Skip to content

Bump gh-aw-firewall to v0.27.16 and sync AWF integration artifacts#42542

Merged
pelikhan merged 5 commits into
mainfrom
copilot/github-42540-bump-gh-aw-firewall
Jun 30, 2026
Merged

Bump gh-aw-firewall to v0.27.16 and sync AWF integration artifacts#42542
pelikhan merged 5 commits into
mainfrom
copilot/github-42540-bump-gh-aw-firewall

Conversation

Copilot AI commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

This updates gh-aw to consume gh-aw-firewall v0.27.16 and aligns embedded AWF config schema/artifacts with that release. The change is scoped to version pinning, schema sync, and regenerated outputs that depend on AWF release metadata.

  • Version pin

    • Updated DefaultFirewallVersion in pkg/constants/version_constants.go:
      const DefaultFirewallVersion Version = "v0.27.16"
  • AWF config schema sync

    • Refreshed pkg/workflow/schemas/awf-config.schema.json from upstream gh-aw-firewall v0.27.16 canonical schema.
    • Captures upstream schema updates (including runner topology shape and updated apiProxy.maxTurns HTTP status wording).
  • Regenerated AWF-dependent artifacts

    • Recompiled workflow lock outputs under .github/workflows/*.lock.yml to pick up the new AWF release pin and image metadata.
    • Updated wasm golden expectations under pkg/workflow/testdata/TestWasmGolden_* to match regenerated compiler output.
  • Release note/changelog plumbing

    • Added patch changeset: .changeset/patch-bump-awf-v0-27-16.md.


✨ PR Review Safe Output Test - Run 28471293291

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 65.7 AIC · ⌖ 25.6 AIC · ⊞ 8.7K ·
Comment /smoke-claude to run again

Copilot AI linked an issue Jun 30, 2026 that may be closed by this pull request
Copilot AI and others added 2 commits June 30, 2026 18:42
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI changed the title [WIP] Update gh-aw-firewall to version 0.27.16 Bump gh-aw-firewall to v0.27.16 and sync AWF integration artifacts Jun 30, 2026
Copilot AI requested a review from lpcox June 30, 2026 18:54
Copilot finished work on behalf of lpcox June 30, 2026 18:54
@lpcox

lpcox commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

@copilot resolve the merge conflicts in this pull request

@lpcox lpcox marked this pull request as ready for review June 30, 2026 19:00
Copilot AI review requested due to automatic review settings June 30, 2026 19:00

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request bumps the default gh-aw-firewall (AWF) version consumed by gh-aw to v0.27.16, syncs the embedded AWF config JSON schema to match that release, and regenerates AWF-dependent generated artifacts (workflow lock files and wasm golden outputs) so the repository stays internally consistent with the new AWF release metadata.

Changes:

  • Bumped the pinned default AWF version to v0.27.16.
  • Synced pkg/workflow/schemas/awf-config.schema.json with upstream (including updated runner topology shape and updated apiProxy.maxTurns wording).
  • Regenerated workflow lock outputs and wasm golden expectations to reflect the new AWF pin and updated image/schema references.
Show a summary per file
File Description
pkg/constants/version_constants.go Updates DefaultFirewallVersion to v0.27.16.
pkg/workflow/schemas/awf-config.schema.json Refreshes embedded AWF config schema to match v0.27.16 (runner topology + wording updates).
.changeset/patch-bump-awf-v0-27-16.md Adds a patch changeset documenting the AWF bump + artifact sync.
.github/workflows/test-workflow.lock.yml Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL.
.github/workflows/example-permissions-warning.lock.yml Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL.
.github/workflows/daily-max-ai-credits-test.lock.yml Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL.
.github/workflows/codex-github-remote-mcp-test.lock.yml Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL.
.github/workflows/bot-detection.lock.yml Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL.
.github/workflows/agentic-token-optimizer.lock.yml Regenerated lockfile (upstream-sourced workflow) to reference 0.27.16 AWF images/binary/schema URL.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.
pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden Updates wasm golden output to reflect v0.27.16 pins/URLs/images.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 43/269 changed files
  • Comments generated: 0
  • Review effort level: Low

@github-actions

Copy link
Copy Markdown
Contributor

🤖 PR Triage

Field Value
Category chore
Risk 🟢 Low
Score 18 / 100
Action defer
Batch draft-small (with #42537, #42535)

Score breakdown: Impact 8/50 · Urgency 5/30 · Quality 5/20

Rationale: WIP/DRAFT firewall version bump (v0.27.16, +1/-1). No CI yet. Mark ready when complete; part of the draft-small batch for low-overhead group review.

