From 9de91d8d855315430469bac95526bb3c3add5ab0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Jul 2026 14:33:07 +0000 Subject: [PATCH 1/7] Initial plan From 0960dff228f158291cfd63d8d94e1d3ababf0046 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Jul 2026 14:56:33 +0000 Subject: [PATCH 2/7] refactor: split logs_orchestrator.go into focused modules - Extract types into logs_orchestrator_types.go (87 lines) - Extract filter logic and ProcessedRun builder into logs_orchestrator_filters.go (184 lines) including new applyRunFilters and buildProcessedRun helpers that eliminate ~250 lines of duplication - Extract rendering into logs_orchestrator_render.go (158 lines) - Extract stdin processing into logs_orchestrator_stdin.go (229 lines) - Trim logs_orchestrator.go from 1284 to 603 lines - Add logs_orchestrator_filters_test.go with tests for new helpers Closes #44036 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/cli/logs_orchestrator.go | 719 +--------------------- pkg/cli/logs_orchestrator_filters.go | 184 ++++++ pkg/cli/logs_orchestrator_filters_test.go | 252 ++++++++ pkg/cli/logs_orchestrator_render.go | 158 +++++ pkg/cli/logs_orchestrator_stdin.go | 229 +++++++ pkg/cli/logs_orchestrator_types.go | 87 +++ 6 files changed, 929 insertions(+), 700 deletions(-) create mode 100644 pkg/cli/logs_orchestrator_filters.go create mode 100644 pkg/cli/logs_orchestrator_filters_test.go create mode 100644 pkg/cli/logs_orchestrator_render.go create mode 100644 pkg/cli/logs_orchestrator_stdin.go create mode 100644 pkg/cli/logs_orchestrator_types.go diff --git a/pkg/cli/logs_orchestrator.go b/pkg/cli/logs_orchestrator.go index f8a651bf7df..498dfb7c377 100644 --- a/pkg/cli/logs_orchestrator.go +++ b/pkg/cli/logs_orchestrator.go @@ -14,18 +14,15 @@ import ( "context" "errors" "fmt" - "math" "os" "path/filepath" "strings" "time" "github.com/github/gh-aw/pkg/console" - "github.com/github/gh-aw/pkg/constants" "github.com/github/gh-aw/pkg/envutil" "github.com/github/gh-aw/pkg/fileutil" "github.com/github/gh-aw/pkg/logger" - "github.com/github/gh-aw/pkg/parser" ) var logsOrchestratorLog = logger.New("cli:logs_orchestrator") @@ -96,45 +93,6 @@ func getMaxConcurrentDownloads() int { return envutil.GetIntFromEnv("GH_AW_MAX_CONCURRENT_DOWNLOADS", MaxConcurrentDownloads, 1, 100, logsOrchestratorLog) } -// matchEngineFilter checks whether the run recorded in awInfo matches the -// requested engine filter string. It returns (matches, detectedEngineID). -// detectedEngineID is "" when awInfo is unavailable or carries no engine_id. -func matchEngineFilter(awInfo *AwInfo, awInfoErr error, filterEngine string) (bool, string) { - if awInfoErr != nil || awInfo == nil || awInfo.EngineID == "" { - return false, "" - } - return awInfo.EngineID == filterEngine, awInfo.EngineID -} - -type LogsDownloadOptions struct { - WorkflowName string - Count int - StartDate string - EndDate string - OutputDir string - Engine string - Ref string - BeforeRunID int64 - AfterRunID int64 - RepoOverride string - Verbose bool - ToolGraph bool - NoStaged bool - FirewallOnly bool - NoFirewall bool - Parse bool - JSONOutput bool - TimeoutMinutes int - SummaryFile string - SafeOutputType string - FilteredIntegrity bool - Train bool - Format string - ArtifactSets []string - After string - ReportFile string -} - func shouldStopPagination(totalFetched, batchSize int) bool { return totalFetched < batchSize } @@ -158,17 +116,6 @@ func selectPaginationCursorDate(filteredRuns []WorkflowRun, oldestFetchedCreated // - countLimitReached: in fetchAllInRange mode the count cap was hit before the // date window was exhausted; the next page starts just before the oldest run // returned in this batch. -type continuationOptions struct { - workflowName string - startDate string - endDate string - engine string - branch string - afterRunID int64 - count int - timeoutMinutes int -} - func buildContinuationIfNeeded( processedRuns []ProcessedRun, timeoutReached, countLimitReached bool, @@ -318,6 +265,15 @@ func DownloadWorkflowLogs(ctx context.Context, opts LogsDownloadOptions) error { // and drives continuation-data generation so callers can page through the full range. var countLimitReached bool + filters := runFilterOpts{ + engine: engine, + noStaged: noStaged, + firewallOnly: firewallOnly, + noFirewall: noFirewall, + safeOutputType: safeOutputType, + filteredIntegrity: filteredIntegrity, + } + // Iterative algorithm: keep fetching runs until we have enough or exhaust available runs outerLoop: for iteration < MaxIterations { @@ -503,154 +459,11 @@ outerLoop: continue } - // Parse aw_info.json once for all filters that need it (optimization) - var awInfo *AwInfo - var awInfoErr error - awInfoPath := filepath.Join(result.LogsPath, "aw_info.json") - - // Only parse if we need it for any filter - if engine != "" || noStaged || firewallOnly || noFirewall { - awInfo, awInfoErr = parseAwInfo(awInfoPath, verbose) - } - - // Apply engine filtering if specified - if engine != "" { - engineMatches, detectedEngineID := matchEngineFilter(awInfo, awInfoErr, engine) - if !engineMatches { - if detectedEngineID == "" { - detectedEngineID = "unknown" - } - logsOrchestratorLog.Printf("Skipping run %d: engine filter=%s, detected=%s", result.Run.DatabaseID, engine, detectedEngineID) - if verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: engine '%s' does not match filter '%s'", result.Run.DatabaseID, detectedEngineID, engine))) - } - continue - } - } - - // Apply staged filtering if --no-staged flag is specified - if noStaged { - var isStaged bool - if awInfoErr == nil && awInfo != nil { - isStaged = awInfo.Staged - } - - if isStaged { - logsOrchestratorLog.Printf("Skipping run %d: staged workflow filtered by --no-staged", result.Run.DatabaseID) - if verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow is staged (filtered out by --no-staged)", result.Run.DatabaseID))) - } - continue - } - } - - // Apply firewall filtering if --firewall or --no-firewall flag is specified - if firewallOnly || noFirewall { - var hasFirewall bool - if awInfoErr == nil && awInfo != nil { - // Firewall is enabled if steps.firewall is non-empty (e.g., "squid") - hasFirewall = awInfo.Steps.Firewall != "" - } - - // Check if the run matches the filter - if firewallOnly && !hasFirewall { - logsOrchestratorLog.Printf("Skipping run %d: no firewall detected, filtered by --firewall", result.Run.DatabaseID) - if verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow does not use firewall (filtered by --firewall)", result.Run.DatabaseID))) - } - continue - } - if noFirewall && hasFirewall { - logsOrchestratorLog.Printf("Skipping run %d: firewall detected, filtered by --no-firewall", result.Run.DatabaseID) - if verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow uses firewall (filtered by --no-firewall)", result.Run.DatabaseID))) - } - continue - } - } - - // Apply safe output type filtering if --safe-output flag is specified - if safeOutputType != "" { - hasSafeOutputType, checkErr := runContainsSafeOutputType(result.LogsPath, safeOutputType, verbose) - if checkErr != nil && verbose { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to check safe output type for run %d: %v", result.Run.DatabaseID, checkErr))) - } - - if !hasSafeOutputType { - if verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: no '%s' safe output messages found", result.Run.DatabaseID, safeOutputType))) - } - continue - } - } - - // Apply filtered-integrity filtering if --filtered-integrity flag is specified - if filteredIntegrity { - hasFiltered, checkErr := runHasDifcFilteredItems(result.LogsPath, verbose) - if checkErr != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to check DIFC filtered items for run %d: %v", result.Run.DatabaseID, checkErr))) - continue - } - - if !hasFiltered { - logsOrchestratorLog.Printf("Skipping run %d: no DIFC filtered items found", result.Run.DatabaseID) - if verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: no DIFC integrity-filtered items found in gateway logs", result.Run.DatabaseID))) - } - continue - } - } - - // Update run with metrics and path - run := result.Run - run.TokenUsage = result.Metrics.TokenUsage - applyMetricsTurnsToRun(&run, result.Metrics) - run.AvgTimeBetweenTurns = result.Metrics.AvgTimeBetweenTurns - run.ErrorCount = 0 - run.WarningCount = 0 - run.LogsPath = result.LogsPath - - // Propagate effective tokens from cached firewall proxy summary when available - if result.TokenUsage != nil && result.TokenUsage.TotalEffectiveTokens > 0 { - run.EffectiveTokens = result.TokenUsage.TotalEffectiveTokens - } - - // Add failed jobs to error count - if failedJobCount, err := fetchJobStatuses(run.DatabaseID, verbose); err == nil { - run.ErrorCount += failedJobCount - if verbose && failedJobCount > 0 { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Added %d failed jobs to error count for run %d", failedJobCount, run.DatabaseID))) - } - } - - // Always use GitHub API timestamps for duration calculation - if !run.StartedAt.IsZero() && !run.UpdatedAt.IsZero() { - run.Duration = run.UpdatedAt.Sub(run.StartedAt) - // Estimate billable Actions minutes from wall-clock time. - // GitHub Actions bills per minute, rounded up per job. - run.ActionMinutes = math.Ceil(run.Duration.Minutes()) + if applyRunFilters(result, filters, verbose) { + continue } - processedRun := ProcessedRun{ - Run: run, - AwContext: result.AwContext, - TaskDomain: result.TaskDomain, - BehaviorFingerprint: result.BehaviorFingerprint, - AgenticAssessments: result.AgenticAssessments, - AccessAnalysis: result.AccessAnalysis, - FirewallAnalysis: result.FirewallAnalysis, - RedactedDomainsAnalysis: result.RedactedDomainsAnalysis, - MissingTools: result.MissingTools, - MissingData: result.MissingData, - Noops: result.Noops, - MCPFailures: result.MCPFailures, - MCPToolUsage: result.MCPToolUsage, - TokenUsage: result.TokenUsage, - GitHubRateLimitUsage: result.GitHubRateLimitUsage, - JobDetails: result.JobDetails, - } - processedRuns = append(processedRuns, processedRun) - batchProcessed++ + processedRun := buildProcessedRun(result, verbose) // If --parse flag is set, parse the agent log and write to log.md if parse { @@ -659,27 +472,30 @@ outerLoop: detectedEngine := extractEngineFromAwInfo(awInfoPath, verbose) if err := parseAgentLog(result.LogsPath, detectedEngine, verbose); err != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse log for run %d: %v", run.DatabaseID, err))) + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse log for run %d: %v", processedRun.Run.DatabaseID, err))) } else { // Always show success message for parsing, not just in verbose mode logMdPath := filepath.Join(result.LogsPath, "log.md") if fileutil.FileExists(logMdPath) { - fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed log for run %d → %s", run.DatabaseID, logMdPath))) + fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed log for run %d → %s", processedRun.Run.DatabaseID, logMdPath))) } } // Also parse firewall logs if they exist if err := parseFirewallLogs(result.LogsPath, verbose); err != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse firewall logs for run %d: %v", run.DatabaseID, err))) + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse firewall logs for run %d: %v", processedRun.Run.DatabaseID, err))) } else { // Show success message if firewall.md was created firewallMdPath := filepath.Join(result.LogsPath, "firewall.md") if fileutil.FileExists(firewallMdPath) { - fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed firewall logs for run %d → %s", run.DatabaseID, firewallMdPath))) + fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed firewall logs for run %d → %s", processedRun.Run.DatabaseID, firewallMdPath))) } } } + processedRuns = append(processedRuns, processedRun) + batchProcessed++ + // Stop processing this batch once we've collected enough runs. if len(processedRuns) >= count { break @@ -785,500 +601,3 @@ outerLoop: artifactFilter: artifactFilter, }) } - -// renderLogsOutputOptions holds configuration for renderLogsOutput. -type renderLogsOutputOptions struct { - outputDir string - summaryFile string - format string - reportFile string - jsonOutput bool - toolGraph bool - train bool - continuation *ContinuationData - verbose bool - artifactFilter []string -} - -// renderLogsOutput finalizes processedRuns and renders them in the appropriate output -// format: JSON, console metrics table, or cross-run audit report (pretty/markdown). -// continuation is optional and only set when a timeout was reached during a paginated download. -func renderLogsOutput(processedRuns []ProcessedRun, opts renderLogsOutputOptions) error { - // Update MissingToolCount, MissingDataCount, and NoopCount in runs - for i := range processedRuns { - processedRuns[i].Run.MissingToolCount = len(processedRuns[i].MissingTools) - processedRuns[i].Run.MissingDataCount = len(processedRuns[i].MissingData) - processedRuns[i].Run.NoopCount = len(processedRuns[i].Noops) - } - - // Build structured logs data - logsOrchestratorLog.Printf("Building logs data from %d processed runs (continuation=%t)", len(processedRuns), opts.continuation != nil) - logsData := buildLogsData(processedRuns, opts.outputDir, opts.continuation) - - // When only the usage artifact was downloaded, add a hint so consumers know how - // to fetch additional artifact sets (agent logs, firewall data, etc.). - if isUsageOnlyArtifactFilter(opts.artifactFilter) { - logsData.Message = usageOnlyArtifactHintMessage() - } - - // Write summary file if requested (default behavior unless disabled with empty string) - if opts.summaryFile != "" { - summaryPath := filepath.Join(opts.outputDir, opts.summaryFile) - if err := writeSummaryFile(summaryPath, logsData, opts.verbose); err != nil { - return fmt.Errorf("failed to write summary file: %w", err) - } - } - - // Train drain3 weights if requested. - if opts.train { - if err := TrainDrain3Weights(processedRuns, opts.outputDir, opts.verbose); err != nil { - return fmt.Errorf("log pattern training: %w", err) - } - } - - // Render output based on format preference. - switch opts.format { - case "tsv": - if opts.verbose { - renderLogsTSVVerbose(logsData) - } else { - renderLogsTSV(logsData) - } - renderLogsArtifactHint(os.Stderr, logsData.Message) - return nil - - case "markdown", "pretty": - inputs := make([]crossRunInput, 0, len(processedRuns)) - for _, pr := range processedRuns { - inputs = append(inputs, crossRunInput{ - RunID: pr.Run.DatabaseID, - WorkflowName: pr.Run.WorkflowName, - Conclusion: pr.Run.Conclusion, - Duration: pr.Run.Duration, - FirewallAnalysis: pr.FirewallAnalysis, - Metrics: LogMetrics{ - TokenUsage: pr.Run.TokenUsage, - Turns: pr.Run.Turns, - }, - MCPToolUsage: pr.MCPToolUsage, - MCPFailures: pr.MCPFailures, - ErrorCount: pr.Run.ErrorCount, - }) - } - report := buildCrossRunAuditReport(inputs) - if opts.jsonOutput { - return renderCrossRunReportJSON(report) - } - if opts.format == "pretty" { - renderCrossRunReportPretty(report) - renderLogsArtifactHint(os.Stderr, logsData.Message) - return nil - } - if opts.reportFile != "" { - if err := os.MkdirAll(filepath.Dir(opts.reportFile), constants.DirPermPublic); err != nil { - return fmt.Errorf("failed to create report file directory: %w", err) - } - f, err := os.Create(opts.reportFile) - if err != nil { - return fmt.Errorf("failed to create report file: %w", err) - } - if err := func() (retErr error) { - defer func() { - if cerr := f.Close(); cerr != nil && retErr == nil { - retErr = cerr - } - }() - oldStdout := os.Stdout - defer func() { os.Stdout = oldStdout }() - os.Stdout = f - renderCrossRunReportMarkdown(report) - return nil - }(); err != nil { - return fmt.Errorf("failed to write report file: %w", err) - } - } else { - renderCrossRunReportMarkdown(report) - } - renderLogsArtifactHint(os.Stderr, logsData.Message) - return nil - - case "console": - // Explicit console format: decorated tables for human reading - if opts.jsonOutput { - if err := renderLogsJSON(logsData, opts.verbose); err != nil { - return fmt.Errorf("failed to render JSON output: %w", err) - } - } else { - renderLogsConsole(logsData) - displayAggregatedGatewayMetrics(processedRuns, opts.outputDir, opts.verbose) - displayUnifiedTimeline(processedRuns, opts.verbose) - if opts.toolGraph { - generateToolGraph(processedRuns, opts.verbose) - } - renderLogsArtifactHint(os.Stderr, logsData.Message) - } - return nil - } - - // Default: compact format optimized for agentic consumption - if opts.jsonOutput { - if err := renderLogsJSON(logsData, opts.verbose); err != nil { - return fmt.Errorf("failed to render JSON output: %w", err) - } - } else { - if opts.verbose { - renderLogsCompactVerbose(logsData) - } else { - renderLogsCompact(logsData) - } - } - - return nil -} - -func renderLogsArtifactHint(w *os.File, message string) { - if message == "" { - return - } - fmt.Fprintf(w, "[hint] %s\n", message) -} - -// StdinLogsOptions holds parameters for DownloadWorkflowLogsFromStdin. -type StdinLogsOptions struct { - RunURLs []string - OutputDir string - Engine string - RepoOverride string - Verbose bool - ToolGraph bool - NoStaged bool - FirewallOnly bool - NoFirewall bool - Parse bool - JSONOutput bool - Timeout int - SummaryFile string - SafeOutputType string - FilteredIntegrity bool - Train bool - Format string - ReportFile string - // ArtifactSets defaults to nil (download all artifacts) when this API is used - // programmatically. The CLI passes ["usage"] to match the logs command default. - ArtifactSets []string -} - -// DownloadWorkflowLogsFromStdin fetches and processes workflow run logs for runs -// provided as IDs or URLs, bypassing the GitHub API run-discovery step. -// This is used when the --stdin flag is passed to the logs command. -func DownloadWorkflowLogsFromStdin(ctx context.Context, opts StdinLogsOptions) error { - logsOrchestratorLog.Printf("Starting stdin log download: runs=%d, outputDir=%s", len(opts.RunURLs), opts.OutputDir) - - if err := ValidateArtifactSets(opts.ArtifactSets); err != nil { - return err - } - artifactFilter := ResolveArtifactFilter(opts.ArtifactSets) - if len(artifactFilter) > 0 { - logsOrchestratorLog.Printf("Artifact filter active: %v", artifactFilter) - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage("Artifact filter: downloading only "+strings.Join(artifactFilter, ", "))) - } - } - - if err := ensureLogsGitignore(); err != nil { - logsOrchestratorLog.Printf("Failed to ensure logs .gitignore: %v", err) - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to ensure .github/aw/logs/.gitignore: %v", err))) - } - } - - select { - case <-ctx.Done(): - fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Operation cancelled")) - return ctx.Err() - default: - } - - if len(opts.RunURLs) == 0 { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage("No run IDs or URLs provided on stdin")) - return nil - } - - // Parse owner/repo (and optional GHES host) from --repo override if provided. - // Accepted formats: "owner/repo" or "HOST/owner/repo". - var hostOverride, ownerOverride, repoNameOverride string - if opts.RepoOverride != "" { - parts := strings.SplitN(opts.RepoOverride, "/", 3) - switch len(parts) { - case 3: // HOST/owner/repo - if parts[0] == "" || parts[1] == "" || parts[2] == "" { - return fmt.Errorf("invalid repository format '%s': expected '[HOST/]owner/repo'", opts.RepoOverride) - } - hostOverride, ownerOverride, repoNameOverride = parts[0], parts[1], parts[2] - case 2: // owner/repo - if parts[0] == "" || parts[1] == "" { - return fmt.Errorf("invalid repository format '%s': expected '[HOST/]owner/repo'", opts.RepoOverride) - } - ownerOverride, repoNameOverride = parts[0], parts[1] - default: - return fmt.Errorf("invalid repository format '%s': expected '[HOST/]owner/repo'", opts.RepoOverride) - } - } - - // Start timeout timer if specified - var startTime time.Time - if opts.Timeout > 0 { - startTime = time.Now() - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Timeout set to %d minutes", opts.Timeout))) - } - } - - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Fetching metadata for %d runs from stdin...", len(opts.RunURLs)))) - } - - // Build WorkflowRun objects by fetching metadata for each provided URL - var runs []WorkflowRun - for _, rawURL := range opts.RunURLs { - select { - case <-ctx.Done(): - fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Operation cancelled")) - return ctx.Err() - default: - } - - if opts.Timeout > 0 && time.Since(startTime).Seconds() >= float64(opts.Timeout)*60 { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Timeout reached before all run metadata could be fetched")) - break - } - - components, err := parser.ParseRunURLExtended(rawURL) - if err != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Skipping invalid run %q: %v", rawURL, err))) - continue - } - - // Prefer owner/repo embedded in the URL; fall back to --repo override. - // If neither source provides owner, the run cannot be fetched — return an - // actionable error rather than silently continuing with a broken API call. - owner := components.Owner - repo := components.Repo - host := components.Host - if owner == "" { - owner = ownerOverride - repo = repoNameOverride - if host == "" { - host = hostOverride - } - } - if owner == "" { - return fmt.Errorf("run %q does not include repository information; pass --repo owner/repo or provide full run URLs", rawURL) - } - - run, err := fetchWorkflowRunMetadata(ctx, components.Number, owner, repo, host, opts.Verbose) - if err != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Skipping run %d: failed to fetch metadata: %v", components.Number, err))) - continue - } - runs = append(runs, run) - } - - if len(runs) == 0 { - if opts.JSONOutput { - logsData := buildLogsData([]ProcessedRun{}, opts.OutputDir, nil) - logsData.Message = "No runs found. No valid runs could be loaded from the provided input." - if err := renderLogsJSON(logsData, opts.Verbose); err != nil { - return fmt.Errorf("failed to render JSON output: %w", err) - } - } - fmt.Fprintln(os.Stderr, console.FormatWarningMessage("No valid runs could be loaded from stdin")) - return nil - } - - // Download artifacts for all runs concurrently - downloadResults := downloadRunArtifactsConcurrent(ctx, runs, opts.OutputDir, opts.Verbose, len(runs), opts.RepoOverride, artifactFilter) - - // Process download results applying the same filters as DownloadWorkflowLogs - var processedRuns []ProcessedRun - for _, result := range downloadResults { - if result.Skipped { - if opts.Verbose && result.Error != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Skipping run %d: %v", result.Run.DatabaseID, result.Error))) - } - continue - } - - if result.Error != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to download artifacts for run %d: %v", result.Run.DatabaseID, result.Error))) - continue - } - - awInfoPath := filepath.Join(result.LogsPath, "aw_info.json") - var awInfo *AwInfo - var awInfoErr error - if opts.Engine != "" || opts.NoStaged || opts.FirewallOnly || opts.NoFirewall { - awInfo, awInfoErr = parseAwInfo(awInfoPath, opts.Verbose) - } - - if opts.Engine != "" { - engineMatches, detectedEngineID := matchEngineFilter(awInfo, awInfoErr, opts.Engine) - if !engineMatches { - if detectedEngineID == "" { - detectedEngineID = "unknown" - } - logsOrchestratorLog.Printf("Skipping run %d: engine filter=%s, detected=%s", result.Run.DatabaseID, opts.Engine, detectedEngineID) - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: engine '%s' does not match filter '%s'", result.Run.DatabaseID, detectedEngineID, opts.Engine))) - } - continue - } - } - - if opts.NoStaged { - var isStaged bool - if awInfoErr == nil && awInfo != nil { - isStaged = awInfo.Staged - } - if isStaged { - logsOrchestratorLog.Printf("Skipping run %d: staged workflow filtered by --no-staged", result.Run.DatabaseID) - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow is staged (filtered by --no-staged)", result.Run.DatabaseID))) - } - continue - } - } - - if opts.FirewallOnly || opts.NoFirewall { - var hasFirewall bool - if awInfoErr == nil && awInfo != nil { - hasFirewall = awInfo.Steps.Firewall != "" - } - if opts.FirewallOnly && !hasFirewall { - logsOrchestratorLog.Printf("Skipping run %d: no firewall detected, filtered by --firewall", result.Run.DatabaseID) - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow does not use firewall (filtered by --firewall)", result.Run.DatabaseID))) - } - continue - } - if opts.NoFirewall && hasFirewall { - logsOrchestratorLog.Printf("Skipping run %d: firewall detected, filtered by --no-firewall", result.Run.DatabaseID) - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow uses firewall (filtered by --no-firewall)", result.Run.DatabaseID))) - } - continue - } - } - - if opts.SafeOutputType != "" { - hasSafeOutputType, checkErr := runContainsSafeOutputType(result.LogsPath, opts.SafeOutputType, opts.Verbose) - if checkErr != nil && opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to check safe output type for run %d: %v", result.Run.DatabaseID, checkErr))) - } - if !hasSafeOutputType { - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: no '%s' safe output messages found", result.Run.DatabaseID, opts.SafeOutputType))) - } - continue - } - } - - if opts.FilteredIntegrity { - hasFiltered, checkErr := runHasDifcFilteredItems(result.LogsPath, opts.Verbose) - if checkErr != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to check DIFC filtered items for run %d: %v", result.Run.DatabaseID, checkErr))) - continue - } - if !hasFiltered { - logsOrchestratorLog.Printf("Skipping run %d: no DIFC filtered items found", result.Run.DatabaseID) - if opts.Verbose { - fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: no DIFC integrity-filtered items found in gateway logs", result.Run.DatabaseID))) - } - continue - } - } - - run := result.Run - run.TokenUsage = result.Metrics.TokenUsage - applyMetricsTurnsToRun(&run, result.Metrics) - run.AvgTimeBetweenTurns = result.Metrics.AvgTimeBetweenTurns - run.ErrorCount = 0 - run.WarningCount = 0 - run.LogsPath = result.LogsPath - - if result.TokenUsage != nil && result.TokenUsage.TotalEffectiveTokens > 0 { - run.EffectiveTokens = result.TokenUsage.TotalEffectiveTokens - } - if failedJobCount, err := fetchJobStatuses(run.DatabaseID, opts.Verbose); err == nil { - run.ErrorCount += failedJobCount - } - if !run.StartedAt.IsZero() && !run.UpdatedAt.IsZero() { - run.Duration = run.UpdatedAt.Sub(run.StartedAt) - run.ActionMinutes = math.Ceil(run.Duration.Minutes()) - } - - processedRun := ProcessedRun{ - Run: run, - AwContext: result.AwContext, - TaskDomain: result.TaskDomain, - BehaviorFingerprint: result.BehaviorFingerprint, - AgenticAssessments: result.AgenticAssessments, - AccessAnalysis: result.AccessAnalysis, - FirewallAnalysis: result.FirewallAnalysis, - RedactedDomainsAnalysis: result.RedactedDomainsAnalysis, - MissingTools: result.MissingTools, - MissingData: result.MissingData, - Noops: result.Noops, - MCPFailures: result.MCPFailures, - MCPToolUsage: result.MCPToolUsage, - TokenUsage: result.TokenUsage, - GitHubRateLimitUsage: result.GitHubRateLimitUsage, - JobDetails: result.JobDetails, - } - processedRuns = append(processedRuns, processedRun) - - if opts.Parse { - detectedEngine := extractEngineFromAwInfo(awInfoPath, opts.Verbose) - if err := parseAgentLog(result.LogsPath, detectedEngine, opts.Verbose); err != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse log for run %d: %v", run.DatabaseID, err))) - } else { - logMdPath := filepath.Join(result.LogsPath, "log.md") - if fileutil.FileExists(logMdPath) { - fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed log for run %d → %s", run.DatabaseID, logMdPath))) - } - } - if err := parseFirewallLogs(result.LogsPath, opts.Verbose); err != nil { - fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse firewall logs for run %d: %v", run.DatabaseID, err))) - } else { - firewallMdPath := filepath.Join(result.LogsPath, "firewall.md") - if fileutil.FileExists(firewallMdPath) { - fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed firewall logs for run %d → %s", run.DatabaseID, firewallMdPath))) - } - } - } - } - - if len(processedRuns) == 0 { - if opts.JSONOutput { - logsData := buildLogsData([]ProcessedRun{}, opts.OutputDir, nil) - logsData.Message = "No runs found matching the specified criteria." - if err := renderLogsJSON(logsData, opts.Verbose); err != nil { - return fmt.Errorf("failed to render JSON output: %w", err) - } - } - fmt.Fprintln(os.Stderr, console.FormatWarningMessage("No workflow runs with artifacts found matching the specified criteria")) - return nil - } - - return renderLogsOutput(processedRuns, renderLogsOutputOptions{ - outputDir: opts.OutputDir, - summaryFile: opts.SummaryFile, - format: opts.Format, - reportFile: opts.ReportFile, - jsonOutput: opts.JSONOutput, - toolGraph: opts.ToolGraph, - train: opts.Train, - verbose: opts.Verbose, - artifactFilter: artifactFilter, - }) -} diff --git a/pkg/cli/logs_orchestrator_filters.go b/pkg/cli/logs_orchestrator_filters.go new file mode 100644 index 00000000000..f9f671b9400 --- /dev/null +++ b/pkg/cli/logs_orchestrator_filters.go @@ -0,0 +1,184 @@ +// This file provides command-line interface functionality for gh-aw. +// This file (logs_orchestrator_filters.go) contains run-filter helpers for the +// logs orchestrator: deciding whether a downloaded run should be included in +// results and constructing a ProcessedRun from a DownloadResult. + +package cli + +import ( + "fmt" + "math" + "os" + "path/filepath" + + "github.com/github/gh-aw/pkg/console" +) + +// runFilterOpts bundles the filter flags passed to applyRunFilters. +type runFilterOpts struct { + engine string + noStaged bool + firewallOnly bool + noFirewall bool + safeOutputType string + filteredIntegrity bool +} + +// matchEngineFilter checks whether the run recorded in awInfo matches the +// requested engine filter string. It returns (matches, detectedEngineID). +// detectedEngineID is "" when awInfo is unavailable or carries no engine_id. +func matchEngineFilter(awInfo *AwInfo, awInfoErr error, filterEngine string) (bool, string) { + if awInfoErr != nil || awInfo == nil || awInfo.EngineID == "" { + return false, "" + } + return awInfo.EngineID == filterEngine, awInfo.EngineID +} + +// applyRunFilters applies all configured run filters to a DownloadResult. +// It parses aw_info.json once (lazily) when any filter that needs it is active. +// Returns true when the run should be skipped / excluded from results. +func applyRunFilters(result DownloadResult, opts runFilterOpts, verbose bool) bool { + // Parse aw_info.json once for all filters that need it (optimisation). + var awInfo *AwInfo + var awInfoErr error + if opts.engine != "" || opts.noStaged || opts.firewallOnly || opts.noFirewall { + awInfoPath := filepath.Join(result.LogsPath, "aw_info.json") + awInfo, awInfoErr = parseAwInfo(awInfoPath, verbose) + } + + // Apply engine filtering if specified. + if opts.engine != "" { + engineMatches, detectedEngineID := matchEngineFilter(awInfo, awInfoErr, opts.engine) + if !engineMatches { + if detectedEngineID == "" { + detectedEngineID = "unknown" + } + logsOrchestratorLog.Printf("Skipping run %d: engine filter=%s, detected=%s", result.Run.DatabaseID, opts.engine, detectedEngineID) + if verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: engine '%s' does not match filter '%s'", result.Run.DatabaseID, detectedEngineID, opts.engine))) + } + return true + } + } + + // Apply staged filtering if --no-staged flag is specified. + if opts.noStaged { + var isStaged bool + if awInfoErr == nil && awInfo != nil { + isStaged = awInfo.Staged + } + if isStaged { + logsOrchestratorLog.Printf("Skipping run %d: staged workflow filtered by --no-staged", result.Run.DatabaseID) + if verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow is staged (filtered out by --no-staged)", result.Run.DatabaseID))) + } + return true + } + } + + // Apply firewall filtering if --firewall or --no-firewall flag is specified. + if opts.firewallOnly || opts.noFirewall { + var hasFirewall bool + if awInfoErr == nil && awInfo != nil { + // Firewall is enabled if steps.firewall is non-empty (e.g. "squid"). + hasFirewall = awInfo.Steps.Firewall != "" + } + if opts.firewallOnly && !hasFirewall { + logsOrchestratorLog.Printf("Skipping run %d: no firewall detected, filtered by --firewall", result.Run.DatabaseID) + if verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow does not use firewall (filtered by --firewall)", result.Run.DatabaseID))) + } + return true + } + if opts.noFirewall && hasFirewall { + logsOrchestratorLog.Printf("Skipping run %d: firewall detected, filtered by --no-firewall", result.Run.DatabaseID) + if verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: workflow uses firewall (filtered by --no-firewall)", result.Run.DatabaseID))) + } + return true + } + } + + // Apply safe output type filtering if --safe-output flag is specified. + if opts.safeOutputType != "" { + hasSafeOutputType, checkErr := runContainsSafeOutputType(result.LogsPath, opts.safeOutputType, verbose) + if checkErr != nil && verbose { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to check safe output type for run %d: %v", result.Run.DatabaseID, checkErr))) + } + if !hasSafeOutputType { + if verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: no '%s' safe output messages found", result.Run.DatabaseID, opts.safeOutputType))) + } + return true + } + } + + // Apply filtered-integrity filtering if --filtered-integrity flag is specified. + if opts.filteredIntegrity { + hasFiltered, checkErr := runHasDifcFilteredItems(result.LogsPath, verbose) + if checkErr != nil { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to check DIFC filtered items for run %d: %v", result.Run.DatabaseID, checkErr))) + return true + } + if !hasFiltered { + logsOrchestratorLog.Printf("Skipping run %d: no DIFC filtered items found", result.Run.DatabaseID) + if verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Skipping run %d: no DIFC integrity-filtered items found in gateway logs", result.Run.DatabaseID))) + } + return true + } + } + + return false +} + +// buildProcessedRun constructs a ProcessedRun from a DownloadResult, computing +// duration, action minutes, effective tokens, and job-failure counts. +func buildProcessedRun(result DownloadResult, verbose bool) ProcessedRun { + run := result.Run + run.TokenUsage = result.Metrics.TokenUsage + applyMetricsTurnsToRun(&run, result.Metrics) + run.AvgTimeBetweenTurns = result.Metrics.AvgTimeBetweenTurns + run.ErrorCount = 0 + run.WarningCount = 0 + run.LogsPath = result.LogsPath + + // Propagate effective tokens from cached firewall proxy summary when available. + if result.TokenUsage != nil && result.TokenUsage.TotalEffectiveTokens > 0 { + run.EffectiveTokens = result.TokenUsage.TotalEffectiveTokens + } + + // Add failed jobs to error count. + if failedJobCount, err := fetchJobStatuses(run.DatabaseID, verbose); err == nil { + run.ErrorCount += failedJobCount + if verbose && failedJobCount > 0 { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Added %d failed jobs to error count for run %d", failedJobCount, run.DatabaseID))) + } + } + + // Always use GitHub API timestamps for duration calculation. + // GitHub Actions bills per minute, rounded up per job. + if !run.StartedAt.IsZero() && !run.UpdatedAt.IsZero() { + run.Duration = run.UpdatedAt.Sub(run.StartedAt) + run.ActionMinutes = math.Ceil(run.Duration.Minutes()) + } + + return ProcessedRun{ + Run: run, + AwContext: result.AwContext, + TaskDomain: result.TaskDomain, + BehaviorFingerprint: result.BehaviorFingerprint, + AgenticAssessments: result.AgenticAssessments, + AccessAnalysis: result.AccessAnalysis, + FirewallAnalysis: result.FirewallAnalysis, + RedactedDomainsAnalysis: result.RedactedDomainsAnalysis, + MissingTools: result.MissingTools, + MissingData: result.MissingData, + Noops: result.Noops, + MCPFailures: result.MCPFailures, + MCPToolUsage: result.MCPToolUsage, + TokenUsage: result.TokenUsage, + GitHubRateLimitUsage: result.GitHubRateLimitUsage, + JobDetails: result.JobDetails, + } +} diff --git a/pkg/cli/logs_orchestrator_filters_test.go b/pkg/cli/logs_orchestrator_filters_test.go new file mode 100644 index 00000000000..30207f033af --- /dev/null +++ b/pkg/cli/logs_orchestrator_filters_test.go @@ -0,0 +1,252 @@ +//go:build !integration + +package cli + +import ( + "os" + "path/filepath" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// makeDownloadResult creates a DownloadResult pointing at a temporary directory +// that optionally contains an aw_info.json file. +func makeDownloadResult(t *testing.T, awInfoJSON string) DownloadResult { + t.Helper() + tmpDir := t.TempDir() + if awInfoJSON != "" { + require.NoError(t, os.WriteFile(filepath.Join(tmpDir, "aw_info.json"), []byte(awInfoJSON), 0644)) + } + return DownloadResult{ + Run: WorkflowRun{DatabaseID: 42}, + LogsPath: tmpDir, + } +} + +// TestApplyRunFilters_NoFilters verifies that an empty runFilterOpts always +// passes every run through (returns false = do not skip). +func TestApplyRunFilters_NoFilters(t *testing.T) { + result := makeDownloadResult(t, `{"engine_id":"claude"}`) + skip := applyRunFilters(result, runFilterOpts{}, false) + assert.False(t, skip, "no filters should never skip a run") +} + +// TestApplyRunFilters_Engine exercises both the matching and non-matching engine cases. +func TestApplyRunFilters_Engine(t *testing.T) { + tests := []struct { + name string + awInfo string + filterEngine string + wantSkip bool + }{ + { + name: "matching engine passes", + awInfo: `{"engine_id":"claude"}`, + filterEngine: "claude", + wantSkip: false, + }, + { + name: "non-matching engine skipped", + awInfo: `{"engine_id":"copilot"}`, + filterEngine: "claude", + wantSkip: true, + }, + { + name: "missing aw_info skipped", + awInfo: "", // no file + filterEngine: "claude", + wantSkip: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := makeDownloadResult(t, tt.awInfo) + skip := applyRunFilters(result, runFilterOpts{engine: tt.filterEngine}, false) + assert.Equal(t, tt.wantSkip, skip) + }) + } +} + +// TestApplyRunFilters_NoStaged verifies that --no-staged skips staged runs. +func TestApplyRunFilters_NoStaged(t *testing.T) { + tests := []struct { + name string + awInfo string + wantSkip bool + }{ + { + name: "staged run is skipped", + awInfo: `{"staged":true}`, + wantSkip: true, + }, + { + name: "non-staged run passes", + awInfo: `{"staged":false}`, + wantSkip: false, + }, + { + name: "missing staged field treated as false", + awInfo: `{}`, + wantSkip: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := makeDownloadResult(t, tt.awInfo) + skip := applyRunFilters(result, runFilterOpts{noStaged: true}, false) + assert.Equal(t, tt.wantSkip, skip) + }) + } +} + +// TestApplyRunFilters_Firewall verifies both --firewall and --no-firewall. +func TestApplyRunFilters_Firewall(t *testing.T) { + withFirewall := `{"steps":{"firewall":"squid"}}` + noFirewall := `{"steps":{}}` + + tests := []struct { + name string + awInfo string + firewallOnly bool + noFirewall bool + wantSkip bool + }{ + { + name: "firewallOnly: run with firewall passes", + awInfo: withFirewall, + firewallOnly: true, + wantSkip: false, + }, + { + name: "firewallOnly: run without firewall skipped", + awInfo: noFirewall, + firewallOnly: true, + wantSkip: true, + }, + { + name: "noFirewall: run without firewall passes", + awInfo: noFirewall, + noFirewall: true, + wantSkip: false, + }, + { + name: "noFirewall: run with firewall skipped", + awInfo: withFirewall, + noFirewall: true, + wantSkip: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := makeDownloadResult(t, tt.awInfo) + skip := applyRunFilters(result, runFilterOpts{firewallOnly: tt.firewallOnly, noFirewall: tt.noFirewall}, false) + assert.Equal(t, tt.wantSkip, skip) + }) + } +} + +// TestApplyRunFilters_SafeOutputType verifies safe-output-type filtering. +// When no agent_output.json is present, the run is skipped. +func TestApplyRunFilters_SafeOutputType(t *testing.T) { + t.Run("no agent_output.json skips run", func(t *testing.T) { + result := makeDownloadResult(t, "") // no aw_info.json either + skip := applyRunFilters(result, runFilterOpts{safeOutputType: "create-issue"}, false) + assert.True(t, skip) + }) + + t.Run("matching safe output type