feat: container image digest pinning in actions-lock.json with update/upgrade integration

[Copilot]

Reconstructs #25619

All MCP container images (node:lts-alpine, ghcr.io/github/gh-aw-firewall/*, ghcr.io/github/gh-aw-mcpg, ghcr.io/github/github-mcp-server) were pulled by mutable tag with no SHA-256 pinning. This extends the existing action-pin infrastructure to cover Docker images.

Storage — actions-lock.json

New containers section alongside entries, keyed by image tag:

{
  "entries": { ... },
  "containers": {
    "node:lts-alpine": {
      "image": "node:lts-alpine",
      "digest": "sha256:abc123...",
      "pinned_image": "node:lts-alpine@sha256:abc123..."
    }
  }
}

ActionCache gains GetContainerPin / SetContainerPin / DeleteContainerPin. Loading a legacy file (no containers) is fully backward-compatible.

Compilation

• collectDockerImages applies cached pins, substituting tag@sha256:… for any image with a stored entry.
• WorkflowData.DockerImages accumulates the resolved (possibly pinned) refs so they can be surfaced in the lock file.
• WorkflowData.DockerImagePins accumulates full GHAWManifestContainer entries (image, digest, pinned_image) for the manifest.
• Lock file headers now emit a # Container images used: comment section.
• gh-aw-manifest JSON gains a "containers":[…] field with full structured container info including SHA-256 digest when available.

Update/Upgrade integration — pkg/cli/update_container_pins.go

UpdateContainerPins() is called from both gh aw update and gh aw upgrade (after action pins, before compile):

1. Scans existing .lock.yml files for download_docker_images.sh invocations to discover in-use image tags.
2. Resolves each tag's digest using three strategies in order:
   • docker buildx imagetools inspect (no pull, preferred — works when Docker daemon is running)
   • crane digest (no daemon required — works in CI environments without Docker socket)
   • docker pull + docker inspect (fallback that pulls the full image)
3. Saves pins to actions-lock.json; next compile embeds the @sha256:… suffix.
4. Docker/crane unavailability is non-fatal — the update/upgrade continues without pinning.

When images cannot be pinned, the failure summary now shows the per-image reason from each failed strategy (e.g. ghcr.io/github/github-mcp-server:v0.32.0: docker buildx imagetools: …; crane digest: …; docker pull + inspect: …) to aid diagnosis.

[pelikhan]

@copilot container sha resolution must receive a context from the caller.

[Copilot]

@copilot container sha resolution must receive a context from the caller.

Done in c45d5f6. UpdateContainerPins, resolveContainerDigest, resolveDigestViaBuildx, and resolveDigestViaPull all now accept a context.Context as their first parameter. The timeouts are derived from the caller's context via context.WithTimeout(ctx, ...) instead of context.Background(). The context flows from cmd.Context() in the RunE handlers through RunUpdateWorkflows / runUpgradeCommand down to the Docker CLI invocations.

[pelikhan]

@copilot merge main and recompile

[Copilot]

@copilot merge main and recompile

Done in b42ec6f. Merged origin/main, resolved the single lock-file conflict in test-quality-sentinel.lock.yml (keeping our containers-field manifest), rebuilt the binary, and recompiled all 187 workflows successfully.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw rvm35a4x (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility r.lock.yml (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Extends the existing action pinning/lock infrastructure to also track and apply Docker image digest pins, so workflows can pull immutable image@sha256:... references and record container usage in the embedded manifest.

Changes:

• Adds container pin storage to .github/aw/actions-lock.json via ActionCache CRUD APIs and deterministic JSON output.
• Updates compilation to (a) apply cached container digest pins and (b) emit container usage into # gh-aw-manifest plus a new lock header section.
• Integrates UpdateContainerPins() into gh aw update and gh aw upgrade to discover images from *.lock.yml files and resolve digests via Docker CLI.

Show a summary per file

File	Description
pkg/workflow/action_cache.go	Adds container pin storage/serialization alongside action pins.
pkg/workflow/safe_update_manifest.go	Extends embedded manifest schema to include container entries.
pkg/workflow/safe_update_manifest_test.go	Updates manifest constructor usage; tests currently don’t cover new container behavior.
pkg/workflow/compiler_yaml.go	Emits containers into manifest and adds “Container images used” header section.
pkg/workflow/compiler_types.go	Adds WorkflowData.DockerImages / DockerImagePins fields.
pkg/workflow/docker.go	Collects Docker images, applies cached digest pins, and stores container pin info into WorkflowData.
pkg/cli/update_container_pins.go	New: scans lock files, resolves image digests, persists pins to actions-lock.json.
pkg/cli/update_command.go	Wires context through update flow and calls UpdateContainerPins().
pkg/cli/update_command_test.go	Updates tests for new RunUpdateWorkflows(ctx, ...) signature.
pkg/cli/upgrade_command.go	Wires context through upgrade flow and calls UpdateContainerPins() before compilation.
.github/workflows/workflow-skill-extractor.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/workflow-health-manager.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/workflow-generator.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/weekly-editors-health-check.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/video-analyzer.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/update-astro.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/ubuntu-image-analyzer.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/typist.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/test-workflow.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/test-quality-sentinel.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/test-project-url-default.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/test-dispatcher.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/terminal-stylist.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/sub-issue-closer.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-workflow-call.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-workflow-call-with-inputs.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-temporary-id.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-service-ports.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-project.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-multi-pr.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-create-cross-repo-pr.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-agent-scoped-approved.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-agent-public-none.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-agent-public-approved.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-agent-all-none.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/smoke-agent-all-merged.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/semantic-function-refactor.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/security-compliance.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/schema-feature-coverage.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/research.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/repo-tree-map.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/refiner.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/pr-triage-agent.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/plan.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/notion-issue-summary.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/mergefest.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/layout-spec-maintainer.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/issue-triage-agent.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/issue-monster.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/issue-arborist.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/go-pattern-detector.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/github-remote-mcp-auth-test.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/functional-pragmatist.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/firewall.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/example-permissions-warning.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/duplicate-code-detector.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/draft-pr-cleanup.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/docs-noob-tester.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/discussion-task-miner.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/dictation-prompt.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/dev.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/design-decision-gate.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/dependabot-go-checker.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/dependabot-burner.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/delight.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-workflow-updater.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-testify-uber-super-expert.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-team-status.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-team-evolution-insights.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-syntax-error-quality.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-security-red-team.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-secrets-analysis.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-safe-outputs-conformance.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-safe-output-integrator.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-regulatory.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-malicious-code-scan.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-file-diet.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-fact.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-community-attribution.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-cli-performance.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-choice-test.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/daily-assign-issue-to-user.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/craft.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/copilot-cli-deep-research.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/contribution-check.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/commit-changes-analyzer.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/codex-github-remote-mcp-test.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/code-simplifier.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/cli-consistency-checker.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/changeset.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/breaking-change-checker.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/brave.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/bot-detection.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/blog-auditor.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/auto-triage-issues.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/artifacts-summary.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/architecture-guardian.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/archie.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/approach-validator.lock.yml	Regenerated lock header/manifest to include container list.
.github/workflows/ace-editor.lock.yml	Regenerated lock header/manifest to include container list.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 201/201 changed files
• Comments generated: 2

[Copilot]

The comment says this block adds a "container_pins" section, but the JSON key being written is "containers". Renaming the comment (or aligning terminology) would avoid confusion when debugging actions-lock.json output and matching it to the struct tags/docs.

[Copilot]

NewGHAWManifest now accepts container entries, but the tests here only pass nil and don't assert container sorting/deduplication or JSON serialization behavior (including omitempty fields). Adding a couple of test cases with repeated/unsorted containers (and with/without digest) would prevent regressions in the new manifest format.

[pelikhan]

@copilot review all comments

[github-actions]

Hey @Copilot 👋 — great work on reconstructing the container image digest pinning feature! This is a solid supply-chain security improvement that extends the existing action-pin infrastructure in a consistent, well-structured way.

The implementation looks clean and thorough — ContainerPin / GetContainerPin / SetContainerPin fit naturally alongside the existing ActionCacheEntry pattern, applyContainerPins is properly isolated, the Docker-unavailability non-fatal path is a nice defensive touch, and the 200 recompiled lock files confirm the manifest containers field is being emitted correctly across the board.

All checklist items pass:

• ✅ On-topic — extends the core action-pin security infrastructure to Docker images
• ✅ Follows process — Copilot agent-created PR, assigned to core team reviewer, detailed description
• ✅ Focused — single coherent feature; lock file recompilation is the expected side-effect of the manifest format change
• ✅ No new dependencies — go.mod is untouched
• ✅ Tests present — action_cache_container_pin_test.go, docker_pin_test.go, update_container_pins_test.go, and friends
• ✅ Description present — thorough PR body with JSON schema examples and integration details

This PR looks ready for maintainer review. 🚀

Generated by Contribution Check · ● 2.3M · ◷

[Copilot]

@copilot review all comments

Addressed both review comments in 5ba993d:

1. action_cache.go:230 — fixed the comment from container_pins to containers to match the actual JSON key.
2. safe_update_manifest_test.go — expanded TestNewGHAWManifest with three new table-driven cases (sorted/dedup containers, digest retained, nil containers produces empty list) and added TestNewGHAWManifestContainerDigest to cover sorting order, digest/pinned_image field values, and JSON omitempty behaviour (empty digest/pinned_image fields must be absent from the output).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -trimpath /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git -bool -buildtags 1/x64/bin/node git (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -c=4 -nolocalimports -importcfg /tmp/go-build3695279193/b411/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE y.s (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git 3953956619 cuiX4cYAj ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/xremote.origin.url /usr/bin/git plorer.md DK7hiKCNC ache/go/1.25.8/xinstall git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha GOMODCACHE go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link -o /tmp/go-build3695279193/b440/testutil.test -importcfg /opt/hostedtoolcache/node/24.14.1/x64/bin/node -s -w -buildmode=exe node (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha DefaultBranchFromLsRemoteWithRealGitmaster_branch2165970928/001' DefaultBranchFromLsRemoteWithRealGitmaster_branch2165970928/001' .cfg GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url env Onlymin-integrity_with_explicit_repo3422417576/001 mWUN/je0sAW_PMCveF_9lmWUN ache/go/1.25.8/x64/pkg/tool/linux_amd64/link GOINSECURE b/gh-aw/pkg/typerev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.8/x^remote\..*\.gh-resolved$ /usr/bin/git 6539/001/stabilibash om/modelcontextp-c ache/go/1.25.8/xexport GOROOT="/tmp/TestGetNpmBinPathSetup_GorootOrdering2945440826/001/go/1.25.0/x64"; export PATH="$(find "/tmp/TestGetNpmBinPathSetup_GorootOrdering2945440826/001" -maxdepth 4 -type d -name bin 2>/dev/null | tr '\n' ':')$PATH"; [ -n "$GO ROOT" ] && expo rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 1817643/b215/_pkgit pRaw/gwkwek_UF5vrev-parse 1/x64/bin/node git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git g_.a @v1.1.3/keyset/krev-parse 64/pkg/tool/linu--show-toplevel /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git y_with_repos=pubgit GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linuother /usr/bin/git ithout_min-integgit GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /tmp/gh-aw-test-git config /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git /tmp/gh-aw-test-git rev-parse mple.com/org/rep--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build4231817643/b243/importcfg -pack /home/REDACTED/go/pkg/mod/golang.org/x/text@v0.35.0/internal/language/compact/compact.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha 01 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE g/sig_other.s env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel 64/pkg/tool/linu--jq /usr/bin/git g_.a elect.go 64/pkg/tool/linu--show-toplevel /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git y_with_repos_arrgit LvhFNvMoO 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a oding@v0.5.4/isorev-parse 64/pkg/tool/linu--show-toplevel /usr/bin/git remo�� -v 64/pkg/tool/linuremote.origin.url /usr/bin/git g_.a i0dFibft1 64/pkg/tool/linu--show-toplevel git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha git-receive-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmaster_branch2165970928/001'git git-receive-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmaster_branch2165970928/001'rev-parse 1/x64/bin/node /tmp/go-build388git -trimpath 64/bin/go 1/x64/bin/node -C /tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_explicit_repo3422417576/001 remote /usr/bin/infocmp -json GO111MODULE 64/bin/go infocmp (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha --show-toplevel x_amd64/compile /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet g_.a @v1.19.2/scannerrev-parse 64/pkg/tool/linu--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha h4dMNFACW96jWeC15m8v/h4dMNFACW96jWeC15m8v -goversion /usr/bin/git -c=4 -nolocalimports -importcfg git -C /tmp/TestGuardPolicyBlockedUsersApprovalLabelsCompiledOutput752493760/001 config clusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle remote.origin.urgit GO111MODULE 64/bin/go git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha sistency_GoAndJavaScript1242517165/001/test-inlined-imports-enabremote.origin.url develop /usr/bin/git -c=4 -nolocalimports -importcfg git rev-�� --show-toplevel go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -json sonrpc2/conn.go 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linu-importcfg GOINSECURE GOMOD abis 64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/pkg/timeutil/format_test.go env 1157872132 deRMpwyMD util.test GOINSECURE GOMOD GOMODCACHE util.test (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 4GDF0MOYT 64/pkg/tool/linux_amd64/cgo GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/cgo env XMdlm1J_w GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu/tmp/file-tracker-test1730552866/test2.lock.yml (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name verutil.go 64/pkg/tool/linux_amd64/compile GOINSECURE essage 64/src/internal/user.email 64/pkg/tool/linutest@example.com env g_.a ke8fejfLv 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 0/message/catalog/catalog.go 64/pkg/tool/linux_amd64/compile GOINSECURE mic_wasm.o 64/src/internal/--show-toplevel 64/pkg/tool/linux_amd64/compile env g_.a fG0BeREzZ x_amd64/compile GOINSECURE t GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name 4/apic.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD abis 64/pkg/tool/linux_amd64/compile env g_.a sYAOo28ie 64/pkg/tool/linux_amd64/link GOINSECURE util GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 0/internal/format/format.go 64/pkg/tool/linux_amd64/compile GOINSECURE al_wasm.o 64/src/internal/bytealg/equal_wasm.s 64/pkg/tool/linux_amd64/compile env g_.a PcfUGjA_S ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name rotocol/go-sdk@v1.5.0/oauthex/auth_meta.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a tVIFB3NxN x_amd64/vet GOINSECURE go-sdk/auth GOMODCACHE x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name 5.0/internal/doc.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1157872132 bBouUBHdz ache/go/1.25.8/x64/pkg/tool/linu-nilfunc GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 NgK5Xenpy ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE 64/pkg/include env ortcfg GO111MODULE ache/go/1.25.8/x64/pkg/tool/linu-buildmode=exe GOINSECURE th_wasm.o 64/src/math/big/--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu-extld=gcc (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name 5.0/deviceauth.g-c=4 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD abis 64/pkg/tool/linu/tmp/go-build3695279193/b444/_testmain.go env 1157872132 Bzwz7Kv-X ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE go-sdk/oauthex GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 S1XHWmzm6 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a vohS5K4mu k GOINSECURE setup/js/node_mo/tmp/js-hash-test-3171506237/test-hash.js GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name rotocol/go-sdk@v1.5.0/auth/auth.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuTest User env 1157872132 NG8R67gve ger.test GOINSECURE go-sdk/mcp GOMODCACHE ger.test (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 h1Ee82J5b 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env ortcfg Ffi6x77fi x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path /tmp/go-build388-p -trimpath 64/bin/go -p main -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a 5-yTJqrnP x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuTest User /usr/bin/git 949966319 GO111MODULE (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha til.go o 64/pkg/tool/linux_amd64/compile GOINSECURE /norm GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a aTWjRYknE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE til GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-buildtags (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha xec.js (or misc/-errorsas GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json .go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json 4/arm64.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE lang/pkg/flatted-C GOMODCACHE x_amd64/compile 4682�� -json GO111MODULE x_amd64/compile Action pins syn/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/link GOMOD GOMODCACHE x_amd64/compile (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha g_.a GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go ortc�� asm go build -ldflags="-w -s" -o gh-aw.wasm ./cmd/gh-aw-wasm Ffa_H-Eee x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE empt_wasm.o 64/src/runtime/p--git-dir 64/pkg/tool/linux_amd64/vet env -json JWpi-bmPh ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build3695279193/b397/cli.test /tmp/go-build3695279193/b397/cli.test -test.testlogfile=/tmp/go-build3695279193/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -nolocalimports -importcfg /tmp/go-build4231817643/b169/importcfg -pack -alF�� /var/log node 64/bin/go prettier --write 64/bin/go go (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name /var/log node 64/bin/go prettier --write 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot find a more robust way to resolve image shas or add more logging

See https://github.com/github/gh-aw/actions/runs/24264530183/job/70856323704#step:7:1

[Copilot]

@copilot find a more robust way to resolve image shas or add more logging

See https://github.com/github/gh-aw/actions/runs/24264530183/job/70856323704#step:7:1

Done in a976904 + 11ed7ea. Two improvements:

More robust resolution — resolveContainerDigest now tries three strategies in order instead of two:

1. docker buildx imagetools inspect (daemon, no pull)
2. crane digest (no daemon required — works in CI environments where Docker socket isn't available)
3. docker pull + docker inspect (fallback that pulls full layers)

Better logging — when images fail, the summary now shows the reason for each image rather than just the image name:

⚠ Failed to resolve digest for 2 image(s) (Docker/crane may be unavailable):
  ghcr.io/github/gh-aw-firewall/agent:0.25.18: docker buildx imagetools: ...; crane digest: ...; docker pull + inspect: ...
  node:lts-alpine: docker buildx imagetools: ...; crane digest: ...; docker pull + inspect: ...

All three per-image error messages are concatenated with ; so the exact failure reason for each strategy is visible.

[pelikhan]

@copilot See error when running in action https://github.com/github/gh-aw/actions/runs/24265363003/job/70859007129#step:7:1

[Copilot]

@copilot See error when running in action https://github.com/github/gh-aw/actions/runs/24265363003/job/70859007129#step:7:1

Fixed in ed1f5a2. The CI log showed docker buildx imagetools inspect --format '{{.Manifest.Digest}}' was silently ignored by the buildx version on the runner — the full human-readable text was returned instead of just the digest, causing the sha256: prefix check to fail.

The fix drops the --format flag entirely and instead parses the stable Digest: line from the raw text output using a compiled regex (buildxDigestPattern). This works across all buildx versions since the Digest: line has been consistent in the text output format. Added TestBuildxDigestPattern with real samples from the failing CI run (including the multi-manifest OCI index case) to prevent regressions.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot does not seem to be able to resolve the sha of containers

https://github.com/github/gh-aw/actions/runs/24268033876/job/70867153360#step:7:1

[Copilot]

@copilot does not seem to be able to resolve the sha of containers

https://github.com/github/gh-aw/actions/runs/24268033876/job/70867153360#step:7:1

The SHA resolution is actually working in that run — the log shows ✓ Pinned 17 container image(s) before the failure. The job failed at the very end for a different reason: a transient GitHub API timeout when pushing the update branch (Unable to determine if workflow can be created or updated due to timeout; workflows scope may be required). That git push error is unrelated to container pinning. The fix from ed1f5a2 is working correctly.

[pelikhan]

@copilot show shas in logs

[Copilot]

@copilot show shas in logs

Done in 7835339. The success summary now shows the full image@sha256:... form for each pinned image instead of just the image name:

✓ Pinned 17 container image(s):
  • node:lts-alpine@sha256:8a9c88e23a...
  • ghcr.io/github/github-mcp-server:v0.32.0@sha256:d4c1fb9a3b...
  ...