Skip to content

Pin microsoft/APM version to v0.8.0 and emit it in generated apm-action steps#21297

Merged
pelikhan merged 5 commits intomainfrom
copilot/add-constant-to-pin-apm-version
Mar 17, 2026
Merged

Pin microsoft/APM version to v0.8.0 and emit it in generated apm-action steps#21297
pelikhan merged 5 commits intomainfrom
copilot/add-constant-to-pin-apm-version

Conversation

Copy link
Contributor

Copilot AI commented Mar 16, 2026
edited
Loading

The compiler had no pinned version for the microsoft/APM CLI tool, so generated microsoft/apm-action steps had no apm-version: input and aw_info had no APM version tracking.

Changes

  • pkg/constants/constants.go — adds DefaultAPMVersion Version = "v0.8.0"
  • pkg/workflow/frontmatter_types.go — adds Version string to APMDependenciesInfo so users can override via frontmatter
  • pkg/workflow/frontmatter_extraction_metadata.go — parses version: from object-format dependencies: config
  • pkg/workflow/apm_dependencies.go — emits apm-version: ${{ env.GH_AW_INFO_APM_VERSION }} in both pack and restore steps, referencing the job-level env var rather than hardcoding the version
  • pkg/workflow/compiler_activation_job.go — adds GH_AW_INFO_APM_VERSION to the activation job's job-level env: block when APM dependencies are configured (enables ${{ env.GH_AW_INFO_APM_VERSION }} in the pack step's with:)
  • pkg/workflow/compiler_main_job.go — adds GH_AW_INFO_APM_VERSION to the agent job's job-level env: block when APM dependencies are configured (enables ${{ env.GH_AW_INFO_APM_VERSION }} in the restore step's with:)
  • pkg/workflow/compiler_yaml.go — adds GH_AW_INFO_APM_VERSION to generateCreateAwInfo step env, only emitted when APM dependencies are configured
  • actions/setup/js/generate_aw_info.cjs — writes apm_version to aw_info.json when GH_AW_INFO_APM_VERSION is set
  • pkg/workflow/apm_dependencies_test.go / aw_info_versions_test.go — tests for env var reference in generated steps, default/custom version in job env and aw_info, and absence of GH_AW_INFO_APM_VERSION when no dependencies are used
  • .github/workflows/cli-version-checker.md — adds microsoft/APM to the monitored tools list with its GitHub releases URL

Example

Frontmatter with default version:

dependencies:
  - microsoft/apm-sample-package

Generates (activation job):

env:
  GH_AW_INFO_APM_VERSION: v0.8.0
steps:
  - name: Install and pack APM dependencies
    uses: microsoft/apm-action@<sha> # v1.3.1
    with:
      ...
      apm-version: ${{ env.GH_AW_INFO_APM_VERSION }}

To override:

dependencies:
  packages:
    - microsoft/apm-sample-package
  version: v1.0.0

Note

GH_AW_INFO_APM_VERSION is only emitted (at job level and in generate_aw_info step env) when dependencies: is present in the frontmatter. Workflows without APM dependencies are unaffected. The apm-version: input in both pack and restore steps always references ${{ env.GH_AW_INFO_APM_VERSION }} rather than a hardcoded value.

Original prompt

Add a constant to pin the version of microsoft/APM. The current version is v0.8.0.

Use this version in the generated code when emitting the microsoft/APM-action code if the user does not provide a custom APM version in the frontmatter.

Update the CLI verdin checker and check the agentic workflow.