passes", func(t *testing.T) { + tmpDir := t.TempDir() + agentOutput := `{"items":[{"type":"create-issue"}]}` + require.NoError(t, os.WriteFile(filepath.Join(tmpDir, "agent_output.json"), []byte(agentOutput), 0644)) + result := DownloadResult{Run: WorkflowRun{DatabaseID: 1}, LogsPath: tmpDir} + skip := applyRunFilters(result, runFilterOpts{safeOutputType: "create-issue"}, false) + assert.False(t, skip) + }) + + t.Run("non-matching safe output type skips run", func(t *testing.T) { + tmpDir := t.TempDir() + agentOutput := `{"items":[{"type":"add-comment"}]}` + require.NoError(t, os.WriteFile(filepath.Join(tmpDir, "agent_output.json"), []byte(agentOutput), 0644)) + result := DownloadResult{Run: WorkflowRun{DatabaseID: 2}, LogsPath: tmpDir} + skip := applyRunFilters(result, runFilterOpts{safeOutputType: "create-issue"}, false) + assert.True(t, skip) + }) +} + +// TestBuildProcessedRun verifies that buildProcessedRun correctly populates +// the ProcessedRun fields from a DownloadResult. +func TestBuildProcessedRun(t *testing.T) { + t.Run("basic fields are propagated", func(t *testing.T) { + now := time.Now() + awCtx := &AwContext{Repo: "owner/repo"} + result := DownloadResult{ + Run: WorkflowRun{ + DatabaseID: 1234, + StartedAt: now.Add(-5 * time.Minute), + UpdatedAt: now, + }, + LogsPath: "/tmp/test-run", + AwContext: awCtx, + } + + pr := buildProcessedRun(result, false) + + assert.Equal(t, int64(1234), pr.Run.DatabaseID) + assert.Equal(t, "/tmp/test-run", pr.Run.LogsPath) + assert.Equal(t, awCtx, pr.AwContext) + assert.Equal(t, 0, pr.Run.ErrorCount) + assert.Equal(t, 0, pr.Run.WarningCount) + }) + + t.Run("duration and action minutes are computed", func(t *testing.T) { + base := time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC) + result := DownloadResult{ + Run: WorkflowRun{ + DatabaseID: 999, + StartedAt: base, + UpdatedAt: base.Add(90 * time.Second), // 1.5 minutes + }, + LogsPath: t.TempDir(), + } + + pr := buildProcessedRun(result, false) + + assert.Equal(t, 90*time.Second, pr.Run.Duration) + assert.InDelta(t, 2.0, pr.Run.ActionMinutes, 0.001) // ceil(1.5) = 2 + }) + + t.Run("zero timestamps leave duration unset", func(t *testing.T) { + result := DownloadResult{ + Run: WorkflowRun{DatabaseID: 7}, + LogsPath: t.TempDir(), + } + pr := buildProcessedRun(result, false) + assert.Equal(t, time.Duration(0), pr.Run.Duration) + assert.InDelta(t, 0.0, pr.Run.ActionMinutes, 0.001) + }) + + t.Run("effective tokens are propagated", func(t *testing.T) { + usage := &TokenUsageSummary{TotalEffectiveTokens: 5000} + result := DownloadResult{ + Run: WorkflowRun{DatabaseID: 3}, + LogsPath: t.TempDir(), + TokenUsage: usage, + } + pr := buildProcessedRun(result, false) + assert.Equal(t, 5000, pr.Run.EffectiveTokens) + }) + + t.Run("zero effective tokens not propagated", func(t *testing.T) { + usage := &TokenUsageSummary{TotalEffectiveTokens: 0} + result := DownloadResult{ + Run: WorkflowRun{DatabaseID: 4}, + LogsPath: t.TempDir(), + TokenUsage: usage, + } + pr := buildProcessedRun(result, false) + assert.Equal(t, 0, pr.Run.EffectiveTokens) + }) +} diff --git a/pkg/cli/logs_orchestrator_render.go b/pkg/cli/logs_orchestrator_render.go new file mode 100644 index 00000000000..f1dbb515ef7 --- /dev/null +++ b/pkg/cli/logs_orchestrator_render.go @@ -0,0 +1,158 @@ +// This file provides command-line interface functionality for gh-aw. +// This file (logs_orchestrator_render.go) contains output-rendering helpers for the +// logs orchestrator: transforming []ProcessedRun into console, JSON, markdown, +// TSV, or "pretty" cross-run audit output. + +package cli + +import ( + "fmt" + "os" + "path/filepath" + + "github.com/github/gh-aw/pkg/constants" +) + +// renderLogsOutput finalizes processedRuns and renders them in the appropriate output +// format: JSON, console metrics table, or cross-run audit report (pretty/markdown). +// continuation is optional and only set when a timeout was reached during a paginated download. +func renderLogsOutput(processedRuns []ProcessedRun, opts renderLogsOutputOptions) error { + // Update MissingToolCount, MissingDataCount, and NoopCount in runs + for i := range processedRuns { + processedRuns[i].Run.MissingToolCount = len(processedRuns[i].MissingTools) + processedRuns[i].Run.MissingDataCount = len(processedRuns[i].MissingData) + processedRuns[i].Run.NoopCount = len(processedRuns[i].Noops) + } + + // Build structured logs data + logsOrchestratorLog.Printf("Building logs data from %d processed runs (continuation=%t)", len(processedRuns), opts.continuation != nil) + logsData := buildLogsData(processedRuns, opts.outputDir, opts.continuation) + + // When only the usage artifact was downloaded, add a hint so consumers know how + // to fetch additional artifact sets (agent logs, firewall data, etc.). + if isUsageOnlyArtifactFilter(opts.artifactFilter) { + logsData.Message = usageOnlyArtifactHintMessage() + } + + // Write summary file if requested (default behavior unless disabled with empty string) + if opts.summaryFile != "" { + summaryPath := filepath.Join(opts.outputDir, opts.summaryFile) + if err := writeSummaryFile(summaryPath, logsData, opts.verbose); err != nil { + return fmt.Errorf("failed to write summary file: %w", err) + } + } + + // Train drain3 weights if requested. + if opts.train { + if err := TrainDrain3Weights(processedRuns, opts.outputDir, opts.verbose); err != nil { + return fmt.Errorf("log pattern training: %w", err) + } + } + + // Render output based on format preference. + switch opts.format { + case "tsv": + if opts.verbose { + renderLogsTSVVerbose(logsData) + } else { + renderLogsTSV(logsData) + } + renderLogsArtifactHint(os.Stderr, logsData.Message) + return nil + + case "markdown", "pretty": + inputs := make([]crossRunInput, 0, len(processedRuns)) + for _, pr := range processedRuns { + inputs = append(inputs, crossRunInput{ + RunID: pr.Run.DatabaseID, + WorkflowName: pr.Run.WorkflowName, + Conclusion: pr.Run.Conclusion, + Duration: pr.Run.Duration, + FirewallAnalysis: pr.FirewallAnalysis, + Metrics: LogMetrics{ + TokenUsage: pr.Run.TokenUsage, + Turns: pr.Run.Turns, + }, + MCPToolUsage: pr.MCPToolUsage, + MCPFailures: pr.MCPFailures, + ErrorCount: pr.Run.ErrorCount, + }) + } + report := buildCrossRunAuditReport(inputs) + if opts.jsonOutput { + return renderCrossRunReportJSON(report) + } + if opts.format == "pretty" { + renderCrossRunReportPretty(report) + renderLogsArtifactHint(os.Stderr, logsData.Message) + return nil + } + if opts.reportFile != "" { + if err := os.MkdirAll(filepath.Dir(opts.reportFile), constants.DirPermPublic); err != nil { + return fmt.Errorf("failed to create report file directory: %w", err) + } + f, err := os.Create(opts.reportFile) + if err != nil { + return fmt.Errorf("failed to create report file: %w", err) + } + if err := func() (retErr error) { + defer func() { + if cerr := f.Close(); cerr != nil && retErr == nil { + retErr = cerr + } + }() + oldStdout := os.Stdout + defer func() { os.Stdout = oldStdout }() + os.Stdout = f + renderCrossRunReportMarkdown(report) + return nil + }(); err != nil { + return fmt.Errorf("failed to write report file: %w", err) + } + } else { + renderCrossRunReportMarkdown(report) + } + renderLogsArtifactHint(os.Stderr, logsData.Message) + return nil + + case "console": + // Explicit console format: decorated tables for human reading + if opts.jsonOutput { + if err := renderLogsJSON(logsData, opts.verbose); err != nil { + return fmt.Errorf("failed to render JSON output: %w", err) + } + } else { + renderLogsConsole(logsData) + displayAggregatedGatewayMetrics(processedRuns, opts.outputDir, opts.verbose) + displayUnifiedTimeline(processedRuns, opts.verbose) + if opts.toolGraph { + generateToolGraph(processedRuns, opts.verbose) + } + renderLogsArtifactHint(os.Stderr, logsData.Message) + } + return nil + } + + // Default: compact format optimised for agentic consumption + if opts.jsonOutput { + if err := renderLogsJSON(logsData, opts.verbose); err != nil { + return fmt.Errorf("failed to render JSON output: %w", err) + } + } else { + if opts.verbose { + renderLogsCompactVerbose(logsData) + } else { + renderLogsCompact(logsData) + } + } + + return nil +} + +// renderLogsArtifactHint writes a [hint] line to w when message is non-empty. +func renderLogsArtifactHint(w *os.File, message string) { + if message == "" { + return + } + fmt.Fprintf(w, "[hint] %s\n", message) +} diff --git a/pkg/cli/logs_orchestrator_stdin.go b/pkg/cli/logs_orchestrator_stdin.go new file mode 100644 index 00000000000..4a9f3abc350 --- /dev/null +++ b/pkg/cli/logs_orchestrator_stdin.go @@ -0,0 +1,229 @@ +// This file provides command-line interface functionality for gh-aw. +// This file (logs_orchestrator_stdin.go) contains DownloadWorkflowLogsFromStdin, +// the stdin-driven run-discovery and processing path used when --stdin is passed +// to the logs command. + +package cli + +import ( + "context" + "fmt" + "os" + "path/filepath" + "strings" + "time" + + "github.com/github/gh-aw/pkg/console" + "github.com/github/gh-aw/pkg/fileutil" + "github.com/github/gh-aw/pkg/parser" +) + +// DownloadWorkflowLogsFromStdin fetches and processes workflow run logs for runs +// provided as IDs or URLs, bypassing the GitHub API run-discovery step. +// This is used when the --stdin flag is passed to the logs command. +func DownloadWorkflowLogsFromStdin(ctx context.Context, opts StdinLogsOptions) error { + logsOrchestratorLog.Printf("Starting stdin log download: runs=%d, outputDir=%s", len(opts.RunURLs), opts.OutputDir) + + if err := ValidateArtifactSets(opts.ArtifactSets); err != nil { + return err + } + artifactFilter := ResolveArtifactFilter(opts.ArtifactSets) + if len(artifactFilter) > 0 { + logsOrchestratorLog.Printf("Artifact filter active: %v", artifactFilter) + if opts.Verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage("Artifact filter: downloading only "+strings.Join(artifactFilter, ", "))) + } + } + + if err := ensureLogsGitignore(); err != nil { + logsOrchestratorLog.Printf("Failed to ensure logs .gitignore: %v", err) + if opts.Verbose { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to ensure .github/aw/logs/.gitignore: %v", err))) + } + } + + select { + case <-ctx.Done(): + fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Operation cancelled")) + return ctx.Err() + default: + } + + if len(opts.RunURLs) == 0 { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage("No run IDs or URLs provided on stdin")) + return nil + } + + // Parse owner/repo (and optional GHES host) from --repo override if provided. + // Accepted formats: "owner/repo" or "HOST/owner/repo". + var hostOverride, ownerOverride, repoNameOverride string + if opts.RepoOverride != "" { + parts := strings.SplitN(opts.RepoOverride, "/", 3) + switch len(parts) { + case 3: // HOST/owner/repo + if parts[0] == "" || parts[1] == "" || parts[2] == "" { + return fmt.Errorf("invalid repository format '%s': expected '[HOST/]owner/repo'", opts.RepoOverride) + } + hostOverride, ownerOverride, repoNameOverride = parts[0], parts[1], parts[2] + case 2: // owner/repo + if parts[0] == "" || parts[1] == "" { + return fmt.Errorf("invalid repository format '%s': expected '[HOST/]owner/repo'", opts.RepoOverride) + } + ownerOverride, repoNameOverride = parts[0], parts[1] + default: + return fmt.Errorf("invalid repository format '%s': expected '[HOST/]owner/repo'", opts.RepoOverride) + } + } + + // Start timeout timer if specified. + var startTime time.Time + if opts.Timeout > 0 { + startTime = time.Now() + if opts.Verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Timeout set to %d minutes", opts.Timeout))) + } + } + + if opts.Verbose { + fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Fetching metadata for %d runs from stdin...", len(opts.RunURLs)))) + } + + // Build WorkflowRun objects by fetching metadata for each provided URL. + var runs []WorkflowRun + for _, rawURL := range opts.RunURLs { + select { + case <-ctx.Done(): + fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Operation cancelled")) + return ctx.Err() + default: + } + + if opts.Timeout > 0 && time.Since(startTime).Seconds() >= float64(opts.Timeout)*60 { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Timeout reached before all run metadata could be fetched")) + break + } + + components, err := parser.ParseRunURLExtended(rawURL) + if err != nil { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Skipping invalid run %q: %v", rawURL, err))) + continue + } + + // Prefer owner/repo embedded in the URL; fall back to --repo override. + // If neither source provides owner, the run cannot be fetched — return an + // actionable error rather than silently continuing with a broken API call. + owner := components.Owner + repo := components.Repo + host := components.Host + if owner == "" { + owner = ownerOverride + repo = repoNameOverride + if host == "" { + host = hostOverride + } + } + if owner == "" { + return fmt.Errorf("run %q does not include repository information; pass --repo owner/repo or provide full run URLs", rawURL) + } + + run, err := fetchWorkflowRunMetadata(ctx, components.Number, owner, repo, host, opts.Verbose) + if err != nil { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Skipping run %d: failed to fetch metadata: %v", components.Number, err))) + continue + } + runs = append(runs, run) + } + + if len(runs) == 0 { + if opts.JSONOutput { + logsData := buildLogsData([]ProcessedRun{}, opts.OutputDir, nil) + logsData.Message = "No runs found. No valid runs could be loaded from the provided input." + if err := renderLogsJSON(logsData, opts.Verbose); err != nil { + return fmt.Errorf("failed to render JSON output: %w", err) + } + } + fmt.Fprintln(os.Stderr, console.FormatWarningMessage("No valid runs could be loaded from stdin")) + return nil + } + + // Download artifacts for all runs concurrently. + downloadResults := downloadRunArtifactsConcurrent(ctx, runs, opts.OutputDir, opts.Verbose, len(runs), opts.RepoOverride, artifactFilter) + + filters := runFilterOpts{ + engine: opts.Engine, + noStaged: opts.NoStaged, + firewallOnly: opts.FirewallOnly, + noFirewall: opts.NoFirewall, + safeOutputType: opts.SafeOutputType, + filteredIntegrity: opts.FilteredIntegrity, + } + + // Process download results applying the same filters as DownloadWorkflowLogs. + var processedRuns []ProcessedRun + for _, result := range downloadResults { + if result.Skipped { + if opts.Verbose && result.Error != nil { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Skipping run %d: %v", result.Run.DatabaseID, result.Error))) + } + continue + } + + if result.Error != nil { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to download artifacts for run %d: %v", result.Run.DatabaseID, result.Error))) + continue + } + + if applyRunFilters(result, filters, opts.Verbose) { + continue + } + + processedRun := buildProcessedRun(result, opts.Verbose) + + if opts.Parse { + awInfoPath := filepath.Join(result.LogsPath, "aw_info.json") + detectedEngine := extractEngineFromAwInfo(awInfoPath, opts.Verbose) + if err := parseAgentLog(result.LogsPath, detectedEngine, opts.Verbose); err != nil { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse log for run %d: %v", processedRun.Run.DatabaseID, err))) + } else { + logMdPath := filepath.Join(result.LogsPath, "log.md") + if fileutil.FileExists(logMdPath) { + fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed log for run %d → %s", processedRun.Run.DatabaseID, logMdPath))) + } + } + if err := parseFirewallLogs(result.LogsPath, opts.Verbose); err != nil { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Failed to parse firewall logs for run %d: %v", processedRun.Run.DatabaseID, err))) + } else { + firewallMdPath := filepath.Join(result.LogsPath, "firewall.md") + if fileutil.FileExists(firewallMdPath) { + fmt.Fprintln(os.Stderr, console.FormatSuccessMessage(fmt.Sprintf("✓ Parsed firewall logs for run %d → %s", processedRun.Run.DatabaseID, firewallMdPath))) + } + } + } + + processedRuns = append(processedRuns, processedRun) + } + + if len(processedRuns) == 0 { + if opts.JSONOutput { + logsData := buildLogsData([]ProcessedRun{}, opts.OutputDir, nil) + logsData.Message = "No runs found matching the specified criteria." + if err := renderLogsJSON(logsData, opts.Verbose); err != nil { + return fmt.Errorf("failed to render JSON output: %w", err) + } + } + fmt.Fprintln(os.Stderr, console.FormatWarningMessage("No workflow runs with artifacts found matching the specified criteria")) + return nil + } + + return renderLogsOutput(processedRuns, renderLogsOutputOptions{ + outputDir: opts.OutputDir, + summaryFile: opts.SummaryFile, + format: opts.Format, + reportFile: opts.ReportFile, + jsonOutput: opts.JSONOutput, + toolGraph: opts.ToolGraph, + train: opts.Train, + verbose: opts.Verbose, + artifactFilter: artifactFilter, + }) +} diff --git a/pkg/cli/logs_orchestrator_types.go b/pkg/cli/logs_orchestrator_types.go new file mode 100644 index 00000000000..2bcc8dcf60d --- /dev/null +++ b/pkg/cli/logs_orchestrator_types.go @@ -0,0 +1,87 @@ +// This file provides command-line interface functionality for gh-aw. +// This file (logs_orchestrator_types.go) contains type definitions used by the +// logs orchestrator: option structs for public API functions and internal helper types. + +package cli + +// LogsDownloadOptions holds parameters for DownloadWorkflowLogs. +type LogsDownloadOptions struct { + WorkflowName string + Count int + StartDate string + EndDate string + OutputDir string + Engine string + Ref string + BeforeRunID int64 + AfterRunID int64 + RepoOverride string + Verbose bool + ToolGraph bool + NoStaged bool + FirewallOnly bool + NoFirewall bool + Parse bool + JSONOutput bool + TimeoutMinutes int + SummaryFile string + SafeOutputType string + FilteredIntegrity bool + Train bool + Format string + ArtifactSets []string + After string + ReportFile string +} + +// StdinLogsOptions holds parameters for DownloadWorkflowLogsFromStdin. +type StdinLogsOptions struct { + RunURLs []string + OutputDir string + Engine string + RepoOverride string + Verbose bool + ToolGraph bool + NoStaged bool + FirewallOnly bool + NoFirewall bool + Parse bool + JSONOutput bool + Timeout int + SummaryFile string + SafeOutputType string + FilteredIntegrity bool + Train bool + Format string + ReportFile string + // ArtifactSets defaults to nil (download all artifacts) when this API is used + // programmatically. The CLI passes ["usage"] to match the logs command default. + ArtifactSets []string +} + +// continuationOptions carries the parameters needed by buildContinuationIfNeeded +// to produce a ContinuationData cursor for paginated log fetches. +type continuationOptions struct { + workflowName string + startDate string + endDate string + engine string + branch string + afterRunID int64 + count int + timeoutMinutes int +} + +// renderLogsOutputOptions holds configuration for renderLogsOutput. +type renderLogsOutputOptions struct { + outputDir string + summaryFile string + format string + reportFile string + jsonOutput bool + toolGraph bool + train bool + continuation *ContinuationData + verbose bool + artifactFilter []string +} From 002b7bf251483de04dd5498e6d5797332da47d83 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Jul 2026 14:57:33 +0000 Subject: [PATCH 3/7] fix: correct spelling optimization in comment Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/cli/logs_orchestrator_filters.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cli/logs_orchestrator_filters.go b/pkg/cli/logs_orchestrator_filters.go index f9f671b9400..99d1788d31c 100644 --- a/pkg/cli/logs_orchestrator_filters.go +++ b/pkg/cli/logs_orchestrator_filters.go @@ -38,7 +38,7 @@ func matchEngineFilter(awInfo *AwInfo, awInfoErr error, filterEngine string) (bo // It parses aw_info.json once (lazily) when any filter that needs it is active. // Returns true when the run should be skipped / excluded from results. func applyRunFilters(result DownloadResult, opts runFilterOpts, verbose bool) bool { - // Parse aw_info.json once for all filters that need it (optimisation). + // Parse aw_info.json once for all filters that need it (optimization). var awInfo *AwInfo var awInfoErr error if opts.engine != "" || opts.noStaged || opts.firewallOnly || opts.noFirewall { From e6856d247ef2d573005ccc5709edb853bd25efda Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 7 Jul 2026 17:04:03 +0000 Subject: [PATCH 4/7] docs(adr): add draft ADR-44051 for logs_orchestrator file split Co-Authored-By: Claude Sonnet 4.6 --- ...split-logs-orchestrator-focused-modules.