diff --git a/docs/template-markers.md b/docs/template-markers.md index 0acf8a9a..e390bbe9 100644 --- a/docs/template-markers.md +++ b/docs/template-markers.md @@ -133,11 +133,17 @@ For an agent named `My "special": agent`, this expands to: displayName: "My \"special\": agent" ``` -Used in `src/data/1es-base.yml` (1ES stage display name) and -`src/data/stage-base.yml` (stage-target stage display name). The marker -deliberately does **not** include the `-$(BuildID)` suffix that -[`{{ pipeline_agent_name }}`](#-pipeline_agent_name-) carries — stage labels are -static and don't need per-run uniqueness. +Used in all four base templates as the top-most user-facing +`displayName:`: + +- `src/data/base.yml` — standalone Agent job display name. +- `src/data/job-base.yml` — job-target Agent job display name. +- `src/data/1es-base.yml` — 1ES Agent stage display name. +- `src/data/stage-base.yml` — stage-target Agent stage display name. + +The marker deliberately does **not** include the `-$(BuildID)` suffix +that [`{{ pipeline_agent_name }}`](#-pipeline_agent_name-) carries — +stage and job labels are static and don't need per-run uniqueness. ## {{ pipeline_agent_name }} diff --git a/site/src/content/docs/reference/template-markers.mdx b/site/src/content/docs/reference/template-markers.mdx index 3599deb1..00f6acf6 100644 --- a/site/src/content/docs/reference/template-markers.mdx +++ b/site/src/content/docs/reference/template-markers.mdx @@ -106,7 +106,7 @@ Example: `name: Daily safe-output smoke: "noop" @nightly` → `Daily safe-output ## `{{ agent_display_name }}` -Replaced with the raw `name:` front matter value as a YAML double-quoted scalar (e.g., `"Daily Code Review"`). Used in the `displayName:` property of the outermost stage block in `target: stage` pipelines, and in the 1ES template's `templateContext.buildJob.displayName` property. +Replaced with the raw `name:` front matter value as a YAML double-quoted scalar (e.g., `"Daily Code Review"`). Used as the top-most user-facing `displayName:` in all four base templates: the Agent job displayName in `target: standalone` and `target: job` pipelines, and the Agent stage displayName in `target: stage` and 1ES pipelines. Always quoted to handle names that contain characters (such as `:`) that ADO would otherwise misparse as YAML mapping indicators. @@ -514,7 +514,7 @@ Should be replaced with the domain the AWF-sandboxed agent uses to reach MCPG on The 1ES target uses the same template markers as standalone, plus the 1ES-specific `extends:` / `stages:` / `templateContext` wrapping. The 1ES template includes `templateContext.type: buildJob` for all jobs, and the pool is specified at the top-level `parameters.pool` rather than per-job. -Both targets share the same execution model (Copilot CLI + AWF + MCPG) and the same set of template markers. The 1ES template additionally uses `{{ agent_display_name }}` for the `templateContext.buildJob.displayName` property (see above). +Both targets share the same execution model (Copilot CLI + AWF + MCPG) and the same set of template markers, including `{{ agent_display_name }}` (used in all four base templates — see above). ## Job/Stage Template Markers diff --git a/src/data/base.yml b/src/data/base.yml index 779905ed..be3783e3 100644 --- a/src/data/base.yml +++ b/src/data/base.yml @@ -16,7 +16,7 @@ resources: jobs: {{ setup_job }} - job: Agent - displayName: "Agent" + displayName: {{ agent_display_name }} {{ agentic_depends_on }} {{ job_timeout }} pool: diff --git a/src/data/job-base.yml b/src/data/job-base.yml index fb94231e..13e2f840 100644 --- a/src/data/job-base.yml +++ b/src/data/job-base.yml @@ -3,7 +3,7 @@ jobs: {{ setup_job }} - job: {{ stage_prefix }}_Agent - displayName: "Agent" + displayName: {{ agent_display_name }} {{ agentic_depends_on }} {{ job_timeout }} pool: diff --git a/tests/safe-outputs/add-build-tag.lock.yml b/tests/safe-outputs/add-build-tag.lock.yml index e4cf50bc..12a35d96 100644 --- a/tests/safe-outputs/add-build-tag.lock.yml +++ b/tests/safe-outputs/add-build-tag.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/add-build-tag.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/add-build-tag.md" version=0.30.2 name: "Daily safe-output smoke add-build-tag-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: add-build-tag" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,16 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for add-build-tag - - You are a smoke test. Call exactly one safe-output tool: `add-build-tag`. - Use these literal values (no improvisation) — the tag is applied to the - current build, so use `$(Build.BuildId)` as the build_id. - - - build_id: "$(Build.BuildId)" - - tag: "ado-aw-smoke-$(Build.BuildId)-add-build-tag" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/add-build-tag.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -211,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -228,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/add-build-tag.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/add-build-tag.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -337,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -509,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -547,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -556,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -571,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -581,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -598,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -804,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -819,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/add-pr-comment.lock.yml b/tests/safe-outputs/add-pr-comment.lock.yml index 681aad65..f29c8e04 100644 --- a/tests/safe-outputs/add-pr-comment.lock.yml +++ b/tests/safe-outputs/add-pr-comment.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/add-pr-comment.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/add-pr-comment.md" version=0.30.2 name: "Daily safe-output smoke add-pr-comment-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: add-pr-comment" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,17 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for add-pr-comment - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - the perma PR at `$(permaPullRequestId)`. Call exactly one safe-output - tool: `add-pr-comment`. Use these literal values (no improvisation): - - - pull_request_id: $(permaPullRequestId) - - content: "ado-aw-smoke-$(Build.BuildId)-add-pr-comment exercising the add-pr-comment safe output for build $(Build.BuildId)." - - repository: "self" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/add-pr-comment.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -212,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -229,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/add-pr-comment.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/add-pr-comment.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -338,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -510,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -548,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -557,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -572,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -582,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -599,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -805,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -820,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/comment-on-work-item.lock.yml b/tests/safe-outputs/comment-on-work-item.lock.yml index 9f3862dc..5d1b18a1 100644 --- a/tests/safe-outputs/comment-on-work-item.lock.yml +++ b/tests/safe-outputs/comment-on-work-item.