Bump gh-aw-firewall to v0.27.16 and sync AWF integration artifacts#42542
Conversation
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
|
@copilot resolve the merge conflicts in this pull request |
There was a problem hiding this comment.
Pull request overview
This pull request bumps the default gh-aw-firewall (AWF) version consumed by gh-aw to v0.27.16, syncs the embedded AWF config JSON schema to match that release, and regenerates AWF-dependent generated artifacts (workflow lock files and wasm golden outputs) so the repository stays internally consistent with the new AWF release metadata.
Changes:
- Bumped the pinned default AWF version to
v0.27.16. - Synced
pkg/workflow/schemas/awf-config.schema.jsonwith upstream (including updatedrunnertopology shape and updatedapiProxy.maxTurnswording). - Regenerated workflow lock outputs and wasm golden expectations to reflect the new AWF pin and updated image/schema references.
Show a summary per file
| File | Description |
|---|---|
| pkg/constants/version_constants.go | Updates DefaultFirewallVersion to v0.27.16. |
| pkg/workflow/schemas/awf-config.schema.json | Refreshes embedded AWF config schema to match v0.27.16 (runner topology + wording updates). |
| .changeset/patch-bump-awf-v0-27-16.md | Adds a patch changeset documenting the AWF bump + artifact sync. |
| .github/workflows/test-workflow.lock.yml | Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL. |
| .github/workflows/example-permissions-warning.lock.yml | Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL. |
| .github/workflows/daily-max-ai-credits-test.lock.yml | Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL. |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL. |
| .github/workflows/bot-detection.lock.yml | Regenerated lockfile to reference 0.27.16 AWF images/binary/schema URL. |
| .github/workflows/agentic-token-optimizer.lock.yml | Regenerated lockfile (upstream-sourced workflow) to reference 0.27.16 AWF images/binary/schema URL. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
| pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden | Updates wasm golden output to reflect v0.27.16 pins/URLs/images. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 43/269 changed files
- Comments generated: 0
- Review effort level: Low
🤖 PR Triage
Score breakdown: Impact 8/50 · Urgency 5/30 · Quality 5/20 Rationale: WIP/DRAFT firewall version bump (v0.27.16, +1/-1). No CI yet. Mark ready when complete; part of the
|
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Resolved. I merged |
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
Smoke Test Results
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Merged PRs:
Results:
Overall: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
💨 Smoke Test: Claude — Run 28471293291Core #1-12: ✅ all passed Overall: PARTIAL (all functional tests passed) 🎉 Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · 65.7 AIC · ⌖ 25.6 AIC · ⊞ 8.7K
Comment /smoke-claude to run again
| @@ -0,0 +1,5 @@ | |||
| --- | |||
| "gh-aw": patch | |||
There was a problem hiding this comment.
Smoke test: changeset version bump entry looks correct. 👍
| "gh-aw": patch | ||
| --- | ||
|
|
||
| Bump the default gh-aw-firewall version to v0.27.16, sync the embedded AWF config schema, and regenerate pinned workflow artifacts. |
There was a problem hiding this comment.
Smoke test: clear changelog description of the firewall bump. ✅
There was a problem hiding this comment.
Smoke review queued: validated inline comment creation and review submission for this PR.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · 362.3 AIC · ⌖ 23 AIC · ⊞ 19.1K
Comment /smoke-copilot to run again
Add label smoke to run again
|
Smoke tests run 28471598126: FAIL overall; see issue aw_smoke1 for details. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
|
🎉 This pull request is included in a new release. Release: |
This updates
gh-awto consumegh-aw-firewallv0.27.16and aligns embedded AWF config schema/artifacts with that release. The change is scoped to version pinning, schema sync, and regenerated outputs that depend on AWF release metadata.Version pin
DefaultFirewallVersioninpkg/constants/version_constants.go:AWF config schema sync
pkg/workflow/schemas/awf-config.schema.jsonfrom upstreamgh-aw-firewallv0.27.16canonical schema.apiProxy.maxTurnsHTTP status wording).Regenerated AWF-dependent artifacts
.github/workflows/*.lock.ymlto pick up the new AWF release pin and image metadata.pkg/workflow/testdata/TestWasmGolden_*to match regenerated compiler output.Release note/changelog plumbing
.changeset/patch-bump-awf-v0-27-16.md.✨ PR Review Safe Output Test - Run 28471293291
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.comSee Network Configuration for more information.