Replace AWF runtime Python patch with shared JavaScript helper#41623
Merged
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
Refactor AWF chroot patch to JavaScript helper
Replace AWF runtime Python patch with shared JavaScript helper
Jun 26, 2026
Copilot created this pull request from a session on behalf of
pelikhan
June 26, 2026 06:50
View session
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request removes the inline Python heredoc used to patch AWF chroot configuration in generated workflows and replaces it with a repository-owned JavaScript helper invoked via node, keeping the runtime contract of patching ${RUNNER_TEMP}/gh-aw/awf-config.json and mirroring the result to /tmp/gh-aw/awf-config.json.
Changes:
- Added a shared JS helper (
patch_awf_chroot_config.cjs) to patch AWF config withchroot.*settings at runtime (ARC/DinD only). - Updated the workflow compiler logic to emit a Node-based invocation of the helper instead of an inline Python heredoc.
- Regenerated affected golden outputs and compiled workflow lock files to use the shared helper pattern.
Show a summary per file
Changed files
| File | Description |
|---|---|
| actions/setup/js/patch_awf_chroot_config.cjs | New shared runtime helper to patch AWF config chroot fields |
| actions/setup/js/patch_awf_chroot_config.test.cjs | Unit tests for the new helper |
| pkg/workflow/awf_helpers.go | Compiler emits Node helper invocation for ARC/DinD chroot patching |
| pkg/workflow/awf_config.go | Adds chroot schema structs to AWF config model |
| pkg/workflow/awf_helpers_test.go | Tests that generated AWF script includes helper invocation and no Python heredoc |
| docs/adr/38911-emit-awf-chroot-config-via-runtime-patch.md | ADR updated to reflect helper-based runtime patching |
| .changeset/patch-enable-awf-chroot-mode.md | Changeset entry related to AWF chroot enablement |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden | Regenerated golden output to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden | Regenerated golden output to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden | Regenerated golden output to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden | Regenerated golden output to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden | Regenerated golden output to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden | Regenerated compile fixture to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden | Regenerated compile fixture to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden | Regenerated compile fixture to use helper-based chroot patch |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden | Regenerated compile fixture to use helper-based chroot patch |
| .github/workflows/ab-testing-advisor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/ace-editor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/agent-performance-analyzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/agent-persona-explorer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/agentic-token-audit.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/agentic-token-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/agentic-token-trend-audit.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/ai-moderator.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/approach-validator.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/architecture-guardian.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/archie.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/artifacts-summary.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/audit-workflows.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/avenger.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/aw-failure-investigator.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/blog-auditor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/bot-detection.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/brave.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/breaking-change-checker.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/chaos-pr-bundle-fuzzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/changeset.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/ci-coach.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/ci-doctor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/cli-consistency-checker.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/cli-version-checker.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/cloclo.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/claude-code-user-docs-review.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/cli-consistency-checker.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/code-scanning-fixer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/code-simplifier.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/commit-changes-analyzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/contribution-check.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-agent-analysis.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-centralization-drilldown.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-centralization-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-cli-deep-research.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-opt.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-pr-merged-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-pr-nlp-analysis.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-pr-prompt-analysis.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/copilot-session-insights.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/craft.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/constraint-solving-potd.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-agentrx-trace-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-agent-of-the-day-blog-writer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-ambient-context-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-architecture-diagram.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-assign-issue-to-user.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-aw-cross-repo-compile-check.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-awf-spec-compiler-surfacing.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-byok-ollama-test.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-cache-strategy-analyzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-caveman-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-choice-test.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-cli-performance.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-cli-tools-tester.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-code-metrics.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-community-attribution.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-compiler-quality.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-compiler-threat-spec-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-credit-limit-test.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-doc-healer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-doc-updater.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-experiment-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-fact.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-file-diet.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-firewall-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-formal-spec-verifier.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-function-namer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-geo-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-hippo-learn.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-issues-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-malicious-code-scan.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-max-ai-credits-test.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-mcp-concurrency-analysis.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-model-inventory.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-model-resolution.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-multi-device-docs-tester.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-news.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-observability-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-performance-summary.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-regulatory.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-reliability-review.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-rendering-scripts-verifier.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-repo-chronicle.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-safe-output-integrator.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-safe-output-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-safe-outputs-conformance.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-safeoutputs-git-simulator.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-security-observability.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-security-red-team.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-secrets-analysis.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-semgrep-scan.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-sentrux-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-skill-optimizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-spdd-spec-planner.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-syntax-error-quality.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-team-status.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-team-evolution-insights.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-testify-uber-super-expert.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-token-consumption-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-workflow-updater.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-windows-terminal-integration-builder.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/daily-yamllint-fixer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dataflow-pr-discussion-dataset.