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 docs/adr/44051-split-logs-orchestrator-focused-modules.md diff --git a/docs/adr/44051-split-logs-orchestrator-focused-modules.md b/docs/adr/44051-split-logs-orchestrator-focused-modules.md new file mode 100644 index 00000000000..bc50b9e2d84 --- /dev/null +++ b/docs/adr/44051-split-logs-orchestrator-focused-modules.md @@ -0,0 +1,45 @@ +# ADR-44051: Split logs_orchestrator.go into Focused Modules + +**Date**: 2026-07-07 +**Status**: Draft +**Deciders**: Unknown (generated from PR #44051 diff) + +--- + +### Context + +`pkg/cli/logs_orchestrator.go` had grown to 1284 lines, mixing orchestration, filter logic, type definitions, output rendering, and stdin processing in a single file. Approximately 150 lines of run-filter logic and `ProcessedRun` construction were duplicated verbatim between `DownloadWorkflowLogs` and `DownloadWorkflowLogsFromStdin`. Any bug fix or behavioral change to the filter pipeline had to be applied in two places, creating an active maintenance risk. The codebase uses the `pkg/cli` package for all command-line surface area; Go does not require splitting a package across multiple files, but readability and testability suffer when a single file grows past ~300–400 lines. + +### Decision + +We will split `logs_orchestrator.go` into five focused files within the same `cli` package: `logs_orchestrator_types.go` (option structs and internal types), `logs_orchestrator_filters.go` (filter helpers `applyRunFilters` and `buildProcessedRun`), `logs_orchestrator_render.go` (output rendering), `logs_orchestrator_stdin.go` (`DownloadWorkflowLogsFromStdin`), and a trimmed `logs_orchestrator.go` retaining only the pagination loop and `DownloadWorkflowLogs`. The public API (`DownloadWorkflowLogs`, `DownloadWorkflowLogsFromStdin`, `LogsDownloadOptions`, `StdinLogsOptions`) is unchanged. Unit tests for the newly extracted helpers are added in `logs_orchestrator_filters_test.go`. + +### Alternatives Considered + +#### Alternative 1: Deduplicate helpers without file splitting + +Introduce `applyRunFilters` and `buildProcessedRun` as private helpers inside `logs_orchestrator.go` without moving any code to new files. This eliminates the duplication and is the minimal change, but the file would remain ~900 lines with type definitions, rendering, stdin processing, and the core pagination loop still entangled. Navigation and isolated testing of each concern would still be difficult. + +#### Alternative 2: Move each concern into a separate Go package + +Create sub-packages such as `pkg/cli/logsfilters` and `pkg/cli/logsrender`. This enforces hard encapsulation boundaries at the package level and prevents accidental coupling. However, it requires exporting all shared types (e.g., `DownloadResult`, `ProcessedRun`) that are currently package-private, widens the public API surface, and increases the cost of future changes that cross the new package boundaries. Given the single-package nature of the CLI layer, the encapsulation benefit does not justify the added complexity. + +### Consequences + +#### Positive +- Eliminates ~150 lines of duplicated filter and `ProcessedRun` construction code, so future filter changes are applied once and tested once. +- Smaller, single-concern files (87–252 lines each) are faster to navigate, review, and modify independently. +- The new `applyRunFilters` and `buildProcessedRun` helpers are directly unit-testable without exercising the full download pipeline. +- No callers outside the package need to change; the public API is stable. + +#### Negative +- Tracing the complete logic for a single download path (e.g., `DownloadWorkflowLogs`) now requires opening multiple files rather than scrolling within one. +- If the filter semantics for the stdin path and the standard path ever need to diverge significantly, the shared `applyRunFilters` function becomes a constraint that must be refactored. + +#### Neutral +- All five files remain in `package cli`; there is no package boundary or import-cycle risk introduced. +- The `logs_orchestrator_filters_test.go` file uses `package cli` (not `package cli_test`), so it retains access to package-private identifiers needed to construct test fixtures. + +--- + +*ADR created by [adr-writer agent]. Review and finalize before changing status from Draft to Accepted.* From 8745ff9f38db5ebb4fc6d04030ee911d4e4cc482 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Jul 2026 21:05:44 +0000 Subject: [PATCH 5/7] fix: address logs orchestrator review feedback Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com> --- pkg/cli/audit_cross_run_render.go | 149 ++++++++++++---------- pkg/cli/logs_orchestrator.go | 2 +- pkg/cli/logs_orchestrator_filters.go | 8 +- pkg/cli/logs_orchestrator_filters_test.go | 66 +++++++++- pkg/cli/logs_orchestrator_render.go | 5 +- pkg/cli/logs_orchestrator_stdin.go | 2 +- 6 files changed, 146 insertions(+), 86 deletions(-) diff --git a/pkg/cli/audit_cross_run_render.go b/pkg/cli/audit_cross_run_render.go index f840ab8ce1b..4e698ffd068 100644 --- a/pkg/cli/audit_cross_run_render.go +++ b/pkg/cli/audit_cross_run_render.go @@ -3,6 +3,7 @@ package cli import ( "encoding/json" "fmt" + "io" "os" "strconv" "strings" @@ -25,157 +26,165 @@ func renderCrossRunReportJSON(report *CrossRunAuditReport) error { // renderCrossRunReportMarkdown outputs the cross-run report as Markdown to stdout. func renderCrossRunReportMarkdown(report *CrossRunAuditReport) { + renderCrossRunReportMarkdownToWriter(os.Stdout, report) +} + +func renderCrossRunReportMarkdownToWriter(w io.Writer, report *CrossRunAuditReport) { crossRunRenderLog.Printf("Rendering cross-run report as markdown: runs_analyzed=%d, domains=%d", report.RunsAnalyzed, len(report.DomainInventory)) - fmt.Fprintln(os.Stdout, "# Audit Report — Cross-Run Analysis") - fmt.Fprintln(os.Stdout) - - renderMarkdownExecutiveSummary(report) - renderMarkdownMetricsTrend(report.MetricsTrend) - renderMarkdownMCPHealth(report) - renderMarkdownErrorTrend(report) - renderMarkdownDomainInventory(report) - renderMarkdownDrain3Insights(report.Drain3Insights) - renderMarkdownPerRunBreakdown(report.PerRunBreakdown) + fmt.Fprintln(w, "# Audit Report — Cross-Run Analysis") + fmt.Fprintln(w) + + renderMarkdownExecutiveSummaryToWriter(w, report) + renderMarkdownMetricsTrendToWriter(w, report.MetricsTrend) + renderMarkdownMCPHealthToWriter(w, report) + renderMarkdownErrorTrendToWriter(w, report) + renderMarkdownDomainInventoryToWriter(w, report) + renderMarkdownDrain3InsightsToWriter(w, report.Drain3Insights) + renderMarkdownPerRunBreakdownToWriter(w, report.PerRunBreakdown) } -func renderMarkdownExecutiveSummary(report *CrossRunAuditReport) { - fmt.Fprintln(os.Stdout, "## Executive Summary") - fmt.Fprintln(os.Stdout) - fmt.Fprintf(os.Stdout, "| Metric | Value |\n") - fmt.Fprintf(os.Stdout, "|--------|-------|\n") - fmt.Fprintf(os.Stdout, "| Runs analyzed | %d |\n", report.RunsAnalyzed) - fmt.Fprintf(os.Stdout, "| Runs with firewall data | %d |\n", report.RunsWithData) - fmt.Fprintf(os.Stdout, "| Runs without firewall data | %d |\n", report.RunsWithoutData) - fmt.Fprintf(os.Stdout, "| Total requests | %d |\n", report.Summary.TotalRequests) - fmt.Fprintf(os.Stdout, "| Allowed requests | %d |\n", report.Summary.TotalAllowed) - fmt.Fprintf(os.Stdout, "| Blocked requests | %d |\n", report.Summary.TotalBlocked) - fmt.Fprintf(os.Stdout, "| Overall denial rate | %.1f%% |\n", report.Summary.OverallDenyRate*100) - fmt.Fprintf(os.Stdout, "| Unique domains | %d |\n", report.Summary.UniqueDomains) - fmt.Fprintln(os.Stdout) +func renderMarkdownExecutiveSummaryToWriter(w io.Writer, report *CrossRunAuditReport) { + fmt.Fprintln(w, "## Executive Summary") + fmt.Fprintln(w) + fmt.Fprintf(w, "| Metric | Value |\n") + fmt.Fprintf(w, "|--------|-------|\n") + fmt.Fprintf(w, "| Runs analyzed | %d |\n", report.RunsAnalyzed) + fmt.Fprintf(w, "| Runs with firewall data | %d |\n", report.RunsWithData) + fmt.Fprintf(w, "| Runs without firewall data | %d |\n", report.RunsWithoutData) + fmt.Fprintf(w, "| Total requests | %d |\n", report.Summary.TotalRequests) + fmt.Fprintf(w, "| Allowed requests | %d |\n", report.Summary.TotalAllowed) + fmt.Fprintf(w, "| Blocked requests | %d |\n", report.Summary.TotalBlocked) + fmt.Fprintf(w, "| Overall denial rate | %.1f%% |\n", report.Summary.OverallDenyRate*100) + fmt.Fprintf(w, "| Unique domains | %d |\n", report.Summary.UniqueDomains) + fmt.Fprintln(w) } func renderMarkdownMetricsTrend(mt MetricsTrendData) { + renderMarkdownMetricsTrendToWriter(os.Stdout, mt) +} + +func renderMarkdownMetricsTrendToWriter(w io.Writer, mt MetricsTrendData) { if mt.TotalTokens == 0 && mt.TotalTurns == 0 && mt.AvgDurationNs == 0 { return } - fmt.Fprintln(os.Stdout, "## Metrics Trends") - fmt.Fprintln(os.Stdout) - fmt.Fprintf(os.Stdout, "| Metric | Total | Avg/run | Min | Max | Spikes |\n") - fmt.Fprintf(os.Stdout, "|--------|-------|---------|-----|-----|--------|\n") + fmt.Fprintln(w, "## Metrics Trends") + fmt.Fprintln(w) + fmt.Fprintf(w, "| Metric | Total | Avg/run | Min | Max | Spikes |\n") + fmt.Fprintf(w, "|--------|-------|---------|-----|-----|--------|\n") if mt.TotalTokens > 0 { spikes := "—" if len(mt.TokenSpikes) > 0 { spikes = "⚠ " + formatRunIDs(mt.TokenSpikes) } - fmt.Fprintf(os.Stdout, "| Token Trend | %d | %d | %d | %d | %s |\n", + fmt.Fprintf(w, "| Token Trend | %d | %d | %d | %d | %s |\n", mt.TotalTokens, mt.AvgTokens, mt.MinTokens, mt.MaxTokens, spikes) } if mt.TotalTurns > 0 { - fmt.Fprintf(os.Stdout, "| Turns | %d | %.1f | — | %d | — |\n", + fmt.Fprintf(w, "| Turns | %d | %.1f | — | %d | — |\n", mt.TotalTurns, mt.AvgTurns, mt.MaxTurns) } if mt.AvgDurationNs > 0 { - fmt.Fprintf(os.Stdout, "| Duration | — | %s | %s | %s | — |\n", + fmt.Fprintf(w, "| Duration | — | %s | %s | %s | — |\n", timeutil.FormatDurationNs(mt.AvgDurationNs), timeutil.FormatDurationNs(mt.MinDurationNs), timeutil.FormatDurationNs(mt.MaxDurationNs)) } - fmt.Fprintln(os.Stdout) + fmt.Fprintln(w) } -func renderMarkdownMCPHealth(report *CrossRunAuditReport) { +func renderMarkdownMCPHealthToWriter(w io.Writer, report *CrossRunAuditReport) { if len(report.MCPHealth) == 0 { return } - fmt.Fprintf(os.Stdout, "## MCP Server Health (%d runs)\n\n", report.RunsAnalyzed) - fmt.Fprintf(os.Stdout, "| Server | Connected | Error Rate | Total Calls | Errors | Status |\n") - fmt.Fprintf(os.Stdout, "|--------|-----------|------------|-------------|--------|--------|\n") + fmt.Fprintf(w, "## MCP Server Health (%d runs)\n\n", report.RunsAnalyzed) + fmt.Fprintf(w, "| Server | Connected | Error Rate | Total Calls | Errors | Status |\n") + fmt.Fprintf(w, "|--------|-----------|------------|-------------|--------|--------|\n") for _, h := range report.MCPHealth { status := "✅ ok" if h.Unreliable { status = "⚠ unreliable" } - fmt.Fprintf(os.Stdout, "| `%s` | %d/%d | %.1f%% | %d | %d | %s |\n", + fmt.Fprintf(w, "| `%s` | %d/%d | %.1f%% | %d | %d | %s |\n", h.ServerName, h.RunsConnected, h.TotalRuns, h.ErrorRate*100, h.TotalCalls, h.TotalErrors, status) } - fmt.Fprintln(os.Stdout) + fmt.Fprintln(w) } -func renderMarkdownErrorTrend(report *CrossRunAuditReport) { +func renderMarkdownErrorTrendToWriter(w io.Writer, report *CrossRunAuditReport) { et := report.ErrorTrend if et.TotalErrors == 0 && et.TotalWarnings == 0 { return } - fmt.Fprintln(os.Stdout, "## Error Trend") - fmt.Fprintln(os.Stdout) - fmt.Fprintf(os.Stdout, "| Metric | Value |\n") - fmt.Fprintf(os.Stdout, "|--------|-------|\n") - fmt.Fprintf(os.Stdout, "| Runs with errors | %d/%d (%.0f%%) |\n", + fmt.Fprintln(w, "## Error Trend") + fmt.Fprintln(w) + fmt.Fprintf(w, "| Metric | Value |\n") + fmt.Fprintf(w, "|--------|-------|\n") + fmt.Fprintf(w, "| Runs with errors | %d/%d (%.0f%%) |\n", et.RunsWithErrors, report.RunsAnalyzed, safePercent(et.RunsWithErrors, report.RunsAnalyzed)) - fmt.Fprintf(os.Stdout, "| Total errors | %d |\n", et.TotalErrors) - fmt.Fprintf(os.Stdout, "| Avg errors/run | %.2f |\n", et.AvgErrorsPerRun) + fmt.Fprintf(w, "| Total errors | %d |\n", et.TotalErrors) + fmt.Fprintf(w, "| Avg errors/run | %.2f |\n", et.AvgErrorsPerRun) if et.TotalWarnings > 0 { - fmt.Fprintf(os.Stdout, "| Runs with warnings | %d/%d |\n", et.RunsWithWarnings, report.RunsAnalyzed) - fmt.Fprintf(os.Stdout, "| Total warnings | %d |\n", et.TotalWarnings) + fmt.Fprintf(w, "| Runs with warnings | %d/%d |\n", et.RunsWithWarnings, report.RunsAnalyzed) + fmt.Fprintf(w, "| Total warnings | %d |\n", et.TotalWarnings) } - fmt.Fprintln(os.Stdout) + fmt.Fprintln(w) } -func renderMarkdownDomainInventory(report *CrossRunAuditReport) { +func renderMarkdownDomainInventoryToWriter(w io.Writer, report *CrossRunAuditReport) { if len(report.DomainInventory) == 0 { return } - fmt.Fprintln(os.Stdout, "## Domain Inventory") - fmt.Fprintln(os.Stdout) - fmt.Fprintf(os.Stdout, "| Domain | Status | Seen In | Allowed | Blocked |\n") - fmt.Fprintf(os.Stdout, "|--------|--------|---------|---------|--------|\n") + fmt.Fprintln(w, "## Domain Inventory") + fmt.Fprintln(w) + fmt.Fprintf(w, "| Domain | Status | Seen In | Allowed | Blocked |\n") + fmt.Fprintf(w, "|--------|--------|---------|---------|--------|\n") for _, entry := range report.DomainInventory { - fmt.Fprintf(os.Stdout, "| `%s` | %s %s | %d/%d runs | %d | %d |\n", + fmt.Fprintf(w, "| `%s` | %s %s | %d/%d runs | %d | %d |\n", entry.Domain, firewallStatusEmoji(entry.OverallStatus), entry.OverallStatus, entry.SeenInRuns, report.RunsAnalyzed, entry.TotalAllowed, entry.TotalBlocked) } - fmt.Fprintln(os.Stdout) + fmt.Fprintln(w) } -func renderMarkdownDrain3Insights(insights []ObservabilityInsight) { +func renderMarkdownDrain3InsightsToWriter(w io.Writer, insights []ObservabilityInsight) { if len(insights) == 0 { return } crossRunRenderLog.Printf("Rendering markdown drain3 insights: count=%d", len(insights)) - fmt.Fprintln(os.Stdout, "## Agent Event Pattern Analysis") - fmt.Fprintln(os.Stdout) - fmt.Fprintf(os.Stdout, "| Severity | Category | Title | Summary |\n") - fmt.Fprintf(os.Stdout, "|----------|----------|-------|--------|\n") + fmt.Fprintln(w, "## Agent Event Pattern Analysis") + fmt.Fprintln(w) + fmt.Fprintf(w, "| Severity | Category | Title | Summary |\n") + fmt.Fprintf(w, "|----------|----------|-------|--------|\n") for _, insight := range insights { summary := insight.Summary if insight.Evidence != "" { summary += " (" + insight.Evidence + ")" } - fmt.Fprintf(os.Stdout, "| %s %s | %s | %s | %s |\n", + fmt.Fprintf(w, "| %s %s | %s | %s | %s |\n", renderSeverityIcon(insight.Severity), insight.Severity, insight.Category, insight.Title, summary) } - fmt.Fprintln(os.Stdout) + fmt.Fprintln(w) } -func renderMarkdownPerRunBreakdown(runs []PerRunFirewallBreakdown) { +func renderMarkdownPerRunBreakdownToWriter(w io.Writer, runs []PerRunFirewallBreakdown) { if len(runs) == 0 { return } - fmt.Fprintln(os.Stdout, "## Per-Run Breakdown") - fmt.Fprintln(os.Stdout) - fmt.Fprintf(os.Stdout, "| Run ID | Workflow | Conclusion | Duration | Firewall | Tokens | Turns | MCP Err | Errors |\n") - fmt.Fprintf(os.Stdout, "|--------|----------|------------|----------|----------|--------|-------|---------|--------|\n") + fmt.Fprintln(w, "## Per-Run Breakdown") + fmt.Fprintln(w) + fmt.Fprintf(w, "| Run ID | Workflow | Conclusion | Duration | Firewall | Tokens | Turns | MCP Err | Errors |\n") + fmt.Fprintf(w, "|--------|----------|------------|----------|----------|--------|-------|---------|--------|\n") for _, run := range runs { firewallCol, tokenStr, turnsStr, durStr := markdownPerRunFields(run) - fmt.Fprintf(os.Stdout, "| %d | %s | %s | %s | %s | %s | %s | %d | %d |\n", + fmt.Fprintf(w, "| %d | %s | %s | %s | %s | %s | %s | %d | %d |\n", run.RunID, run.WorkflowName, run.Conclusion, durStr, firewallCol, tokenStr, turnsStr, run.MCPErrors, run.ErrorCount) } - fmt.Fprintln(os.Stdout) + fmt.Fprintln(w) } func markdownPerRunFields(run PerRunFirewallBreakdown) (string, string, string, string) { diff --git a/pkg/cli/logs_orchestrator.go b/pkg/cli/logs_orchestrator.go index 498dfb7c377..f6cafba3d5e 100644 --- a/pkg/cli/logs_orchestrator.go +++ b/pkg/cli/logs_orchestrator.go @@ -463,7 +463,7 @@ outerLoop: continue } - processedRun := buildProcessedRun(result, verbose) + processedRun := buildProcessedRun(result, verbose, true) // If --parse flag is set, parse the agent log and write to log.md if parse { diff --git a/pkg/cli/logs_orchestrator_filters.go b/pkg/cli/logs_orchestrator_filters.go index 99d1788d31c..252c3f2e819 100644 --- a/pkg/cli/logs_orchestrator_filters.go +++ b/pkg/cli/logs_orchestrator_filters.go @@ -24,6 +24,8 @@ type runFilterOpts struct { filteredIntegrity bool } +var fetchJobStatusesForProcessedRun = fetchJobStatuses + // matchEngineFilter checks whether the run recorded in awInfo matches the // requested engine filter string. It returns (matches, detectedEngineID). // detectedEngineID is "" when awInfo is unavailable or carries no engine_id. @@ -134,7 +136,7 @@ func applyRunFilters(result DownloadResult, opts runFilterOpts, verbose bool) bo // buildProcessedRun constructs a ProcessedRun from a DownloadResult, computing // duration, action minutes, effective tokens, and job-failure counts. -func buildProcessedRun(result DownloadResult, verbose bool) ProcessedRun { +func buildProcessedRun(result DownloadResult, verbose, logFailedJobs bool) ProcessedRun { run := result.Run run.TokenUsage = result.Metrics.TokenUsage applyMetricsTurnsToRun(&run, result.Metrics) @@ -149,9 +151,9 @@ func buildProcessedRun(result DownloadResult, verbose bool) ProcessedRun { } // Add failed jobs to error count. - if failedJobCount, err := fetchJobStatuses(run.DatabaseID, verbose); err == nil { + if failedJobCount, err := fetchJobStatusesForProcessedRun(run.DatabaseID, verbose); err == nil { run.ErrorCount += failedJobCount - if verbose && failedJobCount > 0 { + if verbose && logFailedJobs && failedJobCount > 0 { fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("Added %d failed jobs to error count for run %d", failedJobCount, run.DatabaseID))) } } diff --git a/pkg/cli/logs_orchestrator_filters_test.go b/pkg/cli/logs_orchestrator_filters_test.go index 30207f033af..4aa1dd42650 100644 --- a/pkg/cli/logs_orchestrator_filters_test.go +++ b/pkg/cli/logs_orchestrator_filters_test.go @@ -12,6 +12,15 @@ import ( "github.com/stretchr/testify/require" ) +func stubFetchJobStatusesForProcessedRun(t *testing.T, fn func(int64, bool) (int, error)) { + t.Helper() + previous := fetchJobStatusesForProcessedRun + fetchJobStatusesForProcessedRun = fn + t.Cleanup(func() { + fetchJobStatusesForProcessedRun = previous + }) +} + // makeDownloadResult creates a DownloadResult pointing at a temporary directory // that optionally contains an aw_info.json file. func makeDownloadResult(t *testing.T, awInfoJSON string) DownloadResult { @@ -176,11 +185,34 @@ func TestApplyRunFilters_SafeOutputType(t *testing.T) { }) } +func TestApplyRunFilters_FilteredIntegrity(t *testing.T) { + t.Run("gateway log with DIFC filtered event passes", func(t *testing.T) { + tmpDir := t.TempDir() + gatewayLog := `{"timestamp":"2025-01-01T00:00:00Z","type":"DIFC_FILTERED","server_id":"github","tool_name":"create_issue","reason":"integrity"}` + "\n" + require.NoError(t, os.WriteFile(filepath.Join(tmpDir, "gateway.jsonl"), []byte(gatewayLog), 0644)) + result := DownloadResult{Run: WorkflowRun{DatabaseID: 5}, LogsPath: tmpDir} + + skip := applyRunFilters(result, runFilterOpts{filteredIntegrity: true}, false) + + assert.False(t, skip) + }) + + t.Run("missing gateway logs are skipped", func(t *testing.T) { + result := makeDownloadResult(t, "") + + skip := applyRunFilters(result, runFilterOpts{filteredIntegrity: true}, false) + + assert.True(t, skip) + }) +} + // TestBuildProcessedRun verifies that buildProcessedRun correctly populates // the ProcessedRun fields from a DownloadResult. func TestBuildProcessedRun(t *testing.T) { t.Run("basic fields are propagated", func(t *testing.T) { + stubFetchJobStatusesForProcessedRun(t, func(int64, bool) (int, error) { return 0, nil }) now := time.Now() + tmpDir := t.TempDir() awCtx := &AwContext{Repo: "owner/repo"} result := DownloadResult{ Run: WorkflowRun{ @@ -188,20 +220,21 @@ func TestBuildProcessedRun(t *testing.T) { StartedAt: now.Add(-5 * time.Minute), UpdatedAt: now, }, - LogsPath: "/tmp/test-run", + LogsPath: tmpDir, AwContext: awCtx, } - pr := buildProcessedRun(result, false) + pr := buildProcessedRun(result, false, false) assert.Equal(t, int64(1234), pr.Run.DatabaseID) - assert.Equal(t, "/tmp/test-run", pr.Run.LogsPath) + assert.Equal(t, tmpDir, pr.Run.LogsPath) assert.Equal(t, awCtx, pr.AwContext) assert.Equal(t, 0, pr.Run.ErrorCount) assert.Equal(t, 0, pr.Run.WarningCount) }) t.Run("duration and action minutes are computed", func(t *testing.T) { + stubFetchJobStatusesForProcessedRun(t, func(int64, bool) (int, error) { return 0, nil }) base := time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC) result := DownloadResult{ Run: WorkflowRun{ @@ -212,41 +245,60 @@ func TestBuildProcessedRun(t *testing.T) { LogsPath: t.TempDir(), } - pr := buildProcessedRun(result, false) + pr := buildProcessedRun(result, false, false) assert.Equal(t, 90*time.Second, pr.Run.Duration) assert.InDelta(t, 2.0, pr.Run.ActionMinutes, 0.001) // ceil(1.5) = 2 }) t.Run("zero timestamps leave duration unset", func(t *testing.T) { + stubFetchJobStatusesForProcessedRun(t, func(int64, bool) (int, error) { return 0, nil }) result := DownloadResult{ Run: WorkflowRun{DatabaseID: 7}, LogsPath: t.TempDir(), } - pr := buildProcessedRun(result, false) + pr := buildProcessedRun(result, false, false) assert.Equal(t, time.Duration(0), pr.Run.Duration) assert.InDelta(t, 0.0, pr.Run.ActionMinutes, 0.001) }) t.Run("effective tokens are propagated", func(t *testing.T) { + stubFetchJobStatusesForProcessedRun(t, func(int64, bool) (int, error) { return 0, nil }) usage := &TokenUsageSummary{TotalEffectiveTokens: 5000} result := DownloadResult{ Run: WorkflowRun{DatabaseID: 3}, LogsPath: t.TempDir(), TokenUsage: usage, } - pr := buildProcessedRun(result, false) + pr := buildProcessedRun(result, false, false) assert.Equal(t, 5000, pr.Run.EffectiveTokens) }) t.Run("zero effective tokens not propagated", func(t *testing.T) { + stubFetchJobStatusesForProcessedRun(t, func(int64, bool) (int, error) { return 0, nil }) usage := &TokenUsageSummary{TotalEffectiveTokens: 0} result := DownloadResult{ Run: WorkflowRun{DatabaseID: 4}, LogsPath: t.TempDir(), TokenUsage: usage, } - pr := buildProcessedRun(result, false) + pr := buildProcessedRun(result, false, false) assert.Equal(t, 0, pr.Run.EffectiveTokens) }) + + t.Run("failed job count is added via test seam", func(t *testing.T) { + stubFetchJobStatusesForProcessedRun(t, func(runID int64, verbose bool) (int, error) { + assert.Equal(t, int64(88), runID) + assert.False(t, verbose) + return 2, nil + }) + result := DownloadResult{ + Run: WorkflowRun{DatabaseID: 88}, + LogsPath: t.TempDir(), + } + + pr := buildProcessedRun(result, false, false) + + assert.Equal(t, 2, pr.Run.ErrorCount) + }) } diff --git a/pkg/cli/logs_orchestrator_render.go b/pkg/cli/logs_orchestrator_render.go index f1dbb515ef7..5bd5a7e37ba 100644 --- a/pkg/cli/logs_orchestrator_render.go +++ b/pkg/cli/logs_orchestrator_render.go @@ -101,10 +101,7 @@ func renderLogsOutput(processedRuns []ProcessedRun, opts renderLogsOutputOptions retErr = cerr } }() - oldStdout := os.Stdout - defer func() { os.Stdout = oldStdout }() - os.Stdout = f - renderCrossRunReportMarkdown(report) + renderCrossRunReportMarkdownToWriter(f, report) return nil }(); err != nil { return fmt.Errorf("failed to write report file: %w", err) diff --git a/pkg/cli/logs_orchestrator_stdin.go b/pkg/cli/logs_orchestrator_stdin.go index 4a9f3abc350..8eb5b030b61 100644 --- a/pkg/cli/logs_orchestrator_stdin.go +++ b/pkg/cli/logs_orchestrator_stdin.go @@ -177,7 +177,7 @@ func DownloadWorkflowLogsFromStdin(ctx context.Context, opts StdinLogsOptions) e continue } - processedRun := buildProcessedRun(result, opts.Verbose) + processedRun := buildProcessedRun(result, opts.Verbose, false) if opts.Parse { awInfoPath := filepath.Join(result.LogsPath, "aw_info.json") From 5d230533225c83523b84cd663d2506bb8192da05 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Jul 2026 21:20:43 +0000 Subject: [PATCH 6/7] chore: start PR finisher pass Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com> --- pkg/workflow/schemas/github-workflow.json | 2083 +-------------------- 1 file changed, 2 insertions(+), 2081 deletions(-) diff --git a/pkg/workflow/schemas/github-workflow.json b/pkg/workflow/schemas/github-workflow.json index 9d394757abc..ec0f976491e 100644 --- a/pkg/workflow/schemas/github-workflow.json +++ b/pkg/workflow/schemas/github-workflow.json @@ -1,2081 +1,2 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://json.schemastore.org/github-workflow.json", - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions", - "additionalProperties": false, - "definitions": { - "architecture": { - "type": "string", - "enum": ["ARM32", "x64", "x86"] - }, - "branch": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestbranchestags", - "$ref": "#/definitions/globs", - "description": "When using the push and pull_request events, you can configure a workflow to run on specific branches or tags. If you only define only tags or only branches, the workflow won't run for events affecting the undefined Git ref.\nThe branches, branches-ignore, tags, and tags-ignore keywords accept glob patterns that use the * and ** wildcard characters to match more than one branch or tag name. For more information, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet.\nThe patterns defined in branches and tags are evaluated against the Git ref's name. For example, defining the pattern mona/octocat in branches will match the refs/heads/mona/octocat Git ref. The pattern releases/** will match the refs/heads/releases/10 Git ref.\nYou can use two types of filters to prevent a workflow from running on pushes and pull requests to tags and branches:\n- branches or branches-ignore - You cannot use both the branches and branches-ignore filters for the same event in a workflow. Use the branches filter when you need to filter branches for positive matches and exclude branches. Use the branches-ignore filter when you only need to exclude branch names.\n- tags or tags-ignore - You cannot use both the tags and tags-ignore filters for the same event in a workflow. Use the tags filter when you need to filter tags for positive matches and exclude tags. Use the tags-ignore filter when you only need to exclude tag names.\nYou can exclude tags and branches using the ! character. The order that you define patterns matters.\n- A matching negative pattern (prefixed with !) after a positive match will exclude the Git ref.\n- A matching positive pattern after a negative match will include the Git ref again." - }, - "concurrency": { - "type": "object", - "properties": { - "group": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run-1", - "description": "When a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`.", - "type": "string" - }, - "cancel-in-progress": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run-1", - "description": "To cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ] - }, - "queue": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#example-queueing-multiple-pending-runs", - "description": "Controls how pending jobs or workflow runs are queued within a concurrency group. With the default `single`, at most one run can be pending — additional pending runs cancel the previous one. With `max`, up to 100 runs can be pending and are processed in FIFO order. The combination of `queue: max` and `cancel-in-progress: true` is not allowed.", - "type": "string", - "enum": ["single", "max"], - "default": "single" - } - }, - "required": ["group"], - "additionalProperties": false - }, - "configuration": { - "oneOf": [ - { - "type": "string" - }, - { - "type": "number" - }, - { - "type": "boolean" - }, - { - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/configuration" - } - }, - { - "type": "array", - "items": { - "$ref": "#/definitions/configuration" - } - } - ] - }, - "jobContainer": { - "type": "object", - "properties": { - "image": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainerimage", - "description": "The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a registry name.", - "type": "string" - }, - "credentials": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainercredentials", - "description": "If the image's container registry requires authentication to pull the image, you can use credentials to set a map of the username and password. The credentials are the same values that you would provide to the `docker login` command.", - "type": "object", - "properties": { - "username": { - "type": "string" - }, - "password": { - "type": "string" - } - } - }, - "env": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainerenv", - "$ref": "#/definitions/env", - "description": "Sets a map of environment variables in the container." - }, - "ports": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainerports", - "description": "Sets an array of ports to expose on the container.", - "type": "array", - "items": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string" - } - ] - }, - "minItems": 1 - }, - "volumes": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainervolumes", - "description": "Sets an array of volumes for the container to use. You can use volumes to share data between services or other steps in a job. You can specify named Docker volumes, anonymous Docker volumes, or bind mounts on the host.\nTo specify a volume, you specify the source and destination path: :\nThe is a volume name or an absolute path on the host machine, and is an absolute path in the container.", - "type": "array", - "items": { - "type": "string" - }, - "minItems": 1 - }, - "options": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontaineroptions", - "description": "Additional Docker container resource options. For a list of options, see https://docs.docker.com/engine/reference/commandline/create/#options.", - "type": "string" - } - }, - "required": ["image"], - "additionalProperties": false - }, - "serviceContainer": { - "type": "object", - "properties": { - "image": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idimage", - "description": "The Docker image to use as the service container to run the action. The value can be the Docker Hub image name or a registry name.", - "type": "string" - }, - "credentials": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idcredentials", - "description": "If the image's container registry requires authentication to pull the image, you can use credentials to set a map of the username and password. The credentials are the same values that you would provide to the `docker login` command.", - "type": "object", - "properties": { - "username": { - "type": "string" - }, - "password": { - "type": "string" - } - } - }, - "env": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idenv", - "$ref": "#/definitions/env", - "description": "Sets a map of environment variables in the service container." - }, - "ports": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idports", - "description": "Sets an array of ports to expose on the service container.", - "type": "array", - "items": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string" - } - ] - }, - "minItems": 1 - }, - "volumes": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idvolumes", - "description": "Sets an array of volumes for the service container to use. You can use volumes to share data between services or other steps in a job. You can specify named Docker volumes, anonymous Docker volumes, or bind mounts on the host.\nTo specify a volume, you specify the source and destination path: :\nThe is a volume name or an absolute path on the host machine, and is an absolute path in the container.", - "type": "array", - "items": { - "type": "string" - }, - "minItems": 1 - }, - "options": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idoptions", - "description": "Additional Docker container resource options. For a list of options, see https://docs.docker.com/engine/reference/commandline/create/#options.", - "type": "string" - }, - "command": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idcommand", - "description": "Overrides the Docker image's default command (`CMD`). The value is passed as arguments after the image name in the `docker create` command. If you also specify `entrypoint`, `command` provides the arguments to that entrypoint.", - "type": "string" - }, - "entrypoint": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_identrypoint", - "description": "Overrides the Docker image's default `ENTRYPOINT`. The value is a single string defining the executable to run. Use this when you need to replace the image's entrypoint entirely. You can combine `entrypoint` with `command` to pass arguments to the custom entrypoint.", - "type": "string" - } - }, - "required": ["image"], - "additionalProperties": false - }, - "defaults": { - "type": "object", - "properties": { - "run": { - "type": "object", - "properties": { - "shell": { - "$ref": "#/definitions/shell" - }, - "working-directory": { - "$ref": "#/definitions/working-directory" - } - }, - "minProperties": 1, - "additionalProperties": false - } - }, - "minProperties": 1, - "additionalProperties": false - }, - "permissions": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions", - "description": "You can modify the default permissions granted to the GITHUB_TOKEN, adding or removing access as required, so that you only allow the minimum required access.", - "oneOf": [ - { - "type": "string", - "enum": ["read-all", "write-all"] - }, - { - "$ref": "#/definitions/permissions-event" - } - ] - }, - "permissions-event": { - "type": "object", - "additionalProperties": false, - "properties": { - "actions": { - "$ref": "#/definitions/permissions-level" - }, - "artifact-metadata": { - "$ref": "#/definitions/permissions-level" - }, - "attestations": { - "$ref": "#/definitions/permissions-level" - }, - "checks": { - "$ref": "#/definitions/permissions-level" - }, - "code-quality": { - "$ref": "#/definitions/permissions-level" - }, - "contents": { - "$ref": "#/definitions/permissions-level" - }, - "deployments": { - "$ref": "#/definitions/permissions-level" - }, - "discussions": { - "$ref": "#/definitions/permissions-level" - }, - "id-token": { - "$ref": "#/definitions/permissions-level" - }, - "issues": { - "$ref": "#/definitions/permissions-level" - }, - "models": { - "type": "string", - "enum": ["read", "none"] - }, - "packages": { - "$ref": "#/definitions/permissions-level" - }, - "pages": { - "$ref": "#/definitions/permissions-level" - }, - "pull-requests": { - "$ref": "#/definitions/permissions-level" - }, - "repository-projects": { - "$ref": "#/definitions/permissions-level" - }, - "security-events": { - "$ref": "#/definitions/permissions-level" - }, - "statuses": { - "$ref": "#/definitions/permissions-level" - }, - "copilot-requests": { - "type": "string", - "enum": ["write", "none"] - }, - "vulnerability-alerts": { - "type": "string", - "enum": ["read", "none"] - } - } - }, - "permissions-level": { - "type": "string", - "enum": ["read", "write", "none"] - }, - "env": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/environment-variables", - "description": "To set custom environment variables, you need to specify the variables in the workflow file. You can define environment variables for a step, job, or entire workflow using the jobs..steps[*].env, jobs..env, and env keywords. For more information, see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv", - "oneOf": [ - { - "type": "object", - "additionalProperties": { - "oneOf": [ - { - "type": "string" - }, - { - "type": "number" - }, - { - "type": "boolean" - } - ] - } - }, - { - "$ref": "#/definitions/stringContainingExpressionSyntax" - } - ] - }, - "environment": { - "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment", - "description": "The environment that the job references", - "type": "object", - "properties": { - "name": { - "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#example-using-a-single-environment-name", - "description": "The name of the environment configured in the repo.", - "type": "string" - }, - "url": { - "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#example-using-environment-name-and-url", - "description": "A deployment URL", - "type": "string" - }, - "deployment": { - "$comment": "https://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments#using-environments-without-deployments", - "description": "Whether to create a deployment for this job. Setting to false lets the job use environment secrets and variables without creating a deployment record. Wait timers and required reviewers still apply.", - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ], - "default": true - } - }, - "required": ["name"], - "additionalProperties": false - }, - "event": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows", - "type": "string", - "enum": [ - "branch_protection_rule", - "check_run", - "check_suite", - "create", - "delete", - "deployment", - "deployment_status", - "discussion", - "discussion_comment", - "fork", - "gollum", - "issue_comment", - "issues", - "label", - "merge_group", - "milestone", - "page_build", - "project", - "project_card", - "project_column", - "public", - "pull_request", - "pull_request_review", - "pull_request_review_comment", - "pull_request_target", - "push", - "registry_package", - "release", - "status", - "watch", - "workflow_call", - "workflow_dispatch", - "workflow_run", - "repository_dispatch" - ] - }, - "eventObject": { - "oneOf": [ - { - "type": "object" - }, - { - "type": "null" - } - ], - "additionalProperties": true - }, - "expressionSyntax": { - "$comment": "escape `{` and `}` in pattern to be unicode compatible (#1360)", - "type": "string", - "pattern": "^\\$\\{\\{(.|[\r\n])*\\}\\}$" - }, - "stringContainingExpressionSyntax": { - "$comment": "escape `{` and `}` in pattern to be unicode compatible (#1360)", - "type": "string", - "pattern": "^.*\\$\\{\\{(.|[\r\n])*\\}\\}.*$" - }, - "globs": { - "type": "array", - "items": { - "type": "string", - "minLength": 1 - }, - "minItems": 1 - }, - "machine": { - "type": "string", - "enum": ["linux", "macos", "windows"] - }, - "name": { - "type": "string", - "pattern": "^[_a-zA-Z][a-zA-Z0-9_-]*$" - }, - "path": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestpaths", - "$ref": "#/definitions/globs", - "description": "When using the push and pull_request events, you can configure a workflow to run when at least one file does not match paths-ignore or at least one modified file matches the configured paths. Path filters are not evaluated for pushes to tags.\nThe paths-ignore and paths keywords accept glob patterns that use the * and ** wildcard characters to match more than one path name. For more information, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet.\nYou can exclude paths using two types of filters. You cannot use both of these filters for the same event in a workflow.\n- paths-ignore - Use the paths-ignore filter when you only need to exclude path names.\n- paths - Use the paths filter when you need to filter paths for positive matches and exclude paths." - }, - "shell": { - "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell", - "description": "You can override the default shell settings in the runner's operating system using the shell keyword. You can use built-in shell keywords, or you can define a custom set of shell options.", - "anyOf": [ - { - "type": "string" - }, - { - "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#custom-shell", - "type": "string", - "enum": ["bash", "pwsh", "python", "sh", "cmd", "powershell"] - } - ] - }, - "snapshot": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idsnapshot", - "description": "You can use `jobs..snapshot` to generate a custom image.