fix: propagate runner config fields to all layers#5716
Conversation
Add missing `runner` section to the Section 4 Data Model table and add Section 5 CLI Mapping entries for `runner.topology` and `runner.sysrootImage` in docs/awf-config-spec.md. These fields were introduced in PRs #5696 and #5697 and correctly propagated to src/awf-config-schema.json, docs/awf-config.schema.json, src/types/runner-options.ts, src/types/wrapper-config.ts, src/config-file.ts, and src/config-mapper.ts — but the spec doc was not updated. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the AWF config spec documentation to reflect newly introduced runner configuration fields (runner.topology, runner.sysrootImage) so the spec matches the schema/types/mapping layers already in the codebase.
Changes:
- Adds
runneras a top-level config object in the data model table. - Adds config-only CLI-mapping entries for
runner.topologyandrunner.sysrootImagein the normative mapping section.
Show a summary per file
| File | Description |
|---|---|
| docs/awf-config-spec.md | Documents the runner config object and its config-only mapping entries so the written spec includes the runner topology/sysroot fields. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 2
- Review effort level: Low
| - `rateLimiting.bytesPerMinute` → `--rate-limit-bytes-pm` | ||
| - `platform.type` → *(config-only; maps to `AWF_PLATFORM_TYPE`)* | ||
| - `runner.topology` → *(config-only; sets runner deployment model — `standard` or `arc-dind`; activates sysroot staging, network isolation defaults, and tool cache validation when `arc-dind`)* | ||
| - `runner.sysrootImage` → *(config-only; sysroot init-container image for `arc-dind` topology; defaults to `ghcr.io/github/gh-aw-firewall/build-tools:<imageTag>`)* |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
@copilot address review feedback |
|
✅ Copilot review passed with no inline comments. @github-actions[bot] Add the |
Fixed in the latest commit. Updated the |
|
🔌 Smoke Services — All services reachable! ✅ |
|
✅ Smoke Claude passed |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Smoke Gemini completed. All facets verified. 💎 Gemini Smoke Test Complete |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
🔑 Smoke Copilot PAT reports failed. PAT auth path may have issues... |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
|
🚀 Security Guard has started processing this pull request |
|
✅ Contribution Check completed successfully! Contribution guidelines review complete for PR #5716: all applicable CONTRIBUTING.md requirements are satisfied; no comment needed. |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
✅ Build Test Suite completed successfully! |
Smoke Test: Claude Engine Validation
Overall result: PASS ✅
|
🔒 Smoke Test: Copilot BYOK (Direct) Mode — PASS ✅
Mode: Direct BYOK mode (COPILOT_PROVIDER_API_KEY) via api-proxy → api.githubcopilot.com Overall: PASS ✅
|
🤖 Copilot Smoke Test ResultsPR: fix: propagate runner config fields to all layers
Overall:
|
|
Smoke Test Results:
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Overall: PASS
|
🔥 Smoke Test: API Proxy OpenTelemetry Tracing
All 5 scenarios pass. OTEL tracing integration is healthy.
|
|
Merged PRs:
PR query:
Checks:
Overall status: FAIL
|
🔬 Chroot Version Comparison Results
Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments.
|
Smoke Test: GitHub Actions Services Connectivity
Overall: FAIL —
|
Gemini Engine Smoke Test Results\n\nGitHub MCP Testing\n- fix: update test assertions for gh-aw-actions v0.82.0 and github-mcp-server v1.5.0\n- chore: upgrade gh-aw extension to latest pre-release (v0.82.0)\n\nTest Results\n1. GitHub MCP: ✅\n2. GitHub Connectivity: ✅\n3. File Writing: ✅\n4. Bash Tool Testing: ✅\n\nOverall status: PASSWarning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
|
|
Config Consistency Fixes
Automated audit of PRs merged in the last 7 days found that
runner.topologyandrunner.sysrootImage— introduced in PRs #5696 and #5697 — were not propagated to the spec documentation.From PR #5696 — "build(docker): add build-tools sysroot image and runner.topology config for arc-dind"
From PR #5697 — "Add ARC-DinD runner topology with sysroot-stage build-tools image"
runner(top-level object)docs/awf-config-spec.mdrunner.topologydocs/awf-config-spec.mdrunner.sysrootImagedocs/awf-config-spec.mdLayers already correctly populated (no action needed)
src/awf-config-schema.jsondocs/awf-config.schema.jsonsrc/types/runner-options.tsRunnerOptionsinterface with both fieldssrc/types/wrapper-config.ts& RunnerOptionsincludedsrc/config-file.tsrunner?block withtopologyandsysrootImagesrc/config-mapper.tsrunner.topology→runnerTopology,runner.sysrootImage→sysrootImageSecurity classification
Both fields are non-sensitive (topology name string, container image reference) — correctly placed in the stdin config mapping, not env vars.
Verification
tsc --noEmit)npm test -- config-file-mapping)npm test -- schema.test)