Generated by 🔧 PR Triage Agent · 83.9 AIC · ⌖ 17.1 AIC · ⊞ 1.6K ·

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Copilot AI commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

@copilot resolve the merge conflicts in this pull request

Resolved. I merged origin/main, resolved the lock-file merge conflicts, and pushed merge commit dca8912b82.

Copilot finished work on behalf of lpcox June 30, 2026 19:19
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing...

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test Results

  • GitHub Fetch: ✅
  • Web Fetch: ✅
  • File Writing: ✅
  • Bash Tool: ✅
  • Build gh-aw: ❌

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

Smoke Gemini — Powered by Gemini ·
Comment /smoke-gemini to run again

@github-actions

Copy link
Copy Markdown
Contributor

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.54.0
jq 1.7
yq v4.53.3
curl 8.5.0
gh 2.95.0
node v22.23.0
python3 3.11.15 (PyPy)
go 1.24.13
java 21.0.11
dotnet 10.0.301

Result: 12/12 tools available ✅

Overall Status: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔧 Tool validation by Agent Container Smoke Test · 16.7 AIC · ⌖ 6.41 AIC · ⊞ 4.7K ·
Comment /smoke-test-tools to run again

@github-actions

Copy link
Copy Markdown
Contributor

Merged PRs:

  • [42538] [linter-miner] linter: add sprintfint — flag fmt.Sprintf("%d", x) where x is int
  • [42537] eslint-factory: remove useless rethrow from require-json-parse-try-catch suggestion

Results:

  • PASS 1,2,3,4,6,7,8,9
  • FAIL 5
  • SKIP 10

Overall: FAIL

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex · 10.3 AIC · ⌖ 1.64 AIC · ⊞ 10.9K ·
Comment /smoke-codex to run again

@github-actions

Copy link
Copy Markdown
Contributor

Comment Memory

Silent morning code
Git branches hold their breath for tests
Signals cross at dawn

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex · 10.3 AIC · ⌖ 1.64 AIC · ⊞ 10.9K ·
Comment /smoke-codex to run again

@github-actions

Copy link
Copy Markdown
Contributor

💨 Smoke Test: Claude — Run 28471293291

Core #1-12: ✅ all passed
PR Review #13-15,17,18: ✅ passed | #16: ⚠️ skipped (no unresolved threads) | #19: ⚠️ skipped (no safe test PR)

Overall: PARTIAL (all functional tests passed) 🎉

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 65.7 AIC · ⌖ 25.6 AIC · ⊞ 8.7K ·
Comment /smoke-claude to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 65.7 AIC · ⌖ 25.6 AIC · ⊞ 8.7K
Comment /smoke-claude to run again

@@ -0,0 +1,5 @@
---
"gh-aw": patch

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke test: changeset version bump entry looks correct. 👍

"gh-aw": patch
---

Bump the default gh-aw-firewall version to v0.27.16, sync the embedded AWF config schema, and regenerate pinned workflow artifacts.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke test: clear changelog description of the firewall bump. ✅

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke review queued: validated inline comment creation and review submission for this PR.

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 362.3 AIC · ⌖ 23 AIC · ⊞ 19.1K
Comment /smoke-copilot to run again
Add label smoke to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke tests run 28471598126: FAIL overall; see issue aw_smoke1 for details.

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

  • accounts.google.com
  • android.clients.google.com
  • clients2.google.com
  • contentautofill.googleapis.com
  • safebrowsingohttpgateway.googleapis.com
  • www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot - AOAI (Entra) · 129.2 AIC · ⌖ 6.65 AIC · ⊞ 17.7K ·
Comment /smoke-copilot-aoai-entra to run again
Add label smoke to run again

@pelikhan pelikhan merged commit 5329117 into main Jun 30, 2026
214 of 215 checks passed
@pelikhan pelikhan deleted the copilot/github-42540-bump-gh-aw-firewall branch June 30, 2026 20:11
@github-actions

Copy link
Copy Markdown
Contributor

🎉 This pull request is included in a new release.

Release: v0.82.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bump gh-aw-firewall to v0.27.16

4 participants