chore: upgrade gh-aw to v0.67.4 and disable secret-digger schedules#1860
Merged
chore: upgrade gh-aw to v0.67.4 and disable secret-digger schedules#1860
Conversation
- Upgrade all workflows from gh-aw v0.67.2 to v0.67.4 - Disable hourly schedule triggers on all 3 secret-digger workflows (Claude, Codex, Copilot) — they remain manually runnable via workflow_dispatch - Recompile all lock files and run post-processing Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades the repository’s agentic workflow automation to gh-aw v0.67.4 and reduces operational noise by disabling the hourly Secret Digger schedules, while keeping manual dispatch available.
Changes:
- Recompiled workflow lock files with gh-aw v0.67.4 (new metadata/manifest headers, updated pinned action SHAs, updated runtime scripts/steps).
- Removed
scheduletriggers from Secret Digger workflows (Claude/Codex/Copilot) to stop hourly runs. - Updated action pinning (
actions-lock.json) and refreshed gh-aw documentation links in the agent doc.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/update-release-notes.lock.yml | Recompiled to v0.67.4; updates setup action pin, runtime scripts, Safe Outputs generation wiring, and permissions. |
| .github/workflows/smoke-copilot.lock.yml | Recompiled to v0.67.4; updates setup action pin, schedule cron expansion, versions, and Copilot driver invocation. |
| .github/workflows/smoke-claude.lock.yml | Recompiled to v0.67.4; updates setup action pin, Claude CLI install pinning, Safe Outputs generation wiring, and minor runtime tweaks. |
| .github/workflows/smoke-chroot.lock.yml | Recompiled to v0.67.4; updates setup action pin, versions, and Safe Outputs generation wiring. |
| .github/workflows/security-guard.lock.yml | Recompiled to v0.67.4; updates setup action pin, Claude CLI install pinning, and Safe Outputs generation wiring. |
| .github/workflows/secret-digger-copilot.md | Removes hourly schedule trigger; keeps workflow_dispatch. |
| .github/workflows/secret-digger-codex.md | Removes hourly schedule trigger; keeps workflow_dispatch. |
| .github/workflows/secret-digger-claude.md | Removes hourly schedule trigger; keeps workflow_dispatch. |
| .github/workflows/secret-digger-claude.lock.yml | Recompiled to v0.67.4 and reflects schedule removal in the compiled workflow. |
| .github/workflows/cli-flag-consistency-checker.lock.yml | Recompiled to v0.67.4; includes an updated weekly cron expansion and Safe Outputs wiring changes. |
| .github/workflows/claude-token-usage-analyzer.lock.yml | Recompiled to v0.67.4; updates setup pin, AWF image tag, and Copilot driver invocation. |
| .github/workflows/ci-cd-gaps-assessment.lock.yml | Recompiled to v0.67.4; updates setup pin, schedule cron expansion, and Safe Outputs generation wiring. |
| .github/aw/actions-lock.json | Updates pinned gh-aw setup action versions/SHAs to v0.67.4. |
| .github/agents/agentic-workflows.agent.md | Updates gh-aw documentation links to point at v0.67.4. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 32/32 changed files
- Comments generated: 1
Comment on lines
42
to
44
| schedule: | ||
| - cron: "50 22 * * 1" | ||
| - cron: "49 21 * * 0" | ||
| # Friendly format: weekly (scattered) |
There was a problem hiding this comment.
This recompilation changes the effective weekly schedule from Monday 22:50 UTC to Sunday 21:49 UTC. Since the PR description only calls out disabling secret-digger schedules, can you confirm this broader schedule shift is intended for this workflow (and any others affected by recompilation)?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
1. Upgrade gh-aw v0.67.2 → v0.67.4
2. Disable secret-digger hourly schedules
scheduletriggers from all 3 secret-digger workflows (Claude, Codex, Copilot)workflow_dispatchso they can still be triggered manually when neededFiles changed
.mdfiles (secret-digger schedule removal).lock.ymlfiles (recompiled).github/agents/agentic-workflows.agent.md(doc link updates).github/aw/actions-lock.json(action version pins)