Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades the repository’s GitHub Agentic Workflows (gh-aw) toolchain to v0.68.2 and regenerates the compiled workflow lockfiles so workflows run with the updated pinned action SHAs, images, and runtime scripts.
Changes:
- Bump gh-aw references to v0.68.2 (agent docs +
github/gh-aw-actions/setuppins across workflows). - Refresh pinned GitHub Action SHAs and container image pins inside compiled
.lock.ymlworkflows (including updated AWF/AWMG versions and new Copilot error detection). - Update
.github/aw/actions-lock.jsonto newer action versions and add container digest entries.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/semantic-function-refactor.lock.yml |
Regenerated lockfile with gh-aw v0.68.2 pins, updated actions/images, and new Copilot error detection outputs. |
.github/workflows/nightly-workflow-compiler.lock.yml |
Regenerated lockfile with gh-aw v0.68.2 pins and updated runtime scripts/actions. |
.github/workflows/nightly-schema-updater.lock.yml |
Regenerated lockfile with gh-aw v0.68.2 pins and updated runtime scripts/actions. |
.github/workflows/nightly-docs-reconciler.lock.yml |
Regenerated lockfile with gh-aw v0.68.2 pins and updated runtime scripts/actions. |
.github/workflows/mcp-gateway-log-analyzer.lock.yml |
Regenerated lockfile with gh-aw v0.68.2 pins and updated runtime scripts/actions. |
.github/workflows/integrity-filtering-audit.lock.yml |
Regenerated lockfile with gh-aw v0.68.2 pins and updated runtime scripts/actions. |
.github/workflows/ghcr-download-tracker.lock.yml |
Regenerated lockfile; still pins actions/cache at v5.0.4 while the repo lockfile bumps cache to v5.0.5. |
.github/workflows/gateway-issue-dispatcher.lock.yml |
Regenerated lockfile with gh-aw v0.68.2 pins and updated runtime scripts/actions. |
.github/aw/actions-lock.json |
Updates action version→SHA mappings (incl. cache v5.0.5) and adds container digest map. |
.github/agents/agentic-workflows.agent.md |
Updates referenced gh-aw documentation/prompt links to v0.68.2. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 33/33 changed files
- Comments generated: 2
Comment on lines
+13
to
+26
| "actions/cache/restore@v5.0.5": { | ||
| "repo": "actions/cache/restore", | ||
| "version": "v5.0.4", | ||
| "sha": "668228422ae6a00e4ad889ee87cd7109ec5666a7" | ||
| "version": "v5.0.5", | ||
| "sha": "27d5ce7f107fe9357f9df03efb73ab90386fccae" | ||
| }, | ||
| "actions/cache/save@v5.0.4": { | ||
| "actions/cache/save@v5.0.5": { | ||
| "repo": "actions/cache/save", | ||
| "version": "v5.0.4", | ||
| "sha": "668228422ae6a00e4ad889ee87cd7109ec5666a7" | ||
| "version": "v5.0.5", | ||
| "sha": "27d5ce7f107fe9357f9df03efb73ab90386fccae" | ||
| }, | ||
| "actions/cache@v5.0.4": { | ||
| "actions/cache@v5.0.5": { | ||
| "repo": "actions/cache", | ||
| "version": "v5.0.4", | ||
| "sha": "668228422ae6a00e4ad889ee87cd7109ec5666a7" | ||
| "version": "v5.0.5", | ||
| "sha": "27d5ce7f107fe9357f9df03efb73ab90386fccae" |
There was a problem hiding this comment.
actions/cache* entries were bumped to v5.0.5 here, but at least one of the newly compiled .lock.yml workflows (e.g. ghcr-download-tracker.lock.yml) still pins actions/cache at v5.0.4. Either update the compiled workflows to use the v5.0.5 SHA (recommended if you intend to upgrade), or keep v5.0.4 entries in this lock file to preserve reproducible future compiles until all workflows migrate.
Comment on lines
+1
to
+2
| # gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3b9597c09804f513f39f5d1e6ac2d048ad940abf3541a0b9755a0580df4b2128","compiler_version":"v0.68.2","strict":true,"agent_id":"copilot"} | ||
| # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache","sha":"668228422ae6a00e4ad889ee87cd7109ec5666a7","version":"v5.0.4"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"19c436149e80e5be4f0adbd9cdeb391acea5fa91","version":"v0.68.2"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.20"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.20"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.20"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.2.19"},{"image":"ghcr.io/github/github-mcp-server:v0.32.0","digest":"sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28","pinned_image":"ghcr.io/github/github-mcp-server:v0.32.0@sha256:2763823c63bcca718ce53850a1d7fcf2f501ec84028394f1b63ce7e9f4f9be28"},{"image":"node:lts-alpine","digest":"sha256:01743339035a5c3c11a373cd7c83aeab6ed1457b55da6a69e014a95ac4e4700b","pinned_image":"node:lts-alpine@sha256:01743339035a5c3c11a373cd7c83aeab6ed1457b55da6a69e014a95ac4e4700b"}]} |
There was a problem hiding this comment.
actions-lock.json was updated to pin actions/cache (and restore/save) at v5.0.5, but this compiled workflow manifest still pins actions/cache at v5.0.4 (sha 668228...). This leaves the repo in an inconsistent state (future gh aw compile runs may not reproduce the same lock, and you may miss cache-action fixes). Recompile after aligning cache versions, or keep v5.0.4 entries in actions-lock.json until workflows are updated to v5.0.5.
This was referenced Apr 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrades gh-aw from the previous version to v0.68.2 and recompiles all workflow lock files.
Changes
.github/agents/agentic-workflows.agent.mdto reference v0.68.2.github/aw/actions-lock.jsonwith new action versions.lock.ymlfiles against v0.68.2