\nAdd the snapshot keyword to the job, using either the string syntax or mapping syntax as shown in https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#generating-a-custom-image.\nEach job that includes the snapshot keyword creates a separate image. To generate only one image or image version, include all workflow steps in a single job. Each successful run of a job that includes the snapshot keyword creates a new version of that image.\nFor more information, see https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images.", - "oneOf": [ - { - "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#string-syntax", - "type": "string", - "description": "You can use the string syntax with `snapshot` to define the image name. This method creates a new image or adds a new version to an existing image with the same name. You cannot specify a version number using this syntax." - }, - { - "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#mapping-syntax", - "type": "object", - "additionalProperties": false, - "description": "You can use the mapping syntax with `snapshot` to define both the `image-name` and the optional `version`. When you specify a major version, the minor versioning automatically increments if that major version already exists. Patch versions are not supported.", - "properties": { - "image-name": { - "type": "string" - }, - "version": { - "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#specifying-a-version-in-your-workflow", - "type": "string", - "pattern": "^\\d+(\\.\\d+|\\*)?$" - } - }, - "required": ["image-name"] - } - ] - }, - "step": { - "type": "object", - "additionalProperties": false, - "dependencies": { - "working-directory": ["run"], - "shell": ["run"] - }, - "oneOf": [ - { - "required": ["uses"] - }, - { - "required": ["run"] - }, - { - "required": ["wait"] - }, - { - "required": ["wait-all"] - }, - { - "required": ["cancel"] - }, - { - "required": ["parallel"] - } - ], - "properties": { - "id": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsid", - "description": "A unique identifier for the step. You can use the id to reference the step in contexts. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", - "type": "string" - }, - "if": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsif", - "description": "You can use the if conditional to prevent a step from running unless a condition is met. You can use any supported context and expression to create a conditional.\nExpressions in an if conditional do not require the ${{ }} syntax. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", - "type": ["boolean", "number", "string"] - }, - "name": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsname", - "description": "A name for your step to display on GitHub.", - "type": "string" - }, - "uses": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsuses", - "description": "Selects an action to run as part of a step in your job. An action is a reusable unit of code. You can use an action defined in the same repository as the workflow, a public repository, or in a published Docker container image (https://hub.docker.com/).\nWe strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag number. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update.\n- Using the commit SHA of a released action version is the safest for stability and security.\n- Using the specific major action version allows you to receive critical fixes and security patches while still maintaining compatibility. It also assures that your workflow should still work.\n- Using the master branch of an action may be convenient, but if someone releases a new major version with a breaking change, your workflow could break.\nSome actions require inputs that you must set using the with keyword. Review the action's README file to determine the inputs required.\nActions are either JavaScript files or Docker containers. If the action you're using is a Docker container you must run the job in a Linux virtual environment. For more details, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", - "type": "string" - }, - "run": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsrun", - "description": "Runs command-line programs using the operating system's shell. If you do not provide a name, the step name will default to the text specified in the run command.\nCommands run using non-login shells by default. You can choose a different shell and customize the shell used to run commands. For more information, see https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#using-a-specific-shell.\nEach run keyword represents a new process and shell in the virtual environment. When you provide multi-line commands, each line runs in the same shell.", - "type": "string" - }, - "working-directory": { - "$ref": "#/definitions/working-directory" - }, - "shell": { - "$ref": "#/definitions/shell" - }, - "with": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswith", - "$ref": "#/definitions/env", - "description": "A map of the input parameters defined by the action. Each input parameter is a key/value pair. Input parameters are set as environment variables. The variable is prefixed with INPUT_ and converted to upper case.", - "properties": { - "args": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswithargs", - "type": "string" - }, - "entrypoint": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswithentrypoint", - "type": "string" - } - } - }, - "env": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv", - "$ref": "#/definitions/env", - "description": "Sets environment variables for steps to use in the virtual environment. You can also set environment variables for the entire workflow or a job." - }, - "continue-on-error": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error", - "description": "Prevents a job from failing when a step fails. Set to true to allow a job to pass when this step fails.", - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ], - "default": false - }, - "timeout-minutes": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes", - "description": "The maximum number of minutes to run the step before killing the process.", - "oneOf": [ - { - "type": "number" - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ] - }, - "background": { - "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsbackground", - "description": "Runs a step asynchronously so the job continues to the next step without waiting for it to finish. You can use background on steps that use run or uses. To reference a background step from wait or cancel, give it an id. A maximum of 10 background steps can run concurrently in a single job.", - "type": "boolean" - }, - "wait": { - "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswait", - "description": "Pauses the job until one or more background steps complete. Provide a single step id as a string, or multiple step ids as an array. After a wait step completes, the outputs of the referenced background steps become available to subsequent steps.", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - }, - "minItems": 1 - } - ] - }, - "wait-all": { - "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswait-all", - "description": "Pauses the job until all active background steps complete. The wait-all keyword takes no arguments.", - "type": ["boolean", "null"] - }, - "cancel": { - "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscancel", - "description": "Gracefully terminates a running background step. The runner sends the step's process a termination signal (SIGTERM) so it can clean up. The cancel keyword targets a single background step by its id.", - "type": "string" - }, - "parallel": { - "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsparallel", - "description": "Runs a group of steps concurrently, then waits for all of them to finish before continuing. Every step in the group runs as a background step, with an implicit wait at the end of the group.", - "type": "array", - "items": { - "$ref": "#/definitions/step" - }, - "minItems": 1 - } - } - }, - "types": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onevent_nametypes", - "description": "Selects the types of activity that will trigger a workflow run. Most GitHub events are triggered by more than one type of activity. For example, the event for the release resource is triggered when a release is published, unpublished, created, edited, deleted, or prereleased. The types keyword enables you to narrow down activity that causes the workflow to run. When only one activity type triggers a webhook event, the types keyword is unnecessary.\nYou can use an array of event types. For more information about each event and their activity types, see https://help.github.com/en/articles/events-that-trigger-workflows#webhook-events.", - "oneOf": [ - { - "type": "array", - "minItems": 1 - }, - { - "type": "string" - } - ] - }, - "working-directory": { - "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun", - "description": "Using the working-directory keyword, you can specify the working directory of where to run the command.", - "type": "string" - }, - "jobNeeds": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idneeds", - "description": "Identifies any jobs that must complete successfully before this job will run. It can be a string or array of strings. If a job fails, all jobs that need it are skipped unless the jobs use a conditional statement that causes the job to continue.", - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/name" - }, - "minItems": 1 - }, - { - "$ref": "#/definitions/name" - } - ] - }, - "matrix": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix", - "description": "A build matrix is a set of different configurations of the virtual environment. For example you might run a job against more than one supported version of a language, operating system, or tool. Each configuration is a copy of the job that runs and reports a status.\nYou can specify a matrix by supplying an array for the configuration options. For example, if the GitHub virtual environment supports Node.js versions 6, 8, and 10 you could specify an array of those versions in the matrix.\nWhen you define a matrix of operating systems, you must set the required runs-on keyword to the operating system of the current job, rather than hard-coding the operating system name. To access the operating system name, you can use the matrix.os context parameter to set runs-on. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", - "oneOf": [ - { - "type": "object", - "patternProperties": { - "^(in|ex)clude$": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#example-including-configurations-in-a-matrix-build", - "oneOf": [ - { - "$ref": "#/definitions/expressionSyntax" - }, - { - "type": "array", - "items": { - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/configuration" - } - }, - "minItems": 1 - } - ] - } - }, - "additionalProperties": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/configuration" - }, - "minItems": 1 - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ] - }, - "minProperties": 1 - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ] - }, - "reusableWorkflowCallJob": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/reusing-workflows#calling-a-reusable-workflow", - "description": "Each job must have an id to associate with the job. The key job_id is a string and its value is a map of the job's configuration data. You must replace with a string that is unique to the jobs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", - "type": "object", - "properties": { - "name": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idname", - "description": "The name of the job displayed on GitHub.", - "type": "string" - }, - "needs": { - "$ref": "#/definitions/jobNeeds" - }, - "permissions": { - "$ref": "#/definitions/permissions" - }, - "if": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idif", - "description": "You can use the if conditional to prevent a job from running unless a condition is met. You can use any supported context and expression to create a conditional.\nExpressions in an if conditional do not require the ${{ }} syntax. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", - "type": ["boolean", "number", "string"] - }, - "uses": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_iduses", - "description": "The location and version of a reusable workflow file to run as a job, of the form './{path/to}/{localfile}.yml' or '{owner}/{repo}/{path}/{filename}@{ref}'. {ref} can be a SHA, a release tag, or a branch name. Using the commit SHA is the safest for stability and security.", - "type": "string", - "pattern": "^(.+\\/)+(.+)\\.(ya?ml)(@.+)?$" - }, - "with": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idwith", - "$ref": "#/definitions/env", - "description": "A map of inputs that are passed to the called workflow. Any inputs that you pass must match the input specifications defined in the called workflow. Unlike 'jobs..steps[*].with', the inputs you pass with 'jobs..with' are not be available as environment variables in the called workflow. Instead, you can reference the inputs by using the inputs context." - }, - "secrets": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idsecrets", - "description": "When a job is used to call a reusable workflow, you can use 'secrets' to provide a map of secrets that are passed to the called workflow. Any secrets that you pass must match the names defined in the called workflow.", - "oneOf": [ - { - "$ref": "#/definitions/env" - }, - { - "type": "string", - "enum": ["inherit"] - } - ] - }, - "strategy": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy", - "description": "A strategy creates a build matrix for your jobs. You can define different variations of an environment to run each job in.", - "type": "object", - "properties": { - "matrix": { - "$ref": "#/definitions/matrix" - }, - "fail-fast": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast", - "description": "When set to true, GitHub cancels all in-progress jobs if any matrix job fails. Default: true", - "type": ["boolean", "string"], - "default": true - }, - "max-parallel": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymax-parallel", - "description": "The maximum number of jobs that can run simultaneously when using a matrix job strategy. By default, GitHub will maximize the number of jobs run in parallel depending on the available runners on GitHub-hosted virtual machines.", - "type": ["number", "string"] - } - }, - "required": ["matrix"], - "additionalProperties": false - }, - "concurrency": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idconcurrency", - "description": "Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. The expression can use any context except for the secrets context. \nYou can also specify concurrency at the workflow level. \nWhen a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`. To also cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", - "oneOf": [ - { - "type": "string" - }, - { - "$ref": "#/definitions/concurrency" - } - ] - } - }, - "required": ["uses"], - "additionalProperties": false - }, - "normalJob": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_id", - "description": "Each job must have an id to associate with the job. The key job_id is a string and its value is a map of the job's configuration data. You must replace with a string that is unique to the jobs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", - "type": "object", - "properties": { - "name": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idname", - "description": "The name of the job displayed on GitHub.", - "type": "string" - }, - "needs": { - "$ref": "#/definitions/jobNeeds" - }, - "snapshot": { - "$ref": "#/definitions/snapshot" - }, - "permissions": { - "$ref": "#/definitions/permissions" - }, - "runs-on": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idruns-on", - "description": "The type of machine to run the job on. The machine can be either a GitHub-hosted runner, or a self-hosted runner.", - "anyOf": [ - { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#github-hosted-runners", - "type": "string" - }, - { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#self-hosted-runners", - "type": "array", - "anyOf": [ - { - "items": [ - { - "type": "string" - } - ], - "minItems": 1, - "additionalItems": { - "type": "string" - } - } - ] - }, - { - "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#choosing-runners-in-a-group", - "type": "object", - "properties": { - "group": { - "type": "string" - }, - "labels": { - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - } - } - }, - { - "$ref": "#/definitions/stringContainingExpressionSyntax" - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ] - }, - "environment": { - "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment", - "description": "The environment that the job references.", - "oneOf": [ - { - "type": "string" - }, - { - "$ref": "#/definitions/environment" - } - ] - }, - "outputs": { - "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idoutputs", - "description": "A map of outputs for a job. Job outputs are available to all downstream jobs that depend on this job.", - "type": "object", - "additionalProperties": { - "type": "string" - }, - "minProperties": 1 - }, - "env": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idenv", - "$ref": "#/definitions/env", - "description": "A map of environment variables that are available to all steps in the job." - }, - "defaults": { - "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_iddefaults", - "$ref": "#/definitions/defaults", - "description": "A map of default settings that will apply to all steps in the job." - }, - "if": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idif", - "description": "You can use the if conditional to prevent a job from running unless a condition is met. You can use any supported context and expression to create a conditional.\nExpressions in an if conditional do not require the ${{ }} syntax. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", - "type": ["boolean", "number", "string"] - }, - "steps": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idsteps", - "description": "A job contains a sequence of tasks called steps. Steps can run commands, run setup tasks, or run an action in your repository, a public repository, or an action published in a Docker registry. Not all steps run actions, but all actions run as a step. Each step runs in its own process in the virtual environment and has access to the workspace and filesystem. Because steps run in their own process, changes to environment variables are not preserved between steps. GitHub provides built-in steps to set up and complete a job.\nMust contain either `uses` or `run`\n", - "type": "array", - "items": { - "$ref": "#/definitions/step" - }, - "minItems": 1 - }, - "timeout-minutes": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes", - "description": "The maximum number of minutes to let a workflow run before GitHub automatically cancels it. Default: 360", - "oneOf": [ - { - "type": "number" - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ], - "default": 360 - }, - "strategy": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy", - "description": "A strategy creates a build matrix for your jobs. You can define different variations of an environment to run each job in.", - "type": "object", - "properties": { - "matrix": { - "$ref": "#/definitions/matrix" - }, - "fail-fast": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast", - "description": "When set to true, GitHub cancels all in-progress jobs if any matrix job fails. Default: true", - "type": ["boolean", "string"], - "default": true - }, - "max-parallel": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymax-parallel", - "description": "The maximum number of jobs that can run simultaneously when using a matrix job strategy. By default, GitHub will maximize the number of jobs run in parallel depending on the available runners on GitHub-hosted virtual machines.", - "type": ["number", "string"] - } - }, - "required": ["matrix"], - "additionalProperties": false - }, - "continue-on-error": { - "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idcontinue-on-error", - "description": "Prevents a workflow run from failing when a job fails. Set to true to allow a workflow run to pass when this job fails.", - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "#/definitions/expressionSyntax" - } - ] - }, - "container": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainer", - "description": "A container to run any steps in a job that don't already specify a container. If you have steps that use both script and container actions, the container actions will run as sibling containers on the same network with the same volume mounts.