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/comment-on-work-item.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/comment-on-work-item.md" version=0.30.2 name: "Daily safe-output smoke comment-on-work-item-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: comment-on-work-item" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,17 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for comment-on-work-item - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - a perma work item at `$(permaWorkItemId)`. Call exactly one safe-output - tool: `comment-on-work-item`. Use these literal values (no - improvisation): - - - work_item_id: $(permaWorkItemId) - - body: "ado-aw-smoke-$(Build.BuildId)-comment-on-work-item exercising the comment-on-work-item safe output for build $(Build.BuildId)." - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/comment-on-work-item.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -212,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -229,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/comment-on-work-item.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/comment-on-work-item.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -338,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -510,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -548,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -557,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -572,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -582,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -599,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -805,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -820,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/create-branch.lock.yml b/tests/safe-outputs/create-branch.lock.yml index fdd77694..418e665e 100644 --- a/tests/safe-outputs/create-branch.lock.yml +++ b/tests/safe-outputs/create-branch.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/create-branch.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/create-branch.md" version=0.30.2 name: "Daily safe-output smoke create-branch-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: create-branch" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,16 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for create-branch - - You are a smoke test. Call exactly one safe-output tool: `create-branch`. - Use these literal values (no improvisation): - - - branch_name: "ado-aw-smoke-$(Build.BuildId)-create-branch" - - source_branch: "main" - - repository: "self" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/create-branch.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -211,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -228,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/create-branch.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/create-branch.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -337,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -509,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -547,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -556,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -571,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -581,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -598,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -804,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -819,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/create-git-tag.lock.yml b/tests/safe-outputs/create-git-tag.lock.yml index f885b427..9dd49f92 100644 --- a/tests/safe-outputs/create-git-tag.lock.yml +++ b/tests/safe-outputs/create-git-tag.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/create-git-tag.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/create-git-tag.md" version=0.30.2 name: "Daily safe-output smoke create-git-tag-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: create-git-tag" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,16 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for create-git-tag - - You are a smoke test. Call exactly one safe-output tool: `create-git-tag`. - Use these literal values (no improvisation): - - - tag_name: "ado-aw-smoke-$(Build.BuildId)-create-git-tag" - - message: "ado-aw daily smoke exercising the create-git-tag safe output for build $(Build.BuildId)" - - repository: "self" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/create-git-tag.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -211,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -228,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/create-git-tag.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/create-git-tag.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -337,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -509,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -547,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -556,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -571,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -581,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -598,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -804,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -819,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/create-pull-request.lock.yml b/tests/safe-outputs/create-pull-request.lock.yml index e4c9ffac..acc08509 100644 --- a/tests/safe-outputs/create-pull-request.lock.yml +++ b/tests/safe-outputs/create-pull-request.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/create-pull-request.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/create-pull-request.md" version=0.30.2 name: "Daily safe-output smoke create-pull-request-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: create-pull-request" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,19 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for create-pull-request - - You are a smoke test. Call exactly one safe-output tool: - `create-pull-request`. First touch a file under the working tree so the - PR has a real diff — append the line - `ado-aw-smoke-$(Build.BuildId)-create-pull-request` to - `.ado-aw-smoke-marker` at the repo root. Then call - `create-pull-request` with these literal values (no improvisation): - - - title: "ado-aw-smoke-$(Build.BuildId)-create-pull-request" - - description: "ado-aw daily smoke exercising the create-pull-request safe output for build $(Build.BuildId). This draft PR will be abandoned by the weekly janitor." - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/create-pull-request.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -214,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -231,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/create-pull-request.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/create-pull-request.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -340,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -512,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -550,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -559,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -574,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -584,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -601,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -807,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -822,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/create-wiki-page.lock.yml b/tests/safe-outputs/create-wiki-page.lock.yml index 9cbcc76f..698656d0 100644 --- a/tests/safe-outputs/create-wiki-page.lock.yml +++ b/tests/safe-outputs/create-wiki-page.