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dead-code-remover.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dependabot-burner.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dependabot-go-checker.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dependabot-repair.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/deep-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/deployment-incident-monitor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/designer-drift-audit.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dev.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dev-hawk.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/dictation-prompt.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/draft-pr-cleanup.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/duplicate-code-detector.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/example-permissions-warning.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/example-workflow-analyzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/firewall.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/firewall-escape.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/functional-pragmatist.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/glossary-maintainer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/go-fan.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/go-logger.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/go-pattern-detector.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/github-mcp-tools-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/github-mcp-structural-analysis.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/github-remote-mcp-auth-test.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/gpclean.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/grumpy-reviewer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/hippo-embed.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/hourly-ci-cleaner.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/instructions-janitor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/issue-arborist.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/issue-monster.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/issue-triage-agent.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/jsweep.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/layout-spec-maintainer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/lint-monster.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/linter-miner.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/lockfile-stats.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/mcp-inspector.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/mergefest.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/metrics-collector.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/notion-issue-summary.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/objective-impact-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/org-health-report.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/outcome-collector.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/pdf-summary.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/plan.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/poem-bot.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/portfolio-analyst.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/pr-code-quality-reviewer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/pr-description-caveman.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/pr-nitpick-reviewer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/pr-sous-chef.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/pr-triage-agent.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/prompt-clustering-analysis.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/python-data-charts.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/q.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/refiner.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/refactoring-cadence.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/release.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/repo-audit-analyzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/repo-tree-map.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/repository-quality-improver.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/research.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/ruflo-backed-task.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/safe-output-health.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/schema-consistency-checker.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/schema-feature-coverage.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/scout.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/security-compliance.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/security-review.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/semantic-function-refactor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/sergo.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/skillet.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/slide-deck-maintainer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-agent-all-merged.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-agent-all-none.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-agent-public-approved.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-agent-public-none.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-agent-scoped-approved.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-antigravity.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-call-workflow.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-ci.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-claude.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-claude-on-copilot.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-codex.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-copilot.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-copilot-arm.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-copilot-sdk.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-copilot-aoai-apikey.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-copilot-aoai-entra.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-gemini.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-multi-pr.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-opencode.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-otel-backends.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-pi.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-project.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-service-ports.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-temporary-id.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-test-tools.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-workflow-call.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-workflow-call-with-inputs.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/smoke-update-cross-repo-pr.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/spec-enforcer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/spec-extractor.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/spec-librarian.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/stale-pr-cleanup.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/stale-repo-identifier.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/sub-issue-closer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/super-linter.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/technical-doc-writer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/terminal-stylist.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/test-quality-sentinel.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/tidy.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/typist.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/ubuntu-image-analyzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/uk-ai-operational-resilience.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/unbloat-docs.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/update-astro.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/video-analyzer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/visual-regression-checker.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/weekly-editors-health-check.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/weekly-issue-summary.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/weekly-blog-post-writer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/weekly-safe-outputs-spec-review.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/workflow-generator.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/workflow-health-manager.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/workflow-normalizer.lock.yml | Regenerated lock workflow to call chroot patch helper |
| .github/workflows/workflow-skill-extractor.lock.yml | Regenerated lock workflow to call chroot patch helper |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 266/266 changed files
- Comments generated: 3
- Review effort level: Low
Comment on lines
+45
to
+52
| if (require.main === module) { | ||
| try { | ||
| patchAWFChrootConfig(); | ||
| } catch (error) { | ||
| const message = error instanceof Error ? error.message : String(error); | ||
| throw new Error(`chroot config patch failed: ${message}`); | ||
| } | ||
| } |
| ### Neutral | ||
| - All engine golden files were regenerated to include the embedded Python patch block. | ||
| - All engine golden files were regenerated to include the runtime helper patch invocation. | ||
| - A standalone `buildArcDindChrootConfigInjectScript` form exists purely for test coverage; production uses the merged in-`if`-block form. |
| @@ -27,12 +27,11 @@ Emit the `chroot` object directly when the Go config file is generated, alongsid | |||
| - The change is version-gated and topology-gated, so non-DinD and older-AWF setups are unaffected. | |||
Contributor
|
@copilot refresh the branch and rerun checks to move this forward.