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

@pelikhan
Add DefaultAPMVersion constant and use it in generated microsoft/apm-…
fc3f109 
…action steps

- Add DefaultAPMVersion = "v0.8.0" to pkg/constants/constants.go
- Add Version field to APMDependenciesInfo for user-specified custom version
- Update frontmatter extraction to parse optional version field
- Update GenerateAPMPackStep/GenerateAPMRestoreStep to emit version: input
- Add GH_AW_INFO_APM_VERSION to generateCreateAwInfo
- Update tests and recompile lock files
- Update cli-version-checker.md to monitor microsoft/APM

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add constant to pin version of microsoft/APM to v0.8.0 Pin microsoft/APM version to v0.8.0 and emit it in generated apm-action steps Mar 16, 2026
Copilot AI requested a review from pelikhan March 16, 2026 22:59
pelikhan
pelikhan reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

@pelikhan pelikhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot ensure the syntax is context.

uses: microsoft/apm-action@ # v1.3.1
with:
...
version: v0.8.0

check version field name , double check the actions docs , actions.yml

Copy link
Contributor Author

Copilot AI commented Mar 16, 2026

@copilot ensure the syntax is context.

uses: microsoft/apm-action@ # v1.3.1...

The generated uses: syntax is correct — the action reference includes the full SHA pin:

uses: microsoft/apm-action@5eac264e08ed8db603fe2c40983794f94cab49d8 # v1.3.1
with:
  ...
  version: v0.8.0

GetActionPin("microsoft/apm-action") returns the SHA-pinned reference from action_pins.json (current entry: v1.3.1). The version: v0.8.0 is the APM CLI version passed as a separate with: input, sourced from the new DefaultAPMVersion constant.

Copilot AI requested a review from pelikhan March 16, 2026 23:11
@pelikhan
Copy link
Contributor

pelikhan commented Mar 16, 2026

@copilot review Microsoft/apm-action readme for proper syntax.

  • uses: microsoft/apm-action@v1
    with:
    compile: 'true' # generate AGENTS.md after install
    apm-version: '0.7.0' # pin a specific APM version
    working-directory: './my-project' # custom working directory

@pelikhan
fix: rename version to apm-version in generated apm-action steps
55c075a 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 16, 2026
edited
Loading

@copilot review Microsoft/apm-action readme for proper syntax.

...

Fixed in 55c075a — the input name has been corrected from version: to apm-version: in both the pack and restore steps, matching the microsoft/apm-action README syntax:

- name: Install and pack APM dependencies
  uses: microsoft/apm-action@<sha> # v1.3.1
  with:
    ...
    apm-version: v0.8.0

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw L9DeS7ABVNrU (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/access_log.go /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/actionlint.go (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility json&#39; --ignore-p-c=4 .cfg 64/pkg/tool/linu-importcfg r (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan marked this pull request as ready for review March 16, 2026 23:25
Copilot AI review requested due to automatic review settings March 16, 2026 23:25
pelikhan
pelikhan reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

@pelikhan pelikhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot only emit apm version env var if dependencies is used

Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins a default microsoft/APM CLI version (v0.8.0) and propagates it through generated microsoft/apm-action steps and aw_info metadata, with optional frontmatter override support.

Changes:

  • Add DefaultAPMVersion constant and thread an optional dependencies.version override through frontmatter parsing.
  • Emit apm-version: in generated APM pack/restore steps (defaulting to DefaultAPMVersion).
  • Include GH_AW_INFO_APM_VERSION in generated aw_info env and update tests + compiled lock workflows/docs accordingly.