\nIf you do not set a container, all steps will run directly on the host specified by runs-on unless a step refers to an action configured to run in a container.", - "oneOf": [ - { - "type": "string" - }, - { - "$ref": "#/definitions/jobContainer" - } - ] - }, - "services": { - "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idservices", - "description": "Additional containers to host services for a job in a workflow. These are useful for creating databases or cache services like redis. The runner on the virtual machine will automatically create a network and manage the life cycle of the service containers.\nWhen you use a service container for a job or your step uses container actions, you don't need to set port information to access the service. Docker automatically exposes all ports between containers on the same network.\nWhen both the job and the action run in a container, you can directly reference the container by its hostname. The hostname is automatically mapped to the service name.\nWhen a step does not use a container action, you must access the service using localhost and bind the ports.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/serviceContainer" - } - }, - "concurrency": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idconcurrency", - "description": "Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. The expression can use any context except for the secrets context. \nYou can also specify concurrency at the workflow level. \nWhen a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`. To also cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", - "oneOf": [ - { - "type": "string" - }, - { - "$ref": "#/definitions/concurrency" - } - ] - } - }, - "required": ["runs-on"], - "additionalProperties": false - }, - "workflowDispatchInput": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_id", - "description": "A string identifier to associate with the input. The value of is a map of the input's metadata. The must be a unique identifier within the inputs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", - "type": "object", - "properties": { - "description": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddescription", - "description": "A string description of the input parameter.", - "type": "string" - }, - "deprecationMessage": { - "description": "A string shown to users using the deprecated input.", - "type": "string" - }, - "required": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_idrequired", - "description": "A boolean to indicate whether the action requires the input parameter. Set to true when the parameter is required.", - "type": "boolean" - }, - "default": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddefault", - "description": "A string representing the default value. The default value is used when an input parameter isn't specified in a workflow file." - }, - "type": { - "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputsinput_idtype", - "description": "A string representing the type of the input.", - "type": "string", - "enum": ["string", "choice", "boolean", "number", "environment"] - }, - "options": { - "$comment": "https://github.blog/changelog/2021-11-10-github-actions-input-types-for-manual-workflows", - "description": "The options of the dropdown list, if the type is a choice.", - "type": "array", - "items": { - "type": "string" - }, - "minItems": 1 - } - }, - "allOf": [ - { - "if": { - "properties": { - "type": { - "const": "string" - } - }, - "required": ["type"] - }, - "then": { - "properties": { - "default": { - "type": "string" - } - } - } - }, - { - "if": { - "properties": { - "type": { - "const": "boolean" - } - }, - "required": ["type"] - }, - "then": { - "properties": { - "default": { - "type": "boolean" - } - } - } - }, - { - "if": { - "properties": { - "type": { - "const": "number" - } - }, - "required": ["type"] - }, - "then": { - "properties": { - "default": { - "type": "number" - } - } - } - }, - { - "if": { - "properties": { - "type": { - "const": "environment" - } - }, - "required": ["type"] - }, - "then": { - "properties": { - "default": { - "type": "string" - } - } - } - }, - { - "if": { - "properties": { - "type": { - "const": "choice" - } - }, - "required": ["type"] - }, - "then": { - "required": ["options"] - } - } - ], - "additionalProperties": false - } - }, - "properties": { - "name": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#name", - "description": "The name of your workflow. GitHub displays the names of your workflows on your repository's actions page. If you omit this field, GitHub sets the name to the workflow's filename.", - "type": "string" - }, - "on": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#on", - "description": "The name of the GitHub event that triggers the workflow. You can provide a single event string, array of events, array of event types, or an event configuration map that schedules a workflow or restricts the execution of a workflow to specific files, tags, or branch changes. For a list of available events, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows.", - "oneOf": [ - { - "$ref": "#/definitions/event" - }, - { - "type": "array", - "items": { - "$ref": "#/definitions/event" - }, - "minItems": 1 - }, - { - "type": "object", - "properties": { - "branch_protection_rule": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#branch_protection_rule", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the branch_protection_rule event occurs. More than one activity type triggers this event.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "edited", "deleted"] - }, - "default": ["created", "edited", "deleted"] - } - } - }, - "check_run": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#check-run-event-check_run", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the check_run event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/checks/runs.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "rerequested", "completed", "requested_action"] - }, - "default": ["created", "rerequested", "completed", "requested_action"] - } - } - }, - "check_suite": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#check-suite-event-check_suite", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the check_suite event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/checks/suites/.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["completed", "requested", "rerequested"] - }, - "default": ["completed", "requested", "rerequested"] - } - } - }, - "create": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#create-event-create", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime someone creates a branch or tag, which triggers the create event. For information about the REST API, see https://developer.github.com/v3/git/refs/#create-a-reference." - }, - "delete": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#delete-event-delete", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime someone deletes a branch or tag, which triggers the delete event. For information about the REST API, see https://developer.github.com/v3/git/refs/#delete-a-reference." - }, - "deployment": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#deployment-event-deployment", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime someone creates a deployment, which triggers the deployment event. Deployments created with a commit SHA may not have a Git ref. For information about the REST API, see https://developer.github.com/v3/repos/deployments/." - }, - "deployment_status": { - "$comment": "https://docs.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime a third party provides a deployment status, which triggers the deployment_status event. Deployments created with a commit SHA may not have a Git ref. For information about the REST API, see https://developer.github.com/v3/repos/deployments/#create-a-deployment-status." - }, - "discussion": { - "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#discussion", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the discussion event occurs. More than one activity type triggers this event. For information about the GraphQL API, see https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"] - }, - "default": ["created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"] - } - } - }, - "discussion_comment": { - "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#discussion_comment", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the discussion_comment event occurs. More than one activity type triggers this event. For information about the GraphQL API, see https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "edited", "deleted"] - }, - "default": ["created", "edited", "deleted"] - } - } - }, - "fork": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#fork-event-fork", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime when someone forks a repository, which triggers the fork event. For information about the REST API, see https://developer.github.com/v3/repos/forks/#create-a-fork." - }, - "gollum": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#gollum-event-gollum", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow when someone creates or updates a Wiki page, which triggers the gollum event." - }, - "issue_comment": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#issue-comment-event-issue_comment", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the issue_comment event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues/comments/.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "edited", "deleted"] - }, - "default": ["created", "edited", "deleted"] - } - } - }, - "issues": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#issues-event-issues", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the issues event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"] - }, - "default": ["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"] - } - } - }, - "label": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#label-event-label", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the label event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues/labels/.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "edited", "deleted"] - }, - "default": ["created", "edited", "deleted"] - } - } - }, - "merge_group": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#merge_group", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow when a pull request is added to a merge queue, which adds the pull request to a merge group. For information about the merge queue, see https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue .", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["checks_requested"] - }, - "default": ["checks_requested"] - } - } - }, - "milestone": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#milestone-event-milestone", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the milestone event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues/milestones/.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "closed", "opened", "edited", "deleted"] - }, - "default": ["created", "closed", "opened", "edited", "deleted"] - } - } - }, - "page_build": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#page-build-event-page_build", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime someone pushes to a GitHub Pages-enabled branch, which triggers the page_build event. For information about the REST API, see https://developer.github.com/v3/repos/pages/." - }, - "project": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#project-event-project", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the project event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/projects/.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "updated", "closed", "reopened", "edited", "deleted"] - }, - "default": ["created", "updated", "closed", "reopened", "edited", "deleted"] - } - } - }, - "project_card": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#project-card-event-project_card", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the project_card event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/projects/cards.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "moved", "converted", "edited", "deleted"] - }, - "default": ["created", "moved", "converted", "edited", "deleted"] - } - } - }, - "project_column": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#project-column-event-project_column", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the project_column event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/projects/columns.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "updated", "moved", "deleted"] - }, - "default": ["created", "updated", "moved", "deleted"] - } - } - }, - "public": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#public-event-public", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime someone makes a private repository public, which triggers the public event. For information about the REST API, see https://developer.github.com/v3/repos/#edit." - }, - "pull_request": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#pull-request-event-pull_request", - "description": "Runs your workflow anytime the pull_request event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/pulls.\nNote: Workflows do not run on private base repositories when you open a pull request from a forked repository.\nWhen you create a pull request from a forked repository to the base repository, GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository.\nWorkflows don't run on forked repositories by default. You must enable GitHub Actions in the Actions tab of the forked repository.\nThe permissions for the GITHUB_TOKEN in forked repositories is read-only. For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", - "oneOf": [ - { - "type": "null" - }, - { - "allOf": [ - { - "type": "object", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": [ - "assigned", - "unassigned", - "labeled", - "unlabeled", - "opened", - "edited", - "closed", - "reopened", - "synchronize", - "converted_to_draft", - "ready_for_review", - "locked", - "unlocked", - "milestoned", - "demilestoned", - "review_requested", - "review_request_removed", - "auto_merge_enabled", - "auto_merge_disabled", - "enqueued", - "dequeued" - ] - }, - "default": ["opened", "synchronize", "reopened"] - }, - "branches": { - "$ref": "#/definitions/branch" - }, - "branches-ignore": { - "$ref": "#/definitions/branch" - }, - "tags": { - "$ref": "#/definitions/branch" - }, - "tags-ignore": { - "$ref": "#/definitions/branch" - }, - "paths": { - "$ref": "#/definitions/path" - }, - "paths-ignore": { - "$ref": "#/definitions/path" - } - }, - "additionalProperties": false - }, - { - "not": { - "required": ["branches", "branches-ignore"] - } - }, - { - "not": { - "required": ["tags", "tags-ignore"] - } - }, - { - "not": { - "required": ["paths", "paths-ignore"] - } - } - ] - } - ] - }, - "pull_request_review": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#pull-request-review-event-pull_request_review", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the pull_request_review event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/pulls/reviews.\nNote: Workflows do not run on private base repositories when you open a pull request from a forked repository.\nWhen you create a pull request from a forked repository to the base repository, GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository.\nWorkflows don't run on forked repositories by default. You must enable GitHub Actions in the Actions tab of the forked repository.\nThe permissions for the GITHUB_TOKEN in forked repositories is read-only. For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["submitted", "edited", "dismissed"] - }, - "default": ["submitted", "edited", "dismissed"] - } - } - }, - "pull_request_review_comment": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#pull-request-review-comment-event-pull_request_review_comment", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime a comment on a pull request's unified diff is modified, which triggers the pull_request_review_comment event. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/pulls/comments.\nNote: Workflows do not run on private base repositories when you open a pull request from a forked repository.\nWhen you create a pull request from a forked repository to the base repository, GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository.\nWorkflows don't run on forked repositories by default. You must enable GitHub Actions in the Actions tab of the forked repository.\nThe permissions for the GITHUB_TOKEN in forked repositories is read-only. For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["created", "edited", "deleted"] - }, - "default": ["created", "edited", "deleted"] - } - } - }, - "pull_request_target": { - "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target", - "description": "This event is similar to pull_request, except that it runs in the context of the base repository of the pull request, rather than in the merge commit. This means that you can more safely make your secrets available to the workflows triggered by the pull request, because only workflows defined in the commit on the base repository are run. For example, this event allows you to create workflows that label and comment on pull requests, based on the contents of the event payload.", - "oneOf": [ - { - "type": "null" - }, - { - "allOf": [ - { - "type": "object", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": [ - "assigned", - "unassigned", - "labeled", - "unlabeled", - "opened", - "edited", - "closed", - "reopened", - "synchronize", - "converted_to_draft", - "ready_for_review", - "locked", - "unlocked", - "review_requested", - "review_request_removed", - "auto_merge_enabled", - "auto_merge_disabled" - ] - }, - "default": ["opened", "synchronize", "reopened"] - }, - "branches": { - "$ref": "#/definitions/branch" - }, - "branches-ignore": { - "$ref": "#/definitions/branch" - }, - "tags": { - "$ref": "#/definitions/branch" - }, - "tags-ignore": { - "$ref": "#/definitions/branch" - }, - "paths": { - "$ref": "#/definitions/path" - }, - "paths-ignore": { - "$ref": "#/definitions/path" - } - }, - "additionalProperties": false - }, - { - "not": { - "required": ["branches", "branches-ignore"] - } - }, - { - "not": { - "required": ["tags", "tags-ignore"] - } - }, - { - "not": { - "required": ["paths", "paths-ignore"] - } - } - ] - } - ] - }, - "push": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#push-event-push", - "description": "Runs your workflow when someone pushes to a repository branch, which triggers the push event.\nNote: The webhook payload available to GitHub Actions does not include the added, removed, and modified attributes in the commit object. You can retrieve the full commit object using the REST API. For more information, see https://developer.github.com/v3/repos/commits/#get-a-single-commit.", - "oneOf": [ - { - "type": "null" - }, - { - "allOf": [ - { - "type": "object", - "properties": { - "branches": { - "$ref": "#/definitions/branch" - }, - "branches-ignore": { - "$ref": "#/definitions/branch" - }, - "tags": { - "$ref": "#/definitions/branch" - }, - "tags-ignore": { - "$ref": "#/definitions/branch" - }, - "paths": { - "$ref": "#/definitions/path" - }, - "paths-ignore": { - "$ref": "#/definitions/path" - } - }, - "additionalProperties": false - }, - { - "not": { - "required": ["branches", "branches-ignore"] - } - }, - { - "not": { - "required": ["tags", "tags-ignore"] - } - }, - { - "not": { - "required": ["paths", "paths-ignore"] - } - } - ] - } - ] - }, - "registry_package": { - "$comment": "https://help.github.com/en/actions/reference/events-that-trigger-workflows#registry-package-event-registry_package", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime a package is published or updated. For more information, see https://help.github.com/en/github/managing-packages-with-github-packages.