Merged
Conversation
github-actions
bot
added
the
dependencies
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #27216 +/- ##
==========================================
- Coverage 73.45% 73.45% -0.01%
==========================================
Files 1545 1545
Lines 123642 123642
Branches 14954 14954
==========================================
- Hits 90824 90823 -1
Misses 31799 31799
- Partials 1019 1020 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
renovate
bot
force-pushed
the
renovate/github-gh-aw-0.x
branch
15 times, most recently
from
297216f to
ef7f7ca
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/github-gh-aw-0.x
branch
from
ef7f7ca to
65fbbeb
Compare
Contributor
E2E Tests FailedTo view the Playwright test report locally, run: REPORT_DIR=$(mktemp -d) && gh run download 24139593383 -n playwright-report -D "$REPORT_DIR" && npx playwright show-report "$REPORT_DIR" |
renovate
bot
force-pushed
the
renovate/github-gh-aw-0.x
branch
from
65fbbeb to
2f357cf
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/github-gh-aw-0.x
branch
3 times, most recently
from
afa535b to
e7d0de6
Compare
renovate
bot
force-pushed
the
renovate/github-gh-aw-0.x
branch
from
e7d0de6 to
424be25
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.67.0→v0.67.1Release Notes
github/gh-aw (github/gh-aw)
v0.67.1Compare Source
🌟 Release Highlights
This release delivers a major OpenTelemetry observability overhaul, a new
report_incompletesafe output signal, Claude Code 1.0.0 compatibility, and a wave of security hardening — all driven in part by community-reported issues.✨ What's New
🔭 OpenTelemetry Observability (Multiple PRs)
A substantial series of improvements makes distributed tracing production-ready:
gh-aw.agent.conclusion) instead of the genericgh-aw.job.conclusion, making traces immediately readable in Grafana/Honeycomb/Datadog.startMs).token,secret,key,auth, etc.) in span attributes are automatically redacted before sending to any OTLP collector.OTEL_EXPORTER_OTLP_HEADERSis masked with::add-mask::in every job, preventing auth tokens from leaking in GitHub Actions debug logs.opentelemetryconfig derived fromobservability.otlpfrontmatter and theactions/setuptrace IDs, correlating all MCP tool-call traces under the workflow root trace.service.version,github.repository,github.run_id,github.event_name,github.ref,github.sha,github.actions.run_url,deployment.environment,gh-aw.staged,gh-aw.run.attemptenriching all spans.observability.job-summaryopt-in field is removed (auto-detected).workflow_call_id).gh aw audit,gh aw logs, andgh aw audit diffnow show GitHub API quota consumed per run, per resource.🛡️
report_incompleteSafe OutputA new first-class signal for agents to surface infrastructure or tool failures without being misclassified as successful runs. When an agent emits
report_incomplete, the safe-outputs handler activates failure handling regardless of agent exit code — preventing "tool-failure comment disguised as a success" scenarios. Can be configured withcreate-issue,title-prefix, andlabels, just likemissing_tool.✅
checksas a First-Class MCP ToolThe
checkstool is now registered in the gh-aw MCP server, returning a normalized CI verdict (success,failed,pending,no_checks,policy_blocked). Review workflows no longer need to shell out togh aw checks.🔐 Security Hardening
$\{\{ secrets.* }}interpolated directly intorun:blocks have been moved toenv:mappings across 181 lock files and hand-authored CI workflows, preventing shell injection if a token contains metacharacters.static-analysis-reportworkflow now runs Vigilant-LLC'srunner-guardscanner alongside zizmor, poutine, and actionlint.🔍 Pre-Activation Visibility
When a workflow activation is denied (bot gate, role gate, stop-after, skip-if-match, etc.), the activation job now writes a
$GITHUB_STEP_SUMMARYexplaining the exact reason and providing remediation guidance — no more silently skipping PRs with no visible indicator.🤖 Claude Code 1.0.0 Compatibility
The
--disable-slash-commandsflag has been removed from the Claude CLI args builder. Claude Code 1.0.0 dropped this flag as a breaking change; the compiler was unconditionally injecting it, causing all Claude-engine workflows to fail at startup.🐛 Bug Fixes & Improvements
.endpointproxy —pre_activationcheck scripts were failing withroute.endpoint is not a functiondue to the rate-limit-awaregithubproxy stripping Octokit's.endpointdecorator; fixed with aProxywrapper.SPAN_KIND_INTERNAL(wasSPAN_KIND_SERVER), preventing false RED-metric pollution in observability backends.daily-issues-report— switched fromcodextocopilotengine after OpenAI API access restrictions blocked Codex since Mar 24.go installpath to include/v2/suffix for Go major version convention compliance.breadcrumbs: truekey that was breaking Starlight config.memory.md— documents the baseline-diff approach for nightly scans usingrepo-memory.🌍 Community Contributions
A huge thank you to the community members who reported issues that were resolved in this release!
@bbonafed@dagecko@samuelkahessaychecks, forcing review workflows to shell out togh aw checks(direct issue)For complete details, see CHANGELOG.
What's Changed
github.actions.run_urlresource attribute to all spans by @Copilot in #24691domainStatus→classifyFirewallDomainStatusandstatusEmoji→firewallStatusEmojiby @Copilot in #24712.endpointon rate-limit-aware github proxy to fixroute.endpoint is not a functionby @Copilot in #24758checksas a first-class MCP tool to the gh-aw MCP server by @Copilot in #24757require.NoErrorfor error assertion in gitutil_test.go by @Copilot in #24817checkstool to MCP server tool tests by @Copilot in #24818breadcrumbskey from Starlight config by @Copilot in #24821Full Changelog: github/gh-aw@v0.67.0...v0.67.1
Configuration
📅 Schedule: (in timezone Etc/UTC)
* * * * 0,6)* 0-12 * * 1)* 21-23 * * 1-5)* 0-4 * * 2-6)* * * * 0,6)* 0-12 * * 1)* 22-23 * * 1-5)* 0-4 * * 2-6)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.