fix(compiler): honor push-to-pull-request-branch target-repo in shared PR checkout steps

[Copilot]

buildSharedPRCheckoutSteps only consulted CreatePullRequests.TargetRepoSlug when resolving which repo to check out in the safe_outputs job. Workflows that set push-to-pull-request-branch.target-repo without create-pull-request got a checkout against the workflow repo, causing git ls-remote --exit-code --heads origin <branch> to exit 2.

update-pull-request is an API-only operation (no git push), so its target-repo is intentionally excluded from the git checkout resolution — including it would silently retarget origin for push-to-pull-request-branch when the push config has no target-repo of its own, causing a repo/token mismatch.

Changes

• compiler_safe_outputs_steps.go — extend target repo resolution in buildSharedPRCheckoutSteps to fall through to PushToPullRequestBranch.TargetRepoSlug when create-pull-request is absent. Priority order:

  1. create-pull-request.target-repo
  2. push-to-pull-request-branch.target-repo
  3. trial-mode logical repo slug
  4. source repo (default)

• compiler_safe_outputs_steps_test.go — new cases covering:

  • push-to-pull-request-branch with target-repo only (the core fix)
  • update-pull-request.target-repo does not affect shared git checkout (API-only operation)
  • push-to-pull-request-branch.target-repo takes precedence over update-pull-request.target-repo
  • create-pull-request.target-repo takes precedence when all are set

# Previously broken — missing create-pull-request caused checkout against wrong repo
safe-outputs:
  push-to-pull-request-branch:
    target-repo: "microsoft/vscode"   # now honoured without create-pull-request

[Copilot]

Pull request overview

This PR updates the safe-outputs compiler so shared PR checkout steps can derive the checkout repository from additional safe-output configs, not just create-pull-request.

Changes:

• Extended buildSharedPRCheckoutSteps target-repo resolution to fall back from create-pull-request to push-to-pull-request-branch, then update-pull-request, then trial/default repos.
• Added unit tests covering push-only target-repo resolution, update-pull-request fallback behavior, and one precedence case where create-pull-request wins.
• Keeps cross-repo checkout behavior aligned with the safer base-ref expression that avoids github.ref_name.

Show a summary per file

File	Description
pkg/workflow/compiler_safe_outputs_steps.go	Expands target-repo selection logic for shared PR checkout/git setup.
pkg/workflow/compiler_safe_outputs_steps_test.go	Adds regression tests for new target-repo fallback and precedence behavior.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 2

[pelikhan]

@copilot review all comments

[Copilot]

@copilot review all comments

Addressed both reviewer comments in cd5ecbe:

Comment 1 (lines 87-89): Removed update-pull-request.target-repo from the fallback chain entirely. update-pull-request is API-only (no git push), so its target-repo must not affect the shared git checkout/origin remote. Letting it influence the git remote when push-to-pull-request-branch has no target-repo would cause exactly the repo/token mismatch described.

Comment 2 (test lines 247-255): Replaced the incorrect fallback test with two cases that cover the real semantics:

• update-pull-request target-repo does not affect shared git checkout (API-only operation) — asserts repository: and REPO_NAME are absent when only update-pull-request.target-repo is set
• push-to-pull-request-branch target-repo takes precedence over update-pull-request target-repo — exercises the precedence so a future reordering would be caught

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw erignore (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name h ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name ithub-script/git/ref/tags/v9 git bject.type] | @tsv --show-toplevel gh /usr/bin/infocmp--write git rev-�� --show-toplevel infocmp /usr/bin/gh /ref/tags/v9 git sv gh (http block)
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name h ../../../.prettierignore scripts/**/*.js /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile .prettierignore --log-level=erro/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/pre�� (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel npm /usr/bin/git epo}/actions/rungit --silent , number: .run_n--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link /usr/bin/git licyTrustedUsersgh (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 myorg bject.type] | @tsv --local --get son git conf�� user.email test@example.com /usr/bin/git '**/*.ts' '**/*.git --local /usr/local/bin/g--show-toplevel git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 815961367 -buildtags sv ./../.prettieriggit -ifaceassert -nilfunc sh -c "prettier" --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore -tests 1/x64/bin/node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 /usr/lib/git-core/git bject.type] | @tsv --pack_header=2,git -q /usr/bin/gh git rev-�� --show-toplevel gh /usr/bin/git ons-test30906893git --jq /usr/bin/infocmp--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/infocmp --show-toplevel erignore /usr/bin/git infocmp -1 xterm-color git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv tructions-test-1320028801/.github/workflows -buildtags (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /repos/test-owner/test-repo/actions/secrets --jq /usr/bin/git h ../../../.pretgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/architecture-guardian.md (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv xterm-color git /usr/bin/git --get remote.origin.urrev-parse (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv js/**/*.json' --ignore-path ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv tions-lock.json pkg/actionpins/data/action_pins.json; \ cp .github/aw/actions-lock.json pkg/wornode (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9.0.0
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv js/**/*.json' --ignore-path ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv js/**/*.json' ---errorsas (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/cgo /usr/bin/gh 815961367 ../../../**/*.jsapi ache/node/24.14./repos/actions/github-script/git/ref/tags/v9 gh api /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git ithub/workflows --write ache/node/24.14.--show-toplevel git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv add origin /usr/bin/git on' --ignore-patgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git ithub/workflows/gh ../../../**/*.jsapi ache/node/24.14./repos/actions/github-script/git/ref/tags/v9 git rev-�� --show-toplevel sh /usr/bin/git ithub/workflows (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git ErrorFormatting2git remote /usr/bin/git git rev-�� /ref/tags/v9 git sv user.name Test User mple.com/org/repxterm-color gh (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv tructions-test-1320028801/.github/workflows -importcfg /usr/bin/gh -s -w -buildmode=exe gh api 03712976 --jq ache/node/24.14.1/x64/bin/node (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv xterm-color (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260506-014855-9521/test-1121970915 l /usr/bin/git remote.origin.urgit (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv 4855-9521/test-903712976 ^remote\..*\.gh-resolved$ /opt/hostedtoolcache/node/24.14.1/x64/bin/node cli/install.sh..git (http block)
• https://api.github.com/repos/aws-actions/configure-aws-credentials/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git /ref/tags/v9.0.0git config sv git rev-�� --show-toplevel git /usr/bin/git /tmp/compile-allgh rev-parse kflow.test git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel infocmp /usr/bin/git ons-test30906893gh (http block)
• https://api.github.com/repos/azure/login/git/ref/tags/v2
  • Triggering command: /usr/bin/gh gh api /repos/azure/login/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git ons-test30906893git (http block)
• https://api.github.com/repos/docker/login-action/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel gh /usr/bin/git ons-test30906893git --jq /usr/bin/infocmp--show-toplevel git rev-�� --show-toplevel infocmp /usr/bin/infocmp xterm-color (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git Onlyrepos_only_wgh on 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git npx prettier --winfocmp (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /v1.0.0 64/bin/gofmt sv (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv xterm-color (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-29 (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-06 (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-02-05 (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name committer.name 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 committer.email 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel nly (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name pull.rebase 64/bin/node (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 pull.rebase ache/go/1.25.8/x64/bin/node (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name --jq bject.type] | @tsv --show-toplevel /tmp/go-build227remote /usr/bin/git git tion�� edOutput1695689886/001 git ser.test ignore git /usr/bin/gh ser.test (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1234567890
  • Triggering command: /usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch, h ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch, h ../../../.pret.prettierignore git /usr/bin/gh --show-toplevel git /usr/bin/git gh api w/js/**/*.json' --ignore-path --jq /usr/bin/infocmp /ref/tags/v9 git sv infocmp (http block)
  • Triggering command: /usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch, h ../../../.pret.prettierignore mkdir ache/node/24.14.1/x64/bin/node /tmp/gh-aw git /usr/bin/git /opt/hostedtoolcc t-29�� k/gh-aw/gh-aw/.g- -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name pull.rebase 1/x64/bin/node (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 pull.rebase 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel git /usr/bin/git git tion�� edOutput1695689886/001 git 64/pkg/tool/linux_amd64/vet ignore git sv 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name committer.name 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 committer.email 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name gh 1/x64/bin/node /repos/actions/ginfocmp nly /usr/bin/gh git tion�� --show-toplevel gh son ignore --jq /usr/bin/gh infocmp (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name committer.name 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 committer.email 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name --jq 64/bin/node --show-toplevel nly /usr/bin/git git tion�� agent-persona-ex--limit git son ignore git /usr/bin/git gh (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name committer.name 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 committer.email sole.test (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name gh /usr/bin/git /repos/actions/g/usr/bin/git nly /usr/bin/infocmp-v git rev-�� rity2114329381/001 infocmp sh ignore git /usr/bin/infocmpuser.name git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name zation_test.go 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 committer.name 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name git /usr/bin/git --show-toplevel nly /usr/bin/git git rev-�� rity2114329381/001 git h ignore gh bject.type] | @tuser.email gh (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path h ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 (http block)
• https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
  • Triggering command: /tmp/go-build2273467604/b404/cli.test /tmp/go-build2273467604/b404/cli.test -test.testlogfile=/tmp/go-build2273467604/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true ader (http block)
  • Triggering command: /tmp/go-build4244698243/b404/cli.test /tmp/go-build4244698243/b404/cli.test -test.testlogfile=/tmp/go-build4244698243/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true ithub-script/gitsh node bject.type] | @t"prettier" --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore infocmp -1 xterm-color git modules/@npmcli/run-script/lib/node-gyp-bin/node --show-toplevel git /usr/bin/git git (http block)
  • Triggering command: /tmp/go-build1542963456/b404/cli.test /tmp/go-build1542963456/b404/cli.test -test.testlogfile=/tmp/go-build1542963456/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true ns/configure-awssh git bject.type] | @t"prettier" --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore e/git /hom�� --write **/*.cjs /home/REDACTED/work/gh-aw/gh-aw/node_modules/.bin/sh **/*.json --ignore-path ../../../.prettiprettier sh (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git runs/20260506-01du (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv 87275187/.github/workflows pkg/workflow/secure_markdown_rendering_test.go $name) { hasDiscussionsEnabled } } pkg/workflow/secgit pkg/workflow/secrev-parse pkg/workflow/ser--show-toplevel node /opt�� te 'scripts/**/*.js' --ignore-path .prettierignore --log-level=e!../../../pkg/workflow/js/**/*.jgit --write .cfg --ignore-path .prettierignore --log-level=errographql sh (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ant-3850409494/.github/workflows (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 git bject.type] | @tsv --show-toplevel git /usr/bin/git git ode_�� ithub-script/git/ref/tags/v9 git bject.type] | @tsv ithub-script/gitgit ache/go/1.25.8/xrev-parse (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv nt >/dev/null 2>&1 --stdin /usr/bin/gh --exclude-hiddengit --all --quiet gh api th .prettierignore --log-level=e!../../../pkg/workflow/js/**/*.json --jq ode_modules/.bin/prettier l --jq sv git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv json' --ignore-path ../../../.pr**/*.json (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv json' --ignore-p--thin (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git /ref/tags/v9 git sv git ch_w�� ithub-script/git/ref/tags/v9 git bject.type] | @tsv --show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv /usr/bin/git l e/git ath ../../../.prnode --jq er e/git -C th .prettierignore --log-level=error rev-parse /usr/bin/git /repos/actions/g/opt/hostedtoolcache/node/24.14.1/x64/bin/node --jq modules/@npmcli/vars.MY_VAR git (http block)
• https://api.github.com/repos/google-github-actions/auth/git/ref/tags/v2
  • Triggering command: /usr/bin/gh gh api /repos/google-github-actions/auth/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 87275187 (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion (http block)
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion son infocmp /usr/bin/git git rev-�� --show-toplevel git k/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier --show-toplevel git /usr/bin/infocmp--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion son git sv git t-ha�� vaScript3018815951/001/test-complex-frontmatter-with-tools.md git k --show-toplevel git tions/setup/node--show-toplevel git (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo bin/git (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo cal/bin/git (http block)
  • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state ache/node/24.14.1/x64/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/sh nore (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name h ../../../.prettierignore (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -template-expressions.md git /usr/bin/git --show-toplevel git /usr/bin/infocmp"prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git rev-�� --show-toplevel infocmp /usr/bin/git /ref/tags/v9 git sv git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name h ../../../.prettierignore scripts/**/*.js /bin/sh .prettierignore --log-level=erro/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/pre�� bject.type] | @t--write /bin/sh -c w/js/**/*.json' --ignore-path git "warnings":[]}] l git /usr/bin/git git (http block)
• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch 121970915 rsion=8de19a1-dirty k (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch 3888395779 git k --show-toplevel git /usr/bin/gh git sRem�� --show-toplevel gh k/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/sh /repos/actions/g/usr/lib/git-core/git --jq erignore git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch vaScript3018815951/001/test-complex-frontmatter-with-tools.md git k .version=8de19a1git git bin/node git sRem�� --git-dir infocmp 1/x64/bin/node LsRemoteWithReal/usr/lib/git-core/git erignore ules/.bin/sh git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)