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/create-wiki-page.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/create-wiki-page.md" version=0.30.2 name: "Daily safe-output smoke create-wiki-page-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: create-wiki-page" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,16 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for create-wiki-page - - You are a smoke test. Call exactly one safe-output tool: `create-wiki-page`. - Use these literal values (no improvisation): - - - path: "/ado-aw-smoke-$(Build.BuildId)-create-wiki-page" - - content: "ado-aw daily smoke exercising the create-wiki-page safe output. Build ID $(Build.BuildId). This page will be deleted by the weekly janitor." - - comment: "ado-aw daily smoke build $(Build.BuildId)" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/create-wiki-page.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -211,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -228,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/create-wiki-page.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/create-wiki-page.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -337,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -509,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -547,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -556,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -571,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -581,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -598,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -804,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -819,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/create-work-item.lock.yml b/tests/safe-outputs/create-work-item.lock.yml index c2c97c90..1cbd41ab 100644 --- a/tests/safe-outputs/create-work-item.lock.yml +++ b/tests/safe-outputs/create-work-item.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/create-work-item.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/create-work-item.md" version=0.30.2 name: "Daily safe-output smoke create-work-item-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: create-work-item" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,15 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for create-work-item - - You are a smoke test. Call exactly one safe-output tool: `create-work-item`. - Use these literal values (no improvisation): - - - title: "ado-aw-smoke-$(Build.BuildId)-create-work-item" - - description: "ado-aw daily smoke exercising the create-work-item safe output. Build ID $(Build.BuildId). This work item will be deleted by the weekly janitor." - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/create-work-item.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -210,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -227,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/create-work-item.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/create-work-item.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -336,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -508,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -546,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -555,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -570,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -580,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -597,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -803,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -818,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/janitor.lock.yml b/tests/safe-outputs/janitor.lock.yml index 2a867776..fd6cde64 100644 --- a/tests/safe-outputs/janitor.lock.yml +++ b/tests/safe-outputs/janitor.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/janitor.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/janitor.md" version=0.30.2 name: "ado-aw smoke janitor-$(BuildID)" @@ -46,7 +46,7 @@ jobs: displayName: 'Cleanup: prune ado-aw-smoke-* artifacts older than 30 days' - job: Agent - displayName: "Agent" + displayName: "ado-aw smoke janitor" dependsOn: Setup timeoutInMinutes: 30 pool: @@ -70,7 +70,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -108,7 +108,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -117,7 +117,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -132,7 +132,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -209,15 +209,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Weekly ado-aw smoke janitor - - You are the weekly janitor. Setup has done the actual cleanup. Call - exactly one safe-output tool: `noop`. Use these literal values (no - improvisation): - - - context: "ado-aw smoke janitor build $(Build.BuildId) completed cleanup pass" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/janitor.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -232,7 +224,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -249,17 +241,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/janitor.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/janitor.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -358,7 +379,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -530,7 +551,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -568,7 +589,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -577,7 +598,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -592,7 +613,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -602,7 +623,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -619,16 +640,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -825,7 +846,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -840,7 +861,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/link-work-items.lock.yml b/tests/safe-outputs/link-work-items.lock.yml index a888fe73..c64ae17e 100644 --- a/tests/safe-outputs/link-work-items.lock.yml +++ b/tests/safe-outputs/link-work-items.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/link-work-items.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/link-work-items.md" version=0.30.2 name: "Daily safe-output smoke link-work-items-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: link-work-items" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,19 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for link-work-items - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - two perma work items at `$(permaWorkItemId)` and `$(permaWorkItem2Id)`. - Call exactly one safe-output tool: `link-work-items`. Use these literal - values (no improvisation): - - - source_id: $(permaWorkItemId) - - target_id: $(permaWorkItem2Id) - - link_type: "related" - - comment: "ado-aw-smoke-$(Build.BuildId)-link-work-items" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/link-work-items.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -214,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -231,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/link-work-items.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/link-work-items.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -340,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -512,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -550,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -559,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -574,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -584,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -601,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -807,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -822,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/missing-data.lock.yml b/tests/safe-outputs/missing-data.lock.yml index 2c1dc0bb..25c39c2d 100644 --- a/tests/safe-outputs/missing-data.lock.yml +++ b/tests/safe-outputs/missing-data.