Reviewed changes

Copilot reviewed 180 out of 180 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
pkg/constants/constants.go Adds DefaultAPMVersion constant (v0.8.0).
pkg/workflow/frontmatter_types.go Extends APMDependenciesInfo with Version override field.
pkg/workflow/frontmatter_extraction_metadata.go Parses dependencies.version in object-format dependencies.
pkg/workflow/apm_dependencies.go Emits apm-version: in APM pack/restore steps with default fallback.
pkg/workflow/compiler_yaml.go Adds GH_AW_INFO_APM_VERSION to generateCreateAwInfo.
pkg/workflow/apm_dependencies_test.go Adds coverage for extracting/emitting default/custom APM versions.
pkg/workflow/aw_info_versions_test.go Adds coverage for APM version propagation into aw_info env.
.github/workflows/cli-version-checker.md Adds APM to monitored tool list and documents pinning.
.github/workflows/cli-version-checker.lock.yml Regenerates lock workflow with new aw_info env var and updated description metadata.
.github/workflows/workflow-skill-extractor.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/workflow-normalizer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/workflow-health-manager.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/workflow-generator.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/weekly-issue-summary.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/weekly-editors-health-check.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/video-analyzer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/unbloat-docs.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/ubuntu-image-analyzer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/typist.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/tidy.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/test-workflow.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/test-project-url-default.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/test-dispatcher.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/test-create-pr-error-handling.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/terminal-stylist.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/technical-doc-writer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/super-linter.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/sub-issue-closer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/step-name-alignment.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/static-analysis-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/stale-repo-identifier.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-workflow-call.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-workflow-call-with-inputs.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-update-cross-repo-pr.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-test-tools.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-temporary-id.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-project.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-multi-pr.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-gemini.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-create-cross-repo-pr.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-copilot.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-copilot-arm.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-codex.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-claude.lock.yml Adds GH_AW_INFO_APM_VERSION plus apm-version: inputs in APM pack/restore steps.
.github/workflows/smoke-call-workflow.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-agent-scoped-approved.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-agent-public-none.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-agent-public-approved.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-agent-all-none.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/smoke-agent-all-merged.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/slide-deck-maintainer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/sergo.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/semantic-function-refactor.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/security-review.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/security-compliance.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/security-alert-burndown.campaign.g.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/scout.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/schema-consistency-checker.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/safe-output-health.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/research.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/repository-quality-improver.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/repo-tree-map.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/repo-audit-analyzer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/release.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/refiner.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/q.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/python-data-charts.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/prompt-clustering-analysis.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/pr-triage-agent.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/pr-nitpick-reviewer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/portfolio-analyst.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/poem-bot.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/plan.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/pdf-summary.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/org-health-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/notion-issue-summary.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/metrics-collector.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/mergefest.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/mcp-inspector.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/lockfile-stats.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/layout-spec-maintainer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/jsweep.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/issue-triage-agent.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/issue-monster.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/issue-arborist.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/instructions-janitor.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/hourly-ci-cleaner.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/grumpy-reviewer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/gpclean.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/go-pattern-detector.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/go-logger.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/go-fan.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/glossary-maintainer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/github-remote-mcp-auth-test.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/github-mcp-tools-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/github-mcp-structural-analysis.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/functional-pragmatist.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/firewall.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/firewall-escape.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/example-workflow-analyzer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/example-permissions-warning.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/duplicate-code-detector.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/draft-pr-cleanup.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/docs-noob-tester.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/discussion-task-miner.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/dictation-prompt.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/developer-docs-consolidator.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/dev.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/dev-hawk.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/dependabot-go-checker.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/dependabot-burner.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/delight.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/deep-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/dead-code-remover.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-workflow-updater.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-testify-uber-super-expert.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-team-status.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-team-evolution-insights.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-syntax-error-quality.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-semgrep-scan.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-security-red-team.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-secrets-analysis.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-safe-outputs-conformance.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-safe-output-optimizer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-repo-chronicle.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-rendering-scripts-verifier.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-regulatory.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-performance-summary.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-observability-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-news.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-multi-device-docs-tester.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-mcp-concurrency-analysis.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-malicious-code-scan.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-issues-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-function-namer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-firewall-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-file-diet.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-fact.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-doc-updater.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-doc-healer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-copilot-token-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-compiler-quality.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-code-metrics.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-cli-tools-tester.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-cli-performance.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-choice-test.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-assign-issue-to-user.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/daily-architecture-diagram.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/craft.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/copilot-session-insights.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/copilot-pr-prompt-analysis.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/copilot-pr-nlp-analysis.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/copilot-pr-merged-report.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/copilot-cli-deep-research.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/copilot-agent-analysis.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/contribution-check.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/constraint-solving-potd.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/commit-changes-analyzer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/codex-github-remote-mcp-test.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/code-simplifier.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/code-scanning-fixer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/cloclo.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/cli-consistency-checker.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/claude-code-user-docs-review.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/ci-doctor.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/ci-coach.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/changeset.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/breaking-change-checker.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/brave.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/bot-detection.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/blog-auditor.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/auto-triage-issues.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/audit-workflows.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/artifacts-summary.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/archie.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/ai-moderator.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/agent-persona-explorer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/agent-performance-analyzer.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
.github/workflows/ace-editor.lock.yml Adds GH_AW_INFO_APM_VERSION env var in generated aw_info step.
Comments suppressed due to low confidence (1)