|
Contributor
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
Contributor
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
Contributor
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Contributor
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
Contributor
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Contributor
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
Contributor
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
Contributor
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
Contributor
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
Contributor
Smoke test
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "proxy.golang.org"See Network Configuration for more information.
|
Contributor
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
Contributor
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
Contributor
|
Smoke Test: Codex - 28234986947\n✅ PR reads, Serena, Playwright, file, bash, build, memory, cache\n❌ Web-fetch unavailable\n⏭️ Issue-field skipped\nOverall: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Contributor
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
This was referenced Jun 26, 2026
Contributor
|
Smoke tests FAIL: see issue #41668 for details.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · 82.1 AIC · ⌖ 25.6 AIC · ⊞ 8.7K
| except Exception as e: | ||
| raise SystemExit(f"chroot config patch failed: {e}") from e | ||
| PY | ||
| GH_AW_CHROOT_BINARIES_SOURCE_PATH=/tmp/gh-aw GH_AW_CHROOT_IDENTITY_HOME=/tmp/gh-aw/home node "${RUNNER_TEMP}/gh-aw/actions/patch_awf_chroot_config.cjs" |
Contributor
There was a problem hiding this comment.
🧪 Smoke test review: the inline Python heredoc is now replaced by a Node helper invocation here — cleaner and easier to test. Looks good!
| @@ -1041,19 +1041,7 @@ jobs: | |||
| GH_AW_DOCKER_HOST_PATH_PREFIX_ARGS="" | |||
| if [[ "${DOCKER_HOST:-}" =~ ^tcp:// ]]; then | |||
| GH_AW_DOCKER_HOST_PATH_PREFIX_ARGS="--docker-host-path-prefix /tmp/gh-aw" | |||
Contributor
There was a problem hiding this comment.
🧪 Smoke test review: nice that the DOCKER_HOST guard and path-prefix arg setup remain unchanged, preserving the runtime contract.
Contributor
|
Titles: Replace AWF runtime Python patch with shared JavaScript helper | [docs] Update glossary - daily scan | fix: accept agent-supplied branch in push_to_pull_request_branch (fixes #41643) Warning Firewall blocked 5 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Contributor
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 5 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Contributor
There was a problem hiding this comment.
Smoke test review: shared-helper rollout looks consistent in the sampled workflow diffs.
Warning
Firewall blocked 5 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · 512.6 AIC · ⌖ 15.7 AIC · ⊞ 18.9K
Contributor
|
Smoke Test Results: 1✅ 2✅ 3❌ 4✅ 5✅ 6✅ 7✅ 8✅ 9❌ 10❌ 11❌ 12❌ 13❌ 14❌ 15❌ Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change removes the inline Python AWF chroot-config patch emitted into generated workflows and replaces it with a repository-owned JavaScript helper. It updates the Matt Pocock reviewer path and all affected compiled workflows to use the same Actions-native implementation pattern.
What changed
python3heredoc used for ARC/DinD AWF chroot config patching with a dedicated JS helper underactions/setup/js/.mattpocock-skills-reviewer.lock.yml, to invoke the helper instead of embedding ad hoc script content.${RUNNER_TEMP}/gh-aw/awf-config.jsonand mirror the result to/tmp/gh-aw/awf-config.json.Why this matters
actions/github-script/JS helper ecosystem, which is easier to test, evolve, and review consistently.Implementation details
actions/setup/js/patch_awf_chroot_config.cjsto apply:chroot.binariesSourcePathchroot.identity.userchroot.identity.uidchroot.identity.gidchroot.identity.homepkg/workflow/awf_helpers.goto emit a Node-based invocation rather than an inline heredoc.Generated step shape
✨ PR Review Safe Output Test - Run 28234986976
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.