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/missing-data.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/missing-data.md" version=0.30.2 name: "Daily safe-output smoke missing-data-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: missing-data" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,16 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for missing-data - - You are a smoke test. Call exactly one safe-output tool: `missing-data`. - Use these literal values (no improvisation): - - - data_type: "smoke-fixture-data" - - reason: "ado-aw-smoke-$(Build.BuildId)-missing-data exercising the missing-data safe output" - - context: "ado-aw-smoke-$(Build.BuildId)-missing-data" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/missing-data.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -211,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -228,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/missing-data.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/missing-data.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -337,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -509,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -547,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -556,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -571,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -581,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -598,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -804,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -819,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/missing-tool.lock.yml b/tests/safe-outputs/missing-tool.lock.yml index 6f144045..772434d6 100644 --- a/tests/safe-outputs/missing-tool.lock.yml +++ b/tests/safe-outputs/missing-tool.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/missing-tool.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/missing-tool.md" version=0.30.2 name: "Daily safe-output smoke missing-tool-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: missing-tool" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,15 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for missing-tool - - You are a smoke test. Call exactly one safe-output tool: `missing-tool`. - Use these literal values (no improvisation): - - - tool_name: "ado-aw-smoke-$(Build.BuildId)-missing-tool" - - context: "ado-aw-smoke-$(Build.BuildId)-missing-tool exercising the missing-tool safe output" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/missing-tool.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -210,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -227,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/missing-tool.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/missing-tool.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -336,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -508,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -546,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -555,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -570,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -580,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -597,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -803,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -818,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/noop-target.lock.yml b/tests/safe-outputs/noop-target.lock.yml index 5467a889..64bf7ec9 100644 --- a/tests/safe-outputs/noop-target.lock.yml +++ b/tests/safe-outputs/noop-target.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/noop-target.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/noop-target.md" version=0.30.2 name: "ado-aw smoke noop target-$(BuildID)" @@ -12,7 +12,7 @@ resources: jobs: - job: Agent - displayName: "Agent" + displayName: "ado-aw smoke noop target" timeoutInMinutes: 5 pool: @@ -36,7 +36,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -74,7 +74,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -83,7 +83,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -98,7 +98,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -175,14 +175,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Noop target pipeline - - You are the no-op target of the `queue-build` smoke. Call exactly one - safe-output tool: `noop`. Use these literal values (no improvisation): - - - context: "ado-aw-smoke-noop-target build $(Build.BuildId) queued from queue-build smoke" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/noop-target.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -197,7 +190,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -214,17 +207,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/noop-target.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/noop-target.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -323,7 +345,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -495,7 +517,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -533,7 +555,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -542,7 +564,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -557,7 +579,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -567,7 +589,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -584,16 +606,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -777,7 +799,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -792,7 +814,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/noop.lock.yml b/tests/safe-outputs/noop.lock.yml index 90eced18..7a96402e 100644 --- a/tests/safe-outputs/noop.lock.yml +++ b/tests/safe-outputs/noop.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/noop.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/noop.md" version=0.30.2 name: "Daily safe-output smoke noop-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: noop" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,14 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for noop - - You are a smoke test. Call exactly one safe-output tool: `noop`. - Use these literal values (no improvisation): - - - context: "ado-aw-smoke-$(Build.BuildId)-noop" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/noop.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -209,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -226,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/noop.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/noop.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -335,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -507,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -545,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -554,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -569,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -579,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -596,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -802,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -817,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/queue-build.lock.yml b/tests/safe-outputs/queue-build.lock.yml index 97fbaf03..bd898696 100644 --- a/tests/safe-outputs/queue-build.lock.yml +++ b/tests/safe-outputs/queue-build.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/queue-build.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/queue-build.md" version=0.30.2 name: "Daily safe-output smoke queue-build-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: queue-build" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,18 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for queue-build - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - a no-op target pipeline at `$(noopPipelineId)`. Call exactly one - safe-output tool: `queue-build`. Use these literal values (no - improvisation): - - - pipeline_id: $(noopPipelineId) - - branch: "main" - - reason: "ado-aw-smoke-$(Build.BuildId)-queue-build" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/queue-build.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -213,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -230,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/queue-build.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/queue-build.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -339,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -511,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -549,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -558,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -573,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -583,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -600,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -806,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -821,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/reply-to-pr-comment.lock.yml b/tests/safe-outputs/reply-to-pr-comment.lock.yml index a1047d18..ab6c529c 100644 --- a/tests/safe-outputs/reply-to-pr-comment.lock.yml +++ b/tests/safe-outputs/reply-to-pr-comment.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/reply-to-pr-comment.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/reply-to-pr-comment.md" version=0.30.2 name: "Daily safe-output smoke reply-to-pr-comment-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: reply-to-pr-comment" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,19 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for reply-to-pr-comment - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - the perma PR at `$(permaPullRequestId)` and a perma thread on that PR - at `$(permaThreadId)`. Call exactly one safe-output tool: - `reply-to-pr-comment`. Use these literal values (no improvisation): - - - pull_request_id: $(permaPullRequestId) - - thread_id: $(permaThreadId) - - content: "ado-aw-smoke-$(Build.BuildId)-reply-to-pr-comment exercising the reply-to-pr-comment safe output for build $(Build.BuildId)." - - repository: "self" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/reply-to-pr-comment.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -214,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -231,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/reply-to-pr-comment.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/reply-to-pr-comment.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -340,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -512,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -550,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -559,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -574,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -584,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -601,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -807,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -822,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/report-incomplete.lock.yml b/tests/safe-outputs/report-incomplete.lock.yml index 89435d04..d8d3b0e4 100644 --- a/tests/safe-outputs/report-incomplete.lock.yml +++ b/tests/safe-outputs/report-incomplete.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/report-incomplete.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/report-incomplete.md" version=0.30.2 name: "Daily safe-output smoke report-incomplete-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: report-incomplete" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,15 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for report-incomplete - - You are a smoke test. Call exactly one safe-output tool: `report-incomplete`. - Use these literal values (no improvisation): - - - reason: "ado-aw-smoke-$(Build.BuildId)-report-incomplete exercising the report-incomplete safe output" - - context: "ado-aw-smoke-$(Build.BuildId)-report-incomplete" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/report-incomplete.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -210,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -227,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/report-incomplete.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/report-incomplete.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -336,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -508,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -546,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -555,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -570,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -580,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -597,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -803,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -818,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/resolve-pr-thread.lock.yml b/tests/safe-outputs/resolve-pr-thread.lock.yml index c8a8a37e..fc96ea10 100644 --- a/tests/safe-outputs/resolve-pr-thread.lock.yml +++ b/tests/safe-outputs/resolve-pr-thread.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/resolve-pr-thread.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/resolve-pr-thread.md" version=0.30.2 name: "Daily safe-output smoke resolve-pr-thread-$(BuildID)" @@ -40,7 +40,7 @@ jobs: displayName: 'Setup: open transient PR thread' - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: resolve-pr-thread" dependsOn: Setup timeoutInMinutes: 15 pool: @@ -64,7 +64,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -102,7 +102,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -111,7 +111,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -126,7 +126,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -203,19 +203,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for resolve-pr-thread - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - the perma PR at `$(permaPullRequestId)` and a thread to resolve at - `$(permaThreadId)`. Call exactly one safe-output tool: - `resolve-pr-thread`. Use these literal values (no improvisation): - - - pull_request_id: $(permaPullRequestId) - - thread_id: $(permaThreadId) - - status: "fixed" - - repository: "self" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/resolve-pr-thread.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -230,7 +218,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -247,17 +235,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/resolve-pr-thread.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/resolve-pr-thread.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -356,7 +373,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -528,7 +545,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -566,7 +583,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -575,7 +592,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -590,7 +607,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -600,7 +617,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -617,16 +634,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -823,7 +840,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -838,7 +855,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/smoke-failure-reporter.lock.yml b/tests/safe-outputs/smoke-failure-reporter.lock.yml index 3644dbcd..0cbe576a 100644 --- a/tests/safe-outputs/smoke-failure-reporter.lock.yml +++ b/tests/safe-outputs/smoke-failure-reporter.