Fix Step Name Alignment manifest path to avoid workspace access denials#33944
Conversation
Co-authored-by: pelikhan <[email protected]>
Co-authored-by: pelikhan <[email protected]>
There was a problem hiding this comment.
Pull request overview
Updates the Step Name Alignment workflow to generate/read its manifest from a workspace-local path (instead of /tmp/...) to avoid filesystem access denials in restricted execution modes, and regenerates the compiled lock workflow to match.
Changes:
- Move manifest generation output from
/tmp/gh-aw/agent/...to$GITHUB_WORKSPACE/.gh-aw/agent/...in Step Name Alignment. - Update Step Name Alignment agent instructions to reference
.gh-aw/agent/step-alignment-input.json. - Regenerate workflow lock files (notably Step Name Alignment; DataFlow dataset lock file also changed substantially).
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/step-name-alignment.md | Writes manifest under workspace and updates prompt text to reference the new manifest path. |
| .github/workflows/step-name-alignment.lock.yml | Compiled workflow updated to use the workspace-local manifest path and refreshed generated identifiers. |
| .github/workflows/dataflow-pr-discussion-dataset.lock.yml | Regenerated compiled workflow with additional behavior/config changes beyond the PR’s stated scope. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (1)
.github/workflows/dataflow-pr-discussion-dataset.lock.yml:117
- The PR description focuses on Step Name Alignment, but this workflow is also changing core execution logic (e.g., adding a separate "Checkout actions folder" step and switching setup from a pinned action to a local ./actions/setup). If this is intentional, it should be called out explicitly; otherwise please revert/split these unrelated compiled-workflow changes to avoid accidental behavior changes.
- name: Checkout actions folder
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: github/gh-aw
sparse-checkout: |
actions
persist-credentials: false
- name: Setup Scripts
id: setup
uses: ./actions/setup
with:
- Files reviewed: 3/3 changed files
- Comments generated: 1
| name: "DataFlow PR & Discussion Dataset Builder" | ||
| on: | ||
| schedule: | ||
| - cron: "25 7 * * 6" | ||
| - cron: "39 2 * * 5" | ||
| # Friendly format: weekly (scattered) |
|
@copilot this folder /tmp/gh-aw/agent should be always available for writing . Review agentic engine configurations and ensure it is configured to allow writes |
Co-authored-by: pelikhan <[email protected]>
Co-authored-by: pelikhan <[email protected]>
Addressed in |
|
@copilot this folder should always be writable for any agent and all workflows |
Co-authored-by: pelikhan <[email protected]>
Co-authored-by: pelikhan <[email protected]>
Co-authored-by: pelikhan <[email protected]>
Implemented globally in |
Step Name Alignment failed because the Claude agent was instructed to read its prebuilt manifest from
/tmp/gh-aw/agent, which is outside the allowed working directory in this execution mode. The run then burned turns on blocked Bash attempts and terminated atmax_turns.Root-cause correction: manifest location
/tmp/gh-aw/agent/...to$GITHUB_WORKSPACE/.gh-aw/agent/...in the workflow source.Prompt/runtime alignment
step-name-alignment.mdto reference.gh-aw/agent/step-alignment-input.json(workspace-local path).step-name-alignment.lock.ymlso compiled workflow behavior matches source.Net effect