pkg/workflow/apm_dependencies.go:170

  • Same YAML injection/invalid-YAML risk here: apmVersion is inserted unquoted into the with: block. Quote/escape the value (or validate and reject versions with unsafe characters) before emitting the apm-version: line.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

pkg/workflow/apm_dependencies.go Outdated
" archive: 'true'",
" target: "+target,
" working-directory: /tmp/gh-aw/apm-workspace",
" apm-version: "+apmVersion,
pkg/workflow/compiler_yaml.go Outdated
fmt.Fprintf(yaml, " GH_AW_INFO_FIREWALL_ENABLED: \"%t\"\n", firewallEnabled)
fmt.Fprintf(yaml, " GH_AW_INFO_AWF_VERSION: \"%s\"\n", firewallVersion)
fmt.Fprintf(yaml, " GH_AW_INFO_AWMG_VERSION: \"%s\"\n", mcpGatewayVersion)
fmt.Fprintf(yaml, " GH_AW_INFO_APM_VERSION: \"%s\"\n", apmVersion)
.github/workflows/cli-version-checker.md
- Repository: https://github.com/microsoft/APM
- Release Notes: https://github.com/microsoft/APM/releases
- Pinned via `DefaultAPMVersion` constant in `pkg/constants/constants.go`
- Used as the `version:` input in generated `microsoft/apm-action` steps
@pelikhan
fix: only emit GH_AW_INFO_APM_VERSION env var when dependencies is used
97d4ab4 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 16, 2026
edited
Loading

@copilot only emit apm version env var if dependencies is used

Done in 97d4ab4GH_AW_INFO_APM_VERSION is now only emitted when the workflow has APM dependencies configured. Of the 172 compiled workflows, only the 1 that uses dependencies: includes this env var.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GboHGLKqw9c4 (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/access_log.go /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/actionlint.go /pre�� (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI requested a review from pelikhan March 16, 2026 23:33
pelikhan
pelikhan reviewed Mar 16, 2026
View reviewed changes
.github/workflows/smoke-claude.lock.yml Outdated
archive: 'true'
target: claude
working-directory: /tmp/gh-aw/apm-workspace
apm-version: v0.8.0
Copy link
Contributor

@pelikhan pelikhan Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot use env variable here

Copy link
Contributor Author

Copilot AI Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 8ef13d7. GH_AW_INFO_APM_VERSION is now set as a job-level env var in both the activation and agent jobs. The pack and restore steps reference it as apm-version: ${{ env.GH_AW_INFO_APM_VERSION }} instead of hardcoding the version value. Also added apm_version to the aw_info.json output in generate_aw_info.cjs.

@pelikhan
fix: use env variable for apm-version in pack and restore steps
8ef13d7 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 17, 2026

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ota=5% yHigh=170M x_amd64/vet conf�� h ../../../.pret--log-level=error k/gh-aw/gh-aw/pkg/workflow/compi-ifaceassert x_amd64/vet pull.rebase (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/access_log.go /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/actionlint.go /pre�� --local credential.helper x_amd64/vet (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json --local x_amd64/vet user.name (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --noprofile (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --local user.email $name) { hasDiscussionsEnabled } } (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI requested a review from pelikhan March 17, 2026 00:21
@pelikhan
Copy link
Contributor

pelikhan commented Mar 17, 2026

@copilot recompile

Copy link
Contributor Author

Copilot AI commented Mar 17, 2026
edited
Loading

@copilot recompile

All 172 lock files were already recompiled in 8ef13d7 — running make recompile again produces no changes.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan merged commit c3d070d into main Mar 17, 2026
83 checks passed
@pelikhan pelikhan deleted the copilot/add-constant-to-pin-apm-version branch March 17, 2026 02:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan