Skip to content

fix: replace hardcoded github.token with configurable push token in Configure Git credentials steps#25403

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/fix-github-token-hardcode-in-lock-files
Draft

fix: replace hardcoded github.token with configurable push token in Configure Git credentials steps#25403
Copilot wants to merge 2 commits intomainfrom
copilot/fix-github-token-hardcode-in-lock-files

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 8, 2026
edited
Loading

Compiled lock files hardcode ${{ github.token }} in "Configure Git credentials" steps, causing silent git push failures in sandboxed runners where github.token lacks push scope. The workaround (patching the lock file post-compile) is wiped on every recompile.

Changes

  • Default token changed: Configure Git credentials steps now use ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} instead of ${{ github.token }}. Functionally equivalent when GH_AW_GITHUB_TOKEN is unset; automatically upgrades when it is.

  • New push-token frontmatter field: Allows specifying an explicit token for git push operations that survives recompiles:

    push-token: ${{ secrets.MY_PAT }}

  • Token resolution: getEffectiveGitPushToken() in github_token.go — custom token → GH_AW_GITHUB_TOKEN || GITHUB_TOKEN.

  • WorkflowData.PushToken: Populated from ParsedFrontmatter.PushToken with a raw-frontmatter fallback for cases where ParseFrontmatterConfig fails (e.g. on: push string triggers a JSON unmarshal error on the map[string]any typed On field).

  • Schema: push-token added to main_workflow_schema.json.

  • All 187 lock files recompiled with the new default token; WASM golden files updated.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE node (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env ISFd/hGr7O_akiSYGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 9872845/b388/impGO111MODULE (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name l GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub/workflows GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/gh git rev-�� >&2; exit 1 gh /usr/bin/git list --json /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git 3366397920 rev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git /home/REDACTED/worgit erena-mcp-serverrev-parse /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha /usr/bin/git git /usr/bin/git 858687236/.githugit git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git ansitiveImports1git git 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git origin/main feature-branch /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --get remote.origin.url ache/node/24.14.1/x64/bin/node -json GO111MODULE r: $owner, name:--show-toplevel git t-40�� k/gh-aw/gh-aw/.github/workflows/api-consumption-report.md remote.origin.url ache/node/24.14.1/x64/bin/node ithub/workflows l /opt/hostedtoolc--show-toplevel ache/node/24.14.1/x64/bin/node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha UB_TOKEN: \${{ github\.token }}/ GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secretgit k/gh-aw/gh-aw/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden /home/REDACTED/.dotnet/tools/git --show-toplevel /usr/bin/git /usr/bin/git git diff�� --name-only HEAD ache/node/24.14.1/x64/bin/bash --show-toplevel git /usr/bin/git bash (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha efaultBranchFromLsRemoteWithReal-p efaultBranchFromLsRemoteWithRealz.aaxiu.com/github/gh-aw/scripts cfg /tmp/go-build355git -trimpath DiscussionsEnabl--show-toplevel git rev-�� k/gh-aw/gh-aw/.github/workflows go ache/go/1.25.8/x64/pkg/tool/linu-importcfg -json GO111MODULE 64/bin/go ache/go/1.25.8/x64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/scripts/lint_error_messages_test.go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel git /usr/bin/git 3644-33065/test-tr go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel infocmp /usr/bin/git xterm-color go om/org1/repo.git--show-toplevel git rev-�� --show-toplevel git /usr/bin/git GOMODCACHE go /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel infocmp /usr/bin/git ex.lock.yml ache/go/1.25.8/xrev-parse /usr/bin/infocmp--show-toplevel git rev-�� --show-toplevel infocmp /usr/bin/git ithout_min-integgit go 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --get remote.origin.url /usr/lib/git-core/git HEAD:.github/worgit ache/go/1.25.8/xrev-parse (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /ref/tags/v8 git /usr/bin/git ow-without-reactgit remote /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git GOMODCACHE go om/owner/repo.gi--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE me: String!) { -f GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ithub/workflows GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env yml GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha 64/bin/go git /usr/lib/git-core/git ithub/workflows ache/go/1.25.8/xrev-parse /usr/bin/git /usr/lib/git-core/git remo�� REDACTED REDACTED /usr/bin/git ut3327987237/001git go 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git m/workflows git /usr/bin/git git -C /tmp/gh-aw-test-runs/20260408-224026-39481/test-3211213430 rev-parse /usr/bin/git @{u} git /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -bool -buildtags /home/REDACTED/.cargo/bin/bash -errorsas -ifaceassert -nilfunc bash --no�� --noprofile -tests /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/infocmp /home/REDACTED/worgit config me: String!) { --show-toplevel infocmp -1 xterm-color git /usr/bin/git ut3327987237/001git config At,event,headBra--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -bool -buildtags /home/REDACTED/.local/bin/bash -errorsas -ifaceassert -nilfunc bash --no�� --noprofile -tests /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithReal-p git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealz.aaxiu.com/github/gh-aw/scripts 1/x64/bin/node -json GO111MODULE r: $owner, name:--show-toplevel 1/x64/bin/node rev-�� --show-toplevel go /usr/bin/gh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha xterm-color git /usr/bin/git --show-toplevel git /usr/bin/git git ls-r�� --symref origin /usr/bin/git --show-toplevel node /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git ache/uv/0.11.5/x86_64/bash k/gh-aw/gh-aw/pkgit git (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha cJwu/WTNx2OaG9WMGOINSECURE GO111MODULE $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE 9872845/b417/impGOPROXY -c che/go-build/f9/GOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK run-script/lib/nxterm-color /opt/hostedtoolcache/go/1.25.8/xGO111MODULE (http block)
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha A0Rz/Ij03Jz3RJZUGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 9872845/b363/impGOPROXY /hom�� 9872845/b363/embGOSUMDB **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti/home/REDACTED/work/gh-aw/gh-aw/.github/workflows /opt/hostedtoolcconfig (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env iew.lock.yml GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --git-dir git /usr/bin/git ithub/workflows GOPROXY /usr/bin/infocmp--show-toplevel /usr/bin/git remo�� -v infocmp /usr/bin/git y_only_defaults_git go 64/pkg/tool/linu--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --noprofile git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/sh git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha . l ache/node/24.14.1/x64/bin/node ml GO111MODULE ache/go/1.25.8/x--show-toplevel git t-15�� sistency_InlinedImports491953115/001/inlined-b.mOUTPUT go /usr/bin/infocmp ithub/workflows GO111MODULE ache/go/1.25.8/x--show-toplevel infocmp (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --show-toplevel git /usr/bin/git /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git bin/bash --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git ptables --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -stringintconv -tests om/testorg/testrepo.git ithub/workflows GO111MODULE ache/go/1.25.8/x--show-toplevel git -C /tmp/TestGuardPolicyBlockedUsersCommaSeparatedCoOUTPUT config clusion,workflowName,createdAt,startedAt,updated168.63.129.16 remote.origin.urgit 90 ache/go/1.25.8/x--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha flows/test-expires.lock.yml remote /bin/sh --show-toplevel git /usr/bin/git /bin/sh -c git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmaster_branch1353365516/001' git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmaster_branch1353365516/001' /usr/bin/git --show-toplevel node /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git 86_64/bash --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git es --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name rev-parse /usr/bin/git l GO111MODULE 64/bin/go git rev-�� 39290118 node er: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } prettier --check 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 go 64/pkg/tool/linux_amd64/vet j9bR/Foakz8GPvAinode GO111MODULE ed } } 64/pkg/tool/linux_amd64/vet show�� HEAD:.github/workflows/daily-malgo1.25.8 9872845/b398/impGO111MODULE 64/pkg/tool/linux_amd64/vet k/gh-aw/gh-aw/pkgit k/gh-aw/gh-aw/pkrev-parse 64/bin/go 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name git /usr/bin/infocmp --show-toplevel infocmp /usr/bin/git infocmp -1 615721129/001 git /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --show-toplevel ache/go/1.25.8/xrun /usr/bin/git /opt/hostedtoolc--json (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name go /usr/bin/git -json GO111MODULE $name) { has/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/ace-editor.md git -C kflows/notion-issue-summary.lock.yml rev-parse 64/pkg/tool/linux_amd64/link npx prettier --cgit GOPROXY 64/bin/go 64/pkg/tool/linux_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 rev-parse (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --show-toplevel git /usr/bin/git /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name go /usr/bin/git l GO111MODULE 64/bin/go git show�� normalizer.lock.yml sh 64/pkg/tool/linux_amd64/compile npx prettier --cgit GOPROXY 64/bin/go 64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 config /usr/bin/docker remote.origin.urnode GO111MODULE 64/bin/go docker imag�� k/gh-aw/gh-aw/.github/workflows ghcr.io/github/serena-mcp-server:latest x_amd64/compile prettier --check DiscussionsEnabl--show-toplevel x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name git 2844246/b425/vet.cfg --show-toplevel git /usr/bin/git git conf�� -instructions-test-2063578728/.github/workflows remote.origin.url /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name go 64/bin/bash -json GO111MODULE 64/bin/go /usr/bin/gh api 39290118 -f ck -f owner=github -f infocmp (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 config /usr/bin/git remote.origin.urgit GO111MODULE DiscussionsEnabl--show-toplevel git rev-�� kflows/pr-nitpick-reviewer.lock.-s sh /usr/bin/infocmp "prettier" --chegit GOPROXY 64/bin/go infocmp (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name git 2844246/b442/vet.cfg --show-toplevel node /usr/bin/git gh repo�� view owner/test-repo /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name -f de/node/bin/bash-nolocalimports -f owner=github DiscussionsEnabl-pack git -C 39290118 rev-parse x_amd64/compile prettier --check 64/bin/go x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 go 64/pkg/tool/linux_amd64/compile ys11/v1BIuE9qY73git GO111MODULE 64/bin/go 64/pkg/tool/linux_amd64/compile -C _.a rev-parse /usr/bin/git l setup/js/node_morev-parse $name) { has--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name git /usr/bin/infocmp 001' 001' /usr/bin/git infocmp -1 runs/20260408-224026-39481/test-2340569294/.github/workflows git /bin/sh --show-toplevel git /usr/bin/git /bin/sh (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name go 1/x64/bin/bash -json GO111MODULE 64/bin/go infocmp -1 39290118 node /usr/bin/gh l --check $name) { has--git-dir gh (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 rev-parse 64/pkg/tool/linux_amd64/cgo l GO111MODULE ed } } 64/pkg/tool/linux_amd64/cgo -C /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config x_amd64/link remote.origin.urgit GOPROXY 64/bin/go x_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name git /usr/bin/infocmp l /opt/hostedtoolcrev-parse /usr/bin/git infocmp -1 runs/20260408-224026-39481/test-2340569294/.github/workflows git /usr/bin/git --show-toplevel git repository(owne--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name go me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -json GO111MODULE $name) { hasuser.name git -C kflows/plan.lock.yml config /usr/bin/git remote.origin.urgit --check 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 -f 64/pkg/tool/linux_amd64/vet -f owner=github -f 64/pkg/tool/linux_amd64/vet -1 k/gh-aw/gh-aw/.github/workflows 9872845/b347/impGO111MODULE k 9872845/b347/embgit GOPROXY 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name git /usr/bin/gh --show-toplevel git /usr/bin/git gh repo�� view test-owner/test-repo-33065 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --show-toplevel git /usr/bin/git /opt/hostedtoolcache/go/1.25.8/xremote.origin.url (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path ithub/workflows GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env grep-scan.lock.yml GO111MODULE /opt/hostedtoolcache/go/1.25.8/x-f GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GO111MODULE 64/bin/go git -C sue-summary.lock.yml rev-parse /usr/bin/gh npx prettier --cgit GOPROXY DiscussionsEnabl--show-toplevel /usr/bin/gh (http block)
  • https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
    • Triggering command: /tmp/go-build589571897/b397/cli.test /tmp/go-build589571897/b397/cli.test -test.testlogfile=/tmp/go-build589571897/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git me.go o e/git-upload-pac--show-toplevel git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go 1/x64/bin/node git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel l /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows config 64/pkg/tool/linux_amd64/compile remote.origin.urgit GOPROXY 64/bin/go 64/pkg/tool/linuremote.origin.url show�� 87/001/test-empty-frontmatter.md sh x_amd64/compile "prettier" --chegh sh DiscussionsEnabllist x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel infocmp /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /usr/bin/git git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� ndLinux.slice git /usr/bin/git --get remote.origin.ur-V=full /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go _bra�� ithub/workflows GO111MODULE repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel infocmp /usr/bin/git git add new-feature.txt git /usr/bin/git --show-toplevel /usr/bin/gh /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE iginal GOINSECURE GOMOD GOMODCACHE iginal env ithub/workflows GO111MODULE (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha ithub/workflows GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ock.yml GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -concurrency-ana-s GO111MODULE (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE me: String!) { repository(owner: $owner, name:-f GOINSECURE GOMOD GOMODCACHE go env Gitmaster_branch1580710085/001' Gitmaster_branch1580710085/001' /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linu-C /usr/bin/git git rev-�� lGitbranch_with_hyphen1401754195/001' lGitbranch_with_hyphen1401754195/001' /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha -json GOCACHE 64/bin/go tierignore scripts/**/*.js 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ithub/workflows sh 64/pkg/tool/linux_amd64/link npx prettier --cgit GOPROXY $name) { has--show-toplevel 64/pkg/tool/linux_amd64/link -1 til.test sh x_amd64/link "prettier" --che/usr/bin/git sh 64/bin/go x_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha /usr/bin/git git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� ndLinux.slice git /usr/bin/git --show-toplevel git (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion H8pU/eNnoa-rIndzgit GO111MODULE 64/bin/go 64/pkg/tool/linux_amd64/vet api graphql erena-mcp-server:latest /usr/bin/git -f owner=github -f git (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion --show-toplevel e/git /usr/bin/git /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env st.lock.yml GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo ache/go/1.25.8/x64/bin/go on; \ echo "���/usr/bin/gh GOMOD GOMODCACHE go env -json GO111MODULE me: String!) { -f GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state /usr/bin/git HEAD .github/workflowrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp user.name Test User /opt/hostedtoolc--show-toplevel infocmp (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build589571897/b397/cli.test /tmp/go-build589571897/b397/cli.test -test.testlogfile=/tmp/go-build589571897/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /tmp/go-build2352844246/b397/cli.test /tmp/go-build2352844246/b397/cli.test -test.testlogfile=/tmp/go-build2352844246/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true /home/REDACTED/worgit go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel x_amd64/link /usr/bin/infocmp--get git (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE r: $owner, name: $name) { hasDiscussionsEnabled } } GOINSECURE GOMOD ed } } go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --show-toplevel git (http block)
  • https://api.github.com/repos/test/repo
    • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch --show-toplevel git /usr/bin/git add upstream /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel node /usr/bin/git /home/REDACTED/worsort x_amd64/compile /usr/bin/git git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 8, 2026 that may be closed by this pull request
compiled lock files hardcode github.token in Configure Git credentials steps -- breaks in sandboxed runners #25345
Open
@pelikhan
feat: add push-token frontmatter field and use GH_AW_GITHUB_TOKEN fal…
7d04312 
…lback for git credentials

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c80a7e4c-56fa-4640-90f0-4da722f8c7b9

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix hardcoded github.token in lock files for sandboxed runners fix: replace hardcoded github.token with configurable push token in Configure Git credentials steps Apr 8, 2026
Copilot AI requested a review from pelikhan April 8, 2026 22:59
This was referenced Apr 9, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

compiled lock files hardcode github.token in Configure Git credentials steps -- breaks in sandboxed runners

2 participants

@pelikhan