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["published", "updated"] - }, - "default": ["published", "updated"] - } - } - }, - "release": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#release-event-release", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the release event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/repos/releases/ in the GitHub Developer documentation.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"] - }, - "default": ["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"] - } - } - }, - "status": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#status-event-status", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the status of a Git commit changes, which triggers the status event. For information about the REST API, see https://developer.github.com/v3/repos/statuses/." - }, - "watch": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#watch-event-watch", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "Runs your workflow anytime the watch event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/activity/starring/." - }, - "workflow_call": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_call", - "description": "Allows workflows to be reused by other workflows.", - "properties": { - "inputs": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onworkflow_callinputs", - "description": "When using the workflow_call keyword, you can optionally specify inputs that are passed to the called workflow from the caller workflow.", - "type": "object", - "patternProperties": { - "^[_a-zA-Z][a-zA-Z0-9_-]*$": { - "$comment": "https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputsinput_id", - "description": "A string identifier to associate with the input. The value of is a map of the input's metadata. The must be a unique identifier within the inputs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", - "type": "object", - "properties": { - "description": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddescription", - "description": "A string description of the input parameter.", - "type": "string" - }, - "required": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_idrequired", - "description": "A boolean to indicate whether the action requires the input parameter. Set to true when the parameter is required.", - "type": "boolean" - }, - "type": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callinput_idtype", - "description": "Required if input is defined for the on.workflow_call keyword. The value of this parameter is a string specifying the data type of the input. This must be one of: boolean, number, or string.", - "type": "string", - "enum": ["boolean", "number", "string"] - }, - "default": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddefault", - "description": "The default value is used when an input parameter isn't specified in a workflow file.", - "type": ["boolean", "number", "string"] - } - }, - "required": ["type"], - "additionalProperties": false - } - }, - "additionalProperties": false - }, - "outputs": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onworkflow_calloutputs", - "description": "When using the workflow_call keyword, you can optionally specify inputs that are passed to the called workflow from the caller workflow.", - "type": "object", - "patternProperties": { - "^[_a-zA-Z][a-zA-Z0-9_-]*$": { - "$comment": "https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#outputsoutput_id", - "description": "A string identifier to associate with the output. The value of is a map of the output's metadata. The must be a unique identifier within the outputs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", - "type": "object", - "properties": { - "description": { - "$comment": "https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#outputsoutput_iddescription", - "description": "A string description of the output parameter.", - "type": "string" - }, - "value": { - "$comment": "https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#outputsoutput_idvalue", - "description": "The value that the output parameter will be mapped to. You can set this to a string or an expression with context. For example, you can use the steps context to set the value of an output to the output value of a step.", - "type": "string" - } - }, - "required": ["value"], - "additionalProperties": false - } - }, - "additionalProperties": false - }, - "secrets": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecrets", - "description": "A map of the secrets that can be used in the called workflow. Within the called workflow, you can use the secrets context to refer to a secret.", - "patternProperties": { - "^[_a-zA-Z][a-zA-Z0-9_-]*$": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecretssecret_id", - "description": "A string identifier to associate with the secret.", - "properties": { - "description": { - "description": "A string description of the secret parameter.", - "type": "string" - }, - "required": { - "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecretssecret_idrequired", - "description": "A boolean specifying whether the secret must be supplied.", - "type": "boolean" - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - } - } - }, - "workflow_dispatch": { - "$comment": "https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/", - "description": "You can now create workflows that are manually triggered with the new workflow_dispatch event. You will then see a 'Run workflow' button on the Actions tab, enabling you to easily trigger a run.", - "properties": { - "inputs": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputs", - "description": "Input parameters allow you to specify data that the action expects to use during runtime. GitHub stores input parameters as environment variables. Input ids with uppercase letters are converted to lowercase during runtime. We recommended using lowercase input ids.", - "type": "object", - "patternProperties": { - "^[_a-zA-Z][a-zA-Z0-9_-]*$": { - "$ref": "#/definitions/workflowDispatchInput" - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - }, - "workflow_run": { - "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_run", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "This event occurs when a workflow run is requested or completed, and allows you to execute a workflow based on the finished result of another workflow. For example, if your pull_request workflow generates build artifacts, you can create a new workflow that uses workflow_run to analyze the results and add a comment to the original pull request.", - "properties": { - "types": { - "allOf": [ - { - "$ref": "#/definitions/types" - } - ], - "items": { - "type": "string", - "enum": ["requested", "completed", "in_progress"] - }, - "default": ["requested", "completed"] - }, - "workflows": { - "type": "array", - "items": { - "type": "string" - }, - "minItems": 1 - } - }, - "patternProperties": { - "^branches(-ignore)?$": {} - } - }, - "repository_dispatch": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#external-events-repository_dispatch", - "allOf": [ - { - "$ref": "#/definitions/eventObject" - } - ], - "description": "You can use the GitHub API to trigger a webhook event called repository_dispatch when you want to trigger a workflow for activity that happens outside of GitHub. For more information, see https://developer.github.com/v3/repos/#create-a-repository-dispatch-event.\nTo trigger the custom repository_dispatch webhook event, you must send a POST request to a GitHub API endpoint and provide an event_type name to describe the activity type. To trigger a workflow run, you must also configure your workflow to use the repository_dispatch event." - }, - "schedule": { - "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule", - "description": "You can schedule a workflow to run at specific UTC times using POSIX cron syntax (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). You can optionally specify a timezone using an IANA timezone string (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) for timezone-aware scheduling. Scheduled workflows run on the latest commit on the default or base branch. The shortest interval you can run scheduled workflows is once every 5 minutes.\nNote: GitHub Actions does not support the non-standard syntax @yearly, @monthly, @weekly, @daily, @hourly, and @reboot.\nYou can use crontab guru (https://crontab.guru/) to help generate your cron syntax and confirm what time it will run. To help you get started, there is also a list of crontab guru examples (https://crontab.guru/examples.html).", - "type": "array", - "items": { - "type": "object", - "properties": { - "cron": { - "description": "A cron expression that represents a schedule. A scheduled workflow will run at most once every 5 minutes.", - "type": "string" - }, - "timezone": { - "description": "A string that represents the time zone a scheduled workflow will run relative to in IANA format (e.g. 'America/New_York' or 'Europe/London'). If omitted, the workflow will run relative to midnight UTC.", - "type": "string" - } - }, - "required": ["cron"], - "additionalProperties": false - }, - "minItems": 1 - } - }, - "additionalProperties": false - } - ] - }, - "env": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env", - "$ref": "#/definitions/env", - "description": "A map of environment variables that are available to all jobs and steps in the workflow." - }, - "defaults": { - "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#defaults", - "$ref": "#/definitions/defaults", - "description": "A map of default settings that will apply to all jobs in the workflow." - }, - "concurrency": { - "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency", - "description": "Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. The expression can use any context except for the secrets context. \nYou can also specify concurrency at the workflow level. \nWhen a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`. To also cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", - "oneOf": [ - { - "type": "string" - }, - { - "$ref": "#/definitions/concurrency" - } - ] - }, - "jobs": { - "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobs", - "description": "A workflow run is made up of one or more jobs. Jobs run in parallel by default. To run jobs sequentially, you can define dependencies on other jobs using the jobs..needs keyword.\nEach job runs in a fresh instance of the virtual environment specified by runs-on.\nYou can run an unlimited number of jobs as long as you are within the workflow usage limits. For more information, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#usage-limits.", - "type": "object", - "patternProperties": { - "^[_a-zA-Z][a-zA-Z0-9_-]*$": { - "oneOf": [ - { - "$ref": "#/definitions/normalJob" - }, - { - "$ref": "#/definitions/reusableWorkflowCallJob" - } - ] - } - }, - "minProperties": 1, - "additionalProperties": false - }, - "run-name": { - "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#run-name", - "description": "The name for workflow runs generated from the workflow. GitHub displays the workflow run name in the list of workflow runs on your repository's 'Actions' tab.", - "type": "string" - }, - "permissions": { - "$ref": "#/definitions/permissions" - } - }, - "required": ["on", "jobs"], - "type": "object" -} +429: Too Many Requests +For more on scraping GitHub and how it may affect your rights, please review our Terms of Service (https://docs.github.com/en/site-policy/github-terms/github-terms-of-service). \ No newline at end of file From 71544d384a239e44e257e678d1d26092c87c573e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Jul 2026 21:34:14 +0000 Subject: [PATCH 7/7] fix: restore valid github workflow schema Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com> --- pkg/workflow/schemas/github-workflow.json | 2083 ++++++++++++++++++++- 1 file changed, 2081 insertions(+), 2 deletions(-) diff --git a/pkg/workflow/schemas/github-workflow.json b/pkg/workflow/schemas/github-workflow.json index ec0f976491e..9d394757abc 100644 --- a/pkg/workflow/schemas/github-workflow.json +++ b/pkg/workflow/schemas/github-workflow.json @@ -1,2 +1,2081 @@ -429: Too Many Requests -For more on scraping GitHub and how it may affect your rights, please review our Terms of Service (https://docs.github.com/en/site-policy/github-terms/github-terms-of-service). \ No newline at end of file +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://json.schemastore.org/github-workflow.json", + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions", + "additionalProperties": false, + "definitions": { + "architecture": { + "type": "string", + "enum": ["ARM32", "x64", "x86"] + }, + "branch": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestbranchestags", + "$ref": "#/definitions/globs", + "description": "When using the push and pull_request events, you can configure a workflow to run on specific branches or tags. If you only define only tags or only branches, the workflow won't run for events affecting the undefined Git ref.\nThe branches, branches-ignore, tags, and tags-ignore keywords accept glob patterns that use the * and ** wildcard characters to match more than one branch or tag name. For more information, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet.\nThe patterns defined in branches and tags are evaluated against the Git ref's name. For example, defining the pattern mona/octocat in branches will match the refs/heads/mona/octocat Git ref. The pattern releases/** will match the refs/heads/releases/10 Git ref.\nYou can use two types of filters to prevent a workflow from running on pushes and pull requests to tags and branches:\n- branches or branches-ignore - You cannot use both the branches and branches-ignore filters for the same event in a workflow. Use the branches filter when you need to filter branches for positive matches and exclude branches. Use the branches-ignore filter when you only need to exclude branch names.\n- tags or tags-ignore - You cannot use both the tags and tags-ignore filters for the same event in a workflow. Use the tags filter when you need to filter tags for positive matches and exclude tags. Use the tags-ignore filter when you only need to exclude tag names.\nYou can exclude tags and branches using the ! character. The order that you define patterns matters.\n- A matching negative pattern (prefixed with !) after a positive match will exclude the Git ref.\n- A matching positive pattern after a negative match will include the Git ref again." + }, + "concurrency": { + "type": "object", + "properties": { + "group": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run-1", + "description": "When a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`.", + "type": "string" + }, + "cancel-in-progress": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run-1", + "description": "To cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ] + }, + "queue": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#example-queueing-multiple-pending-runs", + "description": "Controls how pending jobs or workflow runs are queued within a concurrency group. With the default `single`, at most one run can be pending — additional pending runs cancel the previous one. With `max`, up to 100 runs can be pending and are processed in FIFO order. The combination of `queue: max` and `cancel-in-progress: true` is not allowed.", + "type": "string", + "enum": ["single", "max"], + "default": "single" + } + }, + "required": ["group"], + "additionalProperties": false + }, + "configuration": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "boolean" + }, + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/configuration" + } + }, + { + "type": "array", + "items": { + "$ref": "#/definitions/configuration" + } + } + ] + }, + "jobContainer": { + "type": "object", + "properties": { + "image": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainerimage", + "description": "The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a registry name.", + "type": "string" + }, + "credentials": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainercredentials", + "description": "If the image's container registry requires authentication to pull the image, you can use credentials to set a map of the username and password. The credentials are the same values that you would provide to the `docker login` command.", + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "password": { + "type": "string" + } + } + }, + "env": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainerenv", + "$ref": "#/definitions/env", + "description": "Sets a map of environment variables in the container." + }, + "ports": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainerports", + "description": "Sets an array of ports to expose on the container.", + "type": "array", + "items": { + "oneOf": [ + { + "type": "number" + }, + { + "type": "string" + } + ] + }, + "minItems": 1 + }, + "volumes": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontainervolumes", + "description": "Sets an array of volumes for the container to use. You can use volumes to share data between services or other steps in a job. You can specify named Docker volumes, anonymous Docker volumes, or bind mounts on the host.\nTo specify a volume, you specify the source and destination path: :\nThe is a volume name or an absolute path on the host machine, and is an absolute path in the container.", + "type": "array", + "items": { + "type": "string" + }, + "minItems": 1 + }, + "options": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idcontaineroptions", + "description": "Additional Docker container resource options. For a list of options, see https://docs.docker.com/engine/reference/commandline/create/#options.", + "type": "string" + } + }, + "required": ["image"], + "additionalProperties": false + }, + "serviceContainer": { + "type": "object", + "properties": { + "image": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idimage", + "description": "The Docker image to use as the service container to run the action. The value can be the Docker Hub image name or a registry name.", + "type": "string" + }, + "credentials": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idcredentials", + "description": "If the image's container registry requires authentication to pull the image, you can use credentials to set a map of the username and password. The credentials are the same values that you would provide to the `docker login` command.", + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "password": { + "type": "string" + } + } + }, + "env": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idenv", + "$ref": "#/definitions/env", + "description": "Sets a map of environment variables in the service container." + }, + "ports": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idports", + "description": "Sets an array of ports to expose on the service container.", + "type": "array", + "items": { + "oneOf": [ + { + "type": "number" + }, + { + "type": "string" + } + ] + }, + "minItems": 1 + }, + "volumes": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idvolumes", + "description": "Sets an array of volumes for the service container to use. You can use volumes to share data between services or other steps in a job. You can specify named Docker volumes, anonymous Docker volumes, or bind mounts on the host.\nTo specify a volume, you specify the source and destination path: :\nThe is a volume name or an absolