diff --git a/.changeset/patch-remove-generated-mcp-workdir-field.md b/.changeset/patch-remove-generated-mcp-workdir-field.md new file mode 100644 index 00000000000..52633783237 --- /dev/null +++ b/.changeset/patch-remove-generated-mcp-workdir-field.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Removed the redundant `workdir` field from generated MCP server configurations so the JSON/TOML configs match expectations. diff --git a/.changeset/patch-remove-workdir-mcp-config.md b/.changeset/patch-remove-workdir-mcp-config.md new file mode 100644 index 00000000000..27a82a7e289 --- /dev/null +++ b/.changeset/patch-remove-workdir-mcp-config.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Removed the stray `workdir` field from generated MCP server configurations for agentic workflows so the output matches the expected schema. diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index f38c453649a..3a87d047b5f 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -542,7 +542,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 3d5bd1f6ebd..a191ff349c2 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -436,7 +436,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index b94df04956b..228399be42d 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -481,7 +481,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 3200e8a9f80..a91099490b7 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -518,7 +518,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "$GITHUB_TOKEN" } diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 6aaf4c3300a..3e576beb3a9 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -406,7 +406,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 8919adf61ca..91ac085ad86 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -426,7 +426,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "$GITHUB_TOKEN" } diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index de288148ddf..9d85f78a11c 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -208,7 +208,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 74a89d98d52..5276230ab42 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -484,7 +484,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index fff8f0567b9..9d56f7ec2e6 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -524,7 +524,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index dbcbaf734de..c81e85ad57e 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1077,7 +1077,6 @@ jobs: "entrypoint": "/opt/gh-aw/gh-aw", "entrypointArgs": ["mcp-server"], "mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "${{ github.workspace }}:${{ github.workspace }}:rw", "/tmp/gh-aw:/tmp/gh-aw:rw"], - "workdir": "${{ github.workspace }}", "env": { "GITHUB_TOKEN": "\${GITHUB_TOKEN}" } diff --git a/pkg/workflow/mcp-config-builtin.go b/pkg/workflow/mcp-config-builtin.go index 482ccb33076..1031078f5da 100644 --- a/pkg/workflow/mcp-config-builtin.go +++ b/pkg/workflow/mcp-config-builtin.go @@ -82,8 +82,6 @@ func renderAgenticWorkflowsMCPConfigWithOptions(yaml *strings.Builder, isLast bo yaml.WriteString(" \"entrypointArgs\": [\"mcp-server\"],\n") // Mount gh-aw binary (read-only), workspace (read-write for status/compile), and temp directory (read-write for logs) yaml.WriteString(" \"mounts\": [\"" + constants.DefaultGhAwMount + "\", \"" + constants.DefaultWorkspaceMount + "\", \"" + constants.DefaultTmpGhAwMount + "\"],\n") - // Set working directory to workspace for proper command execution context - yaml.WriteString(" \"workdir\": \"${{ github.workspace }}\",\n") // Note: tools field is NOT included here - the converter script adds it back // for Copilot. This keeps the gateway config compatible with the schema. @@ -138,8 +136,6 @@ func renderAgenticWorkflowsMCPConfigTOML(yaml *strings.Builder) { yaml.WriteString(" entrypointArgs = [\"mcp-server\"]\n") // Mount gh-aw binary (read-only), workspace (read-write for status/compile), and temp directory (read-write for logs) yaml.WriteString(" mounts = [\"" + constants.DefaultGhAwMount + "\", \"" + constants.DefaultWorkspaceMount + "\", \"" + constants.DefaultTmpGhAwMount + "\"]\n") - // Set working directory to workspace for proper command execution context - yaml.WriteString(" workdir = \"${{ github.workspace }}\"\n") // Use env_vars array to reference environment variables instead of embedding secrets yaml.WriteString(" env_vars = [\"GITHUB_TOKEN\"]\n") } diff --git a/pkg/workflow/mcp_config_refactor_test.go b/pkg/workflow/mcp_config_refactor_test.go index d4bed18939c..32da544f5e3 100644 --- a/pkg/workflow/mcp_config_refactor_test.go +++ b/pkg/workflow/mcp_config_refactor_test.go @@ -215,7 +215,6 @@ func TestRenderAgenticWorkflowsMCPConfigWithOptions(t *testing.T) { `"/opt/gh-aw:/opt/gh-aw:ro"`, // gh-aw binary mount (read-only) `"${{ github.workspace }}:${{ github.workspace }}:rw"`, // workspace mount (read-write) `"/tmp/gh-aw:/tmp/gh-aw:rw"`, // temp directory mount (read-write) - `"workdir": "${{ github.workspace }}"`, // working directory for command execution `"GITHUB_TOKEN": "\${GITHUB_TOKEN}"`, ` },`, }, @@ -236,7 +235,6 @@ func TestRenderAgenticWorkflowsMCPConfigWithOptions(t *testing.T) { `"/opt/gh-aw:/opt/gh-aw:ro"`, // gh-aw binary mount (read-only) `"${{ github.workspace }}:${{ github.workspace }}:rw"`, // workspace mount (read-write) `"/tmp/gh-aw:/tmp/gh-aw:rw"`, // temp directory mount (read-write) - `"workdir": "${{ github.workspace }}"`, // working directory for command execution // Security fix: Now uses shell variable instead of GitHub secret expression `"GITHUB_TOKEN": "$GITHUB_TOKEN"`, ` }`, @@ -390,7 +388,6 @@ func TestRenderAgenticWorkflowsMCPConfigTOML(t *testing.T) { `"/opt/gh-aw:/opt/gh-aw:ro"`, // gh-aw binary mount (read-only) `"${{ github.workspace }}:${{ github.workspace }}:rw"`, // workspace mount (read-write) `"/tmp/gh-aw:/tmp/gh-aw:rw"`, // temp directory mount (read-write) - `workdir = "${{ github.workspace }}"`, // working directory for command execution `env_vars = ["GITHUB_TOKEN"]`, }