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/smoke-failure-reporter.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/smoke-failure-reporter.md" version=0.30.2 name: "ado-aw smoke failure reporter-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "ado-aw smoke failure reporter" timeoutInMinutes: 20 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,50 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke failure reporter - - You are the daily smoke failure reporter for the `ado-aw` safe-output - smoke suite running in the AgentPlayground ADO project. - - ### Tasks - - 1. Query the ADO REST `builds?api-version=7.1` endpoint of the - AgentPlayground project to fetch the most recent **completed** run - of every pipeline whose `definition.name` matches - `Daily safe-output smoke: *`. Use the read service connection's - `SYSTEM_ACCESSTOKEN`-equivalent bearer token already available to - you in the agent environment. - 2. For every run with `result != "succeeded"`: - 1. Search open issues on `githubnext/ado-aw` for one whose title - starts with `[smoke-failure] `. If one already - exists, skip this pipeline. - 2. Otherwise, call the `create-issue` safe output **exactly once - per failing pipeline** with: - - `title`: ` (build $(Build.BuildId))` - (the configured `title-prefix` is added automatically). - - `body`: a structured markdown report containing: - - pipeline name and definition ID, - - build URL (`_links.web.href`), - - finish time, - - `result` and `status`, - - the last 50 lines of the agent stage log if accessible. - - `labels`: `["pipeline-failure", "ado-aw-smoke"]` are added by - config; do **not** pass any agent-supplied labels — the fixture - sets `allowed-labels: []` (default-deny). - - ### Hard limits - - - The configured `max` budget is 5. If more than 5 pipelines are - failing, prioritise the ones with the earliest finish time and call - `report-incomplete` for the remainder. - - Do **not** call `create-issue` with a `target_repo` parameter. The - agent has no override; the target is fixed by the operator at - `githubnext/ado-aw`. - - The `ADO_AW_DEBUG_GITHUB_TOKEN` PAT is not visible to you. Stage 3 - uses it to authenticate against GitHub. - - After the appropriate `create-issue` calls (or one `report-incomplete` - call) have been emitted, stop. + {{#runtime-import tests/safe-outputs/smoke-failure-reporter.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -245,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -262,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/smoke-failure-reporter.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/smoke-failure-reporter.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -371,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -543,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -581,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -590,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -605,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -615,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -632,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -838,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -853,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/submit-pr-review.lock.yml b/tests/safe-outputs/submit-pr-review.lock.yml index b93d00c5..04fe44af 100644 --- a/tests/safe-outputs/submit-pr-review.lock.yml +++ b/tests/safe-outputs/submit-pr-review.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/submit-pr-review.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/submit-pr-review.md" version=0.30.2 name: "Daily safe-output smoke submit-pr-review-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: submit-pr-review" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,18 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for submit-pr-review - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - the perma PR at `$(permaPullRequestId)`. Call exactly one safe-output - tool: `submit-pr-review`. Use these literal values (no improvisation): - - - pull_request_id: $(permaPullRequestId) - - event: "comment" - - body: "ado-aw-smoke-$(Build.BuildId)-submit-pr-review exercising the submit-pr-review safe output for build $(Build.BuildId)." - - repository: "self" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/submit-pr-review.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -213,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -230,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/submit-pr-review.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/submit-pr-review.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -339,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -511,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -549,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -558,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -573,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -583,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -600,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -806,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -821,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/update-pr.lock.yml b/tests/safe-outputs/update-pr.lock.yml index 8e271d9c..cca7570b 100644 --- a/tests/safe-outputs/update-pr.lock.yml +++ b/tests/safe-outputs/update-pr.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/update-pr.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/update-pr.md" version=0.30.2 name: "Daily safe-output smoke update-pr-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: update-pr" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,20 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for update-pr - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - the perma PR at `$(permaPullRequestId)`. Call exactly one safe-output - tool: `update-pr`. Use the `update-description` operation only — vote / - add-reviewers / add-labels are not enabled in this fixture. Use these - literal values (no improvisation): - - - pull_request_id: $(permaPullRequestId) - - operation: "update-description" - - description: "ado-aw-smoke-$(Build.BuildId)-update-pr — perma-PR description last refreshed by build $(Build.BuildId) exercising the update-pr safe output." - - repository: "self" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/update-pr.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -215,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -232,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/update-pr.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/update-pr.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -341,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -513,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -551,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -560,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -575,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -585,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -602,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -808,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -823,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/update-wiki-page.lock.yml b/tests/safe-outputs/update-wiki-page.lock.yml index 2166c818..9d8c0693 100644 --- a/tests/safe-outputs/update-wiki-page.lock.yml +++ b/tests/safe-outputs/update-wiki-page.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/update-wiki-page.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/update-wiki-page.md" version=0.30.2 name: "Daily safe-output smoke update-wiki-page-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: update-wiki-page" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,17 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for update-wiki-page - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - a perma wiki page at `$(permaWikiPagePath)`. Call exactly one safe-output - tool: `update-wiki-page`. Use these literal values (no improvisation): - - - path: "$(permaWikiPagePath)" - - content: "ado-aw daily smoke exercising the update-wiki-page safe output. Last updated by build $(Build.BuildId)." - - comment: "ado-aw daily smoke build $(Build.BuildId)" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/update-wiki-page.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -212,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -229,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/update-wiki-page.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/update-wiki-page.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -338,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -510,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -548,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -557,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -572,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -582,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -599,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -805,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -820,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/update-work-item.lock.yml b/tests/safe-outputs/update-work-item.lock.yml index ab524b24..e4983166 100644 --- a/tests/safe-outputs/update-work-item.lock.yml +++ b/tests/safe-outputs/update-work-item.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/update-work-item.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/update-work-item.md" version=0.30.2 name: "Daily safe-output smoke update-work-item-$(BuildID)" @@ -24,7 +24,7 @@ trigger: none jobs: - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: update-work-item" timeoutInMinutes: 15 pool: @@ -48,7 +48,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -86,7 +86,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -95,7 +95,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -110,7 +110,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -187,17 +187,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for update-work-item - - You are a smoke test. The variable group `ado-aw-daily-smoke` provides - a perma work item at `$(permaWorkItemId)`. Call exactly one safe-output - tool: `update-work-item`. Update only the body. Use these literal values - (no improvisation): - - - id: $(permaWorkItemId) - - body: "ado-aw-smoke-$(Build.BuildId)-update-work-item — last updated by build $(Build.BuildId) exercising the update-work-item safe output." - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/update-work-item.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -212,7 +202,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -229,17 +219,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/update-work-item.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/update-work-item.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -338,7 +357,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -510,7 +529,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -548,7 +567,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -557,7 +576,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -572,7 +591,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -582,7 +601,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -599,16 +618,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -805,7 +824,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -820,7 +839,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/upload-build-attachment.lock.yml b/tests/safe-outputs/upload-build-attachment.lock.yml index 99874958..3d0109e7 100644 --- a/tests/safe-outputs/upload-build-attachment.lock.yml +++ b/tests/safe-outputs/upload-build-attachment.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/upload-build-attachment.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/upload-build-attachment.md" version=0.30.2 name: "Daily safe-output smoke upload-build-attachment-$(BuildID)" @@ -37,7 +37,7 @@ jobs: displayName: 'Setup: write smoke attachment payload' - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: upload-build-attachment" dependsOn: Setup timeoutInMinutes: 15 pool: @@ -61,7 +61,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -99,7 +99,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -108,7 +108,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -123,7 +123,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -200,17 +200,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for upload-build-attachment - - You are a smoke test. The setup job has written - `$(Build.ArtifactStagingDirectory)/ado-aw-smoke.txt`. Call exactly one - safe-output tool: `upload-build-attachment`. Use these literal values - (no improvisation): - - - artifact_name: "ado-aw-smoke-$(Build.BuildId)-upload-build-attachment" - - file_path: "$(Build.ArtifactStagingDirectory)/ado-aw-smoke.txt" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/upload-build-attachment.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -225,7 +215,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -242,17 +232,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/upload-build-attachment.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/upload-build-attachment.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -351,7 +370,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -523,7 +542,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -561,7 +580,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -570,7 +589,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -585,7 +604,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -595,7 +614,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -612,16 +631,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -818,7 +837,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -833,7 +852,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/upload-pipeline-artifact.lock.yml b/tests/safe-outputs/upload-pipeline-artifact.lock.yml index 3a20bd53..b1fffdfd 100644 --- a/tests/safe-outputs/upload-pipeline-artifact.lock.yml +++ b/tests/safe-outputs/upload-pipeline-artifact.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/upload-pipeline-artifact.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/upload-pipeline-artifact.md" version=0.30.2 name: "Daily safe-output smoke upload-pipeline-artifact-$(BuildID)" @@ -37,7 +37,7 @@ jobs: displayName: 'Setup: write smoke artifact payload' - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: upload-pipeline-artifact" dependsOn: Setup timeoutInMinutes: 15 pool: @@ -61,7 +61,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -99,7 +99,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -108,7 +108,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -123,7 +123,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -200,17 +200,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for upload-pipeline-artifact - - You are a smoke test. The setup job has written - `$(Build.ArtifactStagingDirectory)/ado-aw-smoke.txt`. Call exactly one - safe-output tool: `upload-pipeline-artifact`. Use these literal values - (no improvisation): - - - artifact_name: "ado-aw-smoke-$(Build.BuildId)-upload-pipeline-artifact" - - file_path: "$(Build.ArtifactStagingDirectory)/ado-aw-smoke.txt" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/upload-pipeline-artifact.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -225,7 +215,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -242,17 +232,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/upload-pipeline-artifact.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/upload-pipeline-artifact.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -351,7 +370,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -523,7 +542,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -561,7 +580,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -570,7 +589,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -585,7 +604,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -595,7 +614,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -612,16 +631,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -818,7 +837,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -833,7 +852,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler" diff --git a/tests/safe-outputs/upload-workitem-attachment.lock.yml b/tests/safe-outputs/upload-workitem-attachment.lock.yml index 58d94563..e5a2fa4b 100644 --- a/tests/safe-outputs/upload-workitem-attachment.lock.yml +++ b/tests/safe-outputs/upload-workitem-attachment.lock.yml @@ -1,5 +1,5 @@ # This file is auto-generated by ado-aw. Do not edit manually. -# @ado-aw source="tests/safe-outputs/upload-workitem-attachment.md" version=0.30.1 +# @ado-aw source="tests/safe-outputs/upload-workitem-attachment.md" version=0.30.2 name: "Daily safe-output smoke upload-workitem-attachment-$(BuildID)" @@ -37,7 +37,7 @@ jobs: displayName: 'Setup: write smoke attachment payload' - job: Agent - displayName: "Agent" + displayName: "Daily safe-output smoke: upload-workitem-attachment" dependsOn: Setup timeoutInMinutes: 15 pool: @@ -61,7 +61,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -99,7 +99,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -108,7 +108,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -123,7 +123,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | AGENTIC_PIPELINES_PATH="$(Pipeline.Workspace)/agentic-pipeline-compiler/ado-aw" @@ -200,20 +200,7 @@ jobs: - bash: | # Write agent instructions to /tmp so it's accessible inside AWF container cat > "/tmp/awf-tools/agent-prompt.md" << 'AGENT_PROMPT_EOF' - ## Daily smoke for upload-workitem-attachment - - You are a smoke test. The setup job has written - `$(Build.ArtifactStagingDirectory)/ado-aw-smoke.txt`. The variable group - `ado-aw-daily-smoke` provides a perma work item at - `$(permaWorkItemId)`. Call exactly one safe-output tool: - `upload-workitem-attachment`. Use these literal values (no - improvisation): - - - work_item_id: $(permaWorkItemId) - - file_path: "$(Build.ArtifactStagingDirectory)/ado-aw-smoke.txt" - - comment: "ado-aw-smoke-$(Build.BuildId)-upload-workitem-attachment" - - Do not call any other tool. After the safe output is emitted, stop. + {{#runtime-import tests/safe-outputs/upload-workitem-attachment.md}} AGENT_PROMPT_EOF echo "Agent prompt:" @@ -228,7 +215,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -245,17 +232,46 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - docker pull ghcr.io/github/gh-aw-mcpg:v0.3.7 - displayName: "Pre-pull AWF and MCPG container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-mcpg:v0.3.12 + displayName: "Pre-pull AWF and MCPG container images (v0.25.48)" + + - task: NodeTool@0 + inputs: + versionSpec: "20.x" + displayName: "Install Node.js 20.x" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + mkdir -p /tmp/ado-aw-scripts + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt + curl -fsSL "https://github.com/githubnext/ado-aw/releases/download/v0.30.2/ado-script.zip" -o /tmp/ado-aw-scripts/ado-script.zip + cd /tmp/ado-aw-scripts && grep "ado-script.zip" checksums.txt | sha256sum -c - + unzip -o /tmp/ado-aw-scripts/ado-script.zip -d /tmp/ado-aw-scripts/ + displayName: "Download ado-aw scripts (v0.30.2)" + timeoutInMinutes: 5 + condition: succeeded() + + - bash: | + set -eo pipefail + node '/tmp/ado-aw-scripts/ado-script/import.js' /tmp/awf-tools/agent-prompt.md --base "$(Build.SourcesDirectory)" + displayName: "Resolve runtime imports (agent prompt)" + condition: succeeded() + + - bash: | + # ado-aw-metadata: {"org":"","repo":"","schema":1,"source":"tests/safe-outputs/upload-workitem-attachment.md","target":"standalone","version":"0.30.2"} + echo 'ado-aw metadata: source=tests/safe-outputs/upload-workitem-attachment.md org= repo= version=0.30.2 target=standalone' + displayName: "ado-aw" - bash: | cat >> "/tmp/awf-tools/agent-prompt.md" << 'SAFEOUTPUTS_EOF' @@ -354,7 +370,7 @@ jobs: -e MCP_GATEWAY_API_KEY="$(MCP_GATEWAY_API_KEY)" \ \ \ - ghcr.io/github/gh-aw-mcpg:v0.3.7 \ + ghcr.io/github/gh-aw-mcpg:v0.3.12 \ --routed --listen 0.0.0.0:80 --config-stdin --log-dir /tmp/gh-aw/mcp-logs \ > "$GATEWAY_OUTPUT" 2> >(tee /tmp/gh-aw/mcp-logs/stderr.log >&2) & MCPG_PID=$! @@ -526,7 +542,7 @@ jobs: - bash: | set -euo pipefail TARBALL_NAME="copilot-linux-x64.tar.gz" - BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.47" + BASE_URL="https://github.com/github/copilot-cli/releases/download/v1.0.48" TARBALL_URL="$BASE_URL/$TARBALL_NAME" CHECKSUMS_URL="$BASE_URL/SHA256SUMS.txt" TOOLS_DIR="$(Agent.TempDirectory)/tools" @@ -564,7 +580,7 @@ jobs: echo "##vso[task.prependpath]$TOOLS_DIR" cp "$TOOLS_DIR/copilot" /tmp/awf-tools/copilot chmod +x /tmp/awf-tools/copilot - displayName: "Install Copilot CLI (v1.0.47)" + displayName: "Install Copilot CLI (v1.0.48)" - bash: | copilot --version @@ -573,7 +589,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -588,7 +604,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - task: DockerInstaller@0 displayName: "Install Docker" @@ -598,7 +614,7 @@ jobs: - bash: | set -eo pipefail - AWF_VERSION="0.25.44" + AWF_VERSION="0.25.48" DOWNLOAD_DIR="$(Pipeline.Workspace)/awf" DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64" CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt" @@ -615,16 +631,16 @@ jobs: chmod +x awf echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf" ./awf --version - displayName: "Download AWF (Agentic Workflow Firewall) v0.25.44" + displayName: "Download AWF (Agentic Workflow Firewall) v0.25.48" - bash: | set -eo pipefail - docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.44 - docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.44 - docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.44 ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.44 ghcr.io/github/gh-aw-firewall/agent:latest - displayName: "Pre-pull AWF container images (v0.25.44)" + docker pull ghcr.io/github/gh-aw-firewall/squid:0.25.48 + docker pull ghcr.io/github/gh-aw-firewall/agent:0.25.48 + docker tag ghcr.io/github/gh-aw-firewall/squid:0.25.48 ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:0.25.48 ghcr.io/github/gh-aw-firewall/agent:latest + displayName: "Pre-pull AWF container images (v0.25.48)" - bash: | mkdir -p "$(Build.SourcesDirectory)/safe_outputs" @@ -821,7 +837,7 @@ jobs: - bash: | set -eo pipefail - COMPILER_VERSION="0.30.1" + COMPILER_VERSION="0.30.2" DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler" DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64" CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt" @@ -836,7 +852,7 @@ jobs: grep "ado-aw-linux-x64" checksums.txt | sha256sum -c - mv ado-aw-linux-x64 ado-aw chmod +x ado-aw - displayName: "Download agentic pipeline compiler (v0.30.1)" + displayName: "Download agentic pipeline compiler (v0.30.2)" - bash: | ls -la "$(Pipeline.Workspace)/agentic-pipeline-compiler"