sha, err := resolver.ResolveSHA("github/gh-aw/actions/setup-cli", version) | ||
| if err == nil && sha != "" { | ||
| return fmt.Sprintf("@%s # %s", sha, version) |
There was a problem hiding this comment.
Returning an action ref that includes " # <version>" will be embedded into step.Uses and then serialized with yaml.Marshal. YAML serializers must quote scalars containing #, so the upgraded workflow will likely end up with uses: "github/gh-aw/actions/setup-cli@<sha> # vX" (where # vX becomes part of the value), which GitHub Actions does not accept. To keep the version as an inline YAML comment (not part of the uses value), post-process the marshaled YAML to unquote uses: lines with version comments (similar to pkg/workflow/agentic_engine.go's unquoteUsesWithComments), or avoid putting the comment into the marshaled scalar by using YAML node comments / a string-based edit approach for upgrades.
| return fmt.Sprintf("@%s # %s", sha, version) | |
| return "@" + sha |
| if err == nil && sha != "" { | ||
| return fmt.Sprintf("@%s # %s", sha, version) | ||
| } | ||
| copilotSetupLog.Printf("Failed to resolve SHA for setup-cli@%s: %v, falling back to version tag", version, err) |
There was a problem hiding this comment.
This log line will also run when err == nil but sha == "", producing a misleading message like ...: <nil>. Consider splitting the failure cases so the log message reflects whether the resolver errored vs returned an empty/invalid SHA, and avoid logging an error value when it’s nil.
| copilotSetupLog.Printf("Failed to resolve SHA for setup-cli@%s: %v, falling back to version tag", version, err) | |
| if err != nil { | |
| copilotSetupLog.Printf("Failed to resolve SHA for setup-cli@%s: %v, falling back to version tag", version, err) | |
| } else { | |
| copilotSetupLog.Printf("Resolver returned empty SHA for setup-cli@%s, falling back to version tag", version) | |
| } |
| var resolver workflow.ActionSHAResolver | ||
| if actionMode.IsRelease() { | ||
| cache := workflow.NewActionCache(".") | ||
| _ = cache.Load() // Ignore errors if cache doesn't exist yet |
There was a problem hiding this comment.
cache.Load() errors are fully ignored here. If the cache file exists but is unreadable/corrupt (permissions, partial write, etc.), SHA pinning will silently fall back to tags and it’ll be hard to diagnose. Consider ignoring only os.IsNotExist and logging/returning other errors (or at least logging them when verbose).
| _ = cache.Load() // Ignore errors if cache doesn't exist yet | |
| if err := cache.Load(); err != nil { | |
| if os.IsNotExist(err) { | |
| if verbose { | |
| copilotSetupLog.Printf("Action cache not found, continuing without cache: %v", err) | |
| } | |
| } else { | |
| if verbose { | |
| copilotSetupLog.Printf("Error loading action cache, continuing without cache: %v", err) | |
| } | |
| } | |
| } |
| job := wf.Jobs["copilot-setup-steps"] | ||
| installStep := job.Steps[0] | ||
| // SHA-pinned reference should be used | ||
| expectedUses := "github/gh-aw/actions/setup-cli@abc1234567890123456789012345678901234567890 # v2.0.0" | ||
| if installStep.Uses != expectedUses { |
There was a problem hiding this comment.
This test asserts the in-memory Uses field contains " # v2.0.0", but it doesn’t validate what actually gets written after yaml.Marshal in the upgrade path. Since YAML marshalers quote strings containing #, the on-disk workflow may end up with uses: "...@sha # v2.0.0" (invalid for Actions). Add an assertion that marshaling + any post-processing produces an unquoted uses: line where # v2.0.0 is an inline YAML comment, not part of the value.
gh aw upgradewas writing a bare version tag for thesetup-cliaction reference (e.g.,@v0.52.1) instead of a SHA-pinned reference, inconsistent with how other action references are handled.Changes
getActionRef— added optionalworkflow.ActionSHAResolverparameter; when provided in release mode, resolves the commit SHA forgithub/gh-aw/actions/setup-cliand returns@<SHA> # <version>, falling back to the version tag on failureensureCopilotSetupStepsWithUpgrade— constructs anActionResolver(backed by the local action cache) for release mode and threads it through to all helper functionsgenerateCopilotSetupStepsYAML/upgradeSetupCliVersion/renderCopilotSetupUpdateInstructions— updated signatures to accept and forward the resolverBefore:
After:
Tests
TestGetActionRef— covers resolver present (SHA-pinned), resolver absent (version tag), resolver failure (fallback)TestUpgradeSetupCliVersion_WithSHAResolver— end-to-end validation of SHA-pinnedusesfield via mock resolverWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://v-api-github-com.286600.xyz/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet(http block)https://v-api-github-com.286600.xyz/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha user.email test@example.com /usr/bin/git -json GO111MODULE 64/bin/go git conf�� /git/ref/tags/v8 Test User /usr/bin/git -json GO111MODULE 64/bin/go git(http block)https://v-api-github-com.286600.xyz/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /usr/bin/git GOINSECURE GOMOD GOMODCACHE git(http block)https://v-api-github-com.286600.xyz/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 1565254860/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ck '**/*.cjs' '**/*.ts' '**/*.json' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE tions/setup/node--show-toplevel git rev-�� --show-toplevel go /usr/bin/git */*.ts' '**/*.jsgit GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha pload-artifact/git/ref/tags/v7 go /usr/bin/infocmp -json GO111MODULE ache/go/1.25.0/x--show-toplevel infocmp -1 xterm-color go /usr/bin/git 0040/001/stabiligit GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)https://v-api-github-com.286600.xyz/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/gh-aw-test-runs/20260304-033554-37128/test-2823959713 config /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet remote.origin.urgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/audit-workflows.md config /opt/hostedtoolcache/node/24.13.1/x64/bin/node remote.origin.urgit GO111MODULE 64/bin/go node /tmp�� /tmp/TestHashConsistency_GoAndJavaScript485870156/001/test-frontmatter-with-env--nxv go /usr/bin/git on' --ignore-patgit GO111MODULE 64/bin/go git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git y.md GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git ck 'scripts/**/*git GO111MODULE x_amd64/vet git(http block)https://v-api-github-com.286600.xyz/repos/actions/download-artifact/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 3183491872 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE node(http block)/usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq .object.sha 3554-37128/test-2823959713 GOPROXY ache/go/1.25.0/x64/bin/go GOSUMDB GOWORK 64/bin/go ortcfg --ch�� g/fileutil/fileutil.go g/fileutil/tar.go /opt/hostedtoolcache/go/1.25.0/x64/bin/go tierignore GO111MODULE 64/bin/go go(http block)/usr/bin/gh gh api /repos/actions/download-artifact/git/ref/tags/v8 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x-nilfunc GOINSECURE GOMOD GOMODCACHE go env 3554-37128/test-3183491872 GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.286600.xyz/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build3844486456/b372/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/internal/tools/generate-action-metadata/main.go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build3844486456/b394/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/envutil/envutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/envutil/envutil_test.go env on' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.286600.xyz/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha GOMODCACHE go ache/node/24.13.1/x64/bin/node -json GO111MODULE odules/npm/node_--show-toplevel git t-32�� k/gh-aw/gh-aw/.github/workflows/brave.md remote.origin.url e/git-remote-https on' --ignore-patgit GO111MODULE 64/bin/go e/git-remote-https(http block)https://v-api-github-com.286600.xyz/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/gh-aw-test-runs/20260304-033554-37128/test-2823959713 config .cfg remote.origin.urgit GO111MODULE 64/bin/go git conf�� user.email test@example.com /usr/bin/git on' --ignore-patgit GO111MODULE At,event,headBra--show-toplevel git(http block)https://v-api-github-com.286600.xyz/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha SameOutput1865690040/001/stability-test.md GO111MODULE(http block)https://v-api-github-com.286600.xyz/repos/actions/upload-artifact/git/ref/tags/v7/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha ck '**/*.cjs' '**/*.ts' '**/*.json' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/cgo GOINSECURE GOMOD erignore 5H/liMzR8Ds-CnfJ51RFpkM/58sERvdoTest User env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 1; \ fi env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 go /usr/bin/git -json GO111MODULE /usr/bin/git git rev-�� --show-toplevel(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--git-dir git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet x_amd64/link -bool -buildtags /usr/bin/git x_amd64/link(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env e-analyzer.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE 64/pkg/tool/linu/tmp/gh-aw-test-runs/20260304-034103-41914/test-2367222227 git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet x_amd64/vet /tmp/go-build384git -importcfg 4486456/b421/vet--show-toplevel x_amd64/vet(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 go /usr/bin/git -json l /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel GOPROXY /usr/bin/infocmpuser.email git(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 go /usr/bin/git -json GO111MODULE om/testorg/testr.github/workflows/test.md git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x-d /usr/bin/git /tmp/go-build384git(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 go /usr/bin/git -json GO111MODULE /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel GOPROXY ache/node/24.13.--show-toplevel git(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env plorer.md GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 go /usr/bin/git -json(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go ode_�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD FFiles,SFiles,Sw--git-dir go(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha json' --ignore-pGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env th .prettierignoGOSUMDB GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel ortcfg /usr/bin/infocmp g/cli/access_loggit g/cli/actionlintrev-parse ache/go/1.25.0/x--show-toplevel infocmp -1 xterm-color ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 4486456/b389/_pkgit GO111MODULE 4486456/b389=> git(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha json' --ignore-pGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env th .prettierignoGOSUMDB GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha --show-toplevel sh /usr/bin/git "prettier" --chegit go ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -json GO111MODULE /opt/hostedtoolc/tmp/gh-aw-test-runs/20260304-034103-41914/test-565440044/.github/workflows git(http block)https://v-api-github-com.286600.xyz/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha json' --ignore-pGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env th .prettierignoGOSUMDB GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel sh /usr/bin/git "prettier" --chegit go 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git -json .cfg /opt/hostedtoolc--show-toplevel git(http block)https://v-api-github-com.286600.xyz/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1348178027/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://v-api-github-com.286600.xyz/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 0XVD7GS/mRL0tEU7JbrieQ94-F8q env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion k/gh-aw/gh-aw/pkgit k/gh-aw/gh-aw/pkrev-parse /usr/bin/infocmp--show-toplevel git rev-�� --show-toplevel infocmp /usr/bin/git runs/20260304-03git GOPROXY /usr/bin/git git(http block)https://v-api-github-com.286600.xyz/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git 3554-37128/test-git GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel node /usr/bin/git --check **/*.cjs ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/bin/git -json GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel node /usr/bin/git vaScript48587015git **/*.cjs /opt/hostedtoolc--show-toplevel git(http block)https://v-api-github-com.286600.xyz/repos/owner/repo/contents/file.md/tmp/go-build3844486456/b383/cli.test /tmp/go-build3844486456/b383/cli.test -test.testlogfile=/tmp/go-build3844486456/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ode_modules/.binGOMODCACHE GOINSECURE GOMOD GOMODCACHE go(http block)/tmp/go-build433026052/b001/cli.test /tmp/go-build433026052/b001/cli.test -test.testlogfile=/tmp/go-build433026052/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.short=true -test.run=^Test /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel sh /usr/bin/git "prettier" --chegit GOPROXY ache/go/1.25.0/x--show-toplevel git(http block)https://v-api-github-com.286600.xyz/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ode_modules/.binGOMODCACHE GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel go /usr/bin/git 3554-37128/test-git GO111MODULE 64/pkg/tool/linu--show-toplevel git 1/x6�� --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a **/*.cjs ash git(http block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
gh aw upgradedoes not set a sha forsetup-cliincopilot-setup-steps.yml#19451💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.