[awf] Fix tool-cache mount handling, smoke-pi runtime config, and cache-memory git recovery#35802
Conversation
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
|
🧪 Test Quality Sentinel completed test quality analysis. |
|
💫 TO BE CONTINUED... Smoke Claude failed to deliver outputs! Our hero faces unexpected challenges... |
|
✅ PR Code Quality Reviewer completed the code quality review. |
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅ |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
There was a problem hiding this comment.
Pull request overview
This PR updates AWF command generation so non-default runner tool-cache directories can be mounted into the AWF chroot, addressing Node/runtime lookup failures on runners that use /home/runner/work/_tool or another RUNNER_TOOL_CACHE.
Changes:
- Adds a generated shell probe for
RUNNER_TOOL_CACHE/ legacy_tooldetection. - Injects
${GH_AW_TOOL_CACHE_MOUNT}into AWF invocations. - Updates unit and wasm golden coverage for the generated command shape.
Show a summary per file
| File | Description |
|---|---|
pkg/workflow/awf_helpers.go |
Adds dynamic tool-cache mount probe and AWF command injection. |
pkg/workflow/awf_config_test.go |
Adds assertions for generated tool-cache mount probe content. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden |
Updates Claude golden AWF command output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden |
Updates Codex golden AWF command output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden |
Updates Copilot golden AWF command output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden |
Updates Gemini golden AWF command output. |
pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden |
Updates Pi golden AWF command output. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden |
Updates basic Copilot fixture golden output. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden |
Updates Playwright fixture golden output. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden |
Updates smoke Copilot fixture golden output. |
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden |
Updates imported fixture golden output. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 11/11 changed files
- Comments generated: 2
| %s="--mount \"$GH_AW_TOOL_CACHE:$GH_AW_TOOL_CACHE:ro\"" | ||
| fi | ||
| elif [ -d "/home/runner/work/_tool" ]; then | ||
| %s="--mount \"/home/runner/work/_tool:/home/runner/work/_tool:ro\"" |
| GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:-/opt/hostedtoolcache}" | ||
| if [ -d "$GH_AW_TOOL_CACHE" ]; then | ||
| if [[ "$GH_AW_TOOL_CACHE" != /opt/* ]]; then | ||
| %s="--mount \"$GH_AW_TOOL_CACHE:$GH_AW_TOOL_CACHE:ro\"" |
|
@copilot make merge-main |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
|
|
|
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Investigated run 26671382769 (job 78615729329): step 19 failed in |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
|
Smoke test results: GitHub MCP ✅, Web Fetch ✅, File Write ✅, Bash ✅, Build ❌. Overall Status: FAIL. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Smoke Test: Codex - 26672230016
Overall: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
🧪 Smoke Test: Claude — Run 26672230109Core #1-13: ✅ all pass (Test 2 Overall: PARTIAL — run Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · opus48 1.1M
| @@ -0,0 +1,5 @@ | |||
| --- | |||
| "gh-aw": patch | |||
There was a problem hiding this comment.
Smoke test review: changeset type is correctly set to patch. ✅
| "gh-aw": patch | ||
| --- | ||
|
|
||
| Fixed AWF chroot tool-cache mounting so runners that use `RUNNER_TOOL_CACHE` or the legacy `_tool` path can still find Node during startup. |
There was a problem hiding this comment.
Smoke test review: clear description of the tool-cache mounting fix. 👍
|
[awf] Fix tool-cache mount handling, smoke-pi runtime config, and cache-memory git recovery Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Smoke review: the non-default tool-cache mount handling and cache-memory recovery changes look aligned with the added coverage.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · gpt54 18.2M
| toolCacheMountProbe := fmt.Sprintf(`%s="" | ||
| GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:-/opt/hostedtoolcache}" | ||
| if [ -d "$GH_AW_TOOL_CACHE" ]; then | ||
| if [[ "$GH_AW_TOOL_CACHE" != /opt/* ]]; then |
There was a problem hiding this comment.
Nice guard on the extra mount. Restricting it to non-/opt tool-cache paths keeps the default hosted-runner case from picking up a redundant bind mount.
| # If git metadata is malformed enough that config cannot be written (for example | ||
| # missing HEAD), recover by reinitializing while preserving working-tree files. | ||
| _hooks_config_err="$(mktemp)" | ||
| if ! git config core.hooksPath /dev/null 2>"$_hooks_config_err"; then |
There was a problem hiding this comment.
Good recovery ordering here: the hook-path write now happens behind a reinit path, so a missing HEAD can self-heal before git config turns the cache restore into a hard failure.
|
📰 DEVELOPING STORY: Smoke Copilot reports failed to deliver outputs. Our correspondents are investigating the incident... |
On runners where
setup-nodeinstalls into non-default tool-cache locations (for example/home/runner/work/_toolviaRUNNER_TOOL_CACHE), AWF chroot could not reliably find Node, causing startup failures.This PR also hardens cache-memory git setup to recover from malformed restored
.gitmetadata that can cause earlyfatal: not in a git directoryfailures in workflow setup steps.What changed
AWF command generation: tool-cache mount and PATH handling
RUNNER_TOOL_CACHE(preferred), fallback/opt/hostedtoolcache/home/runner/work/_toolwhen present/opt/*tool-cache paths into chroot as read-only.host:container:rovalue.RUNNER_TOOL_CACHEso arbitrary non-/optcaches are discoverable.Smoke Pi workflow updates (follow-up CI feedback)
copilot/gpt-5.4.${{ github.workspace }}/tmp/gh-aw/agentCache-memory setup hardening
actions/setup/sh/setup_cache_memory_git.shto self-heal when restored git metadata is malformed before hook configuration.actions/setup/sh/setup_cache_memory_git_test.shfor missing-HEADcorruption recovery.Generated output alignment
Changeset
> Generated by 📋 Changeset Generator for issue #35802 · gpt54 1.2M · ◷
✨ PR Review Safe Output Test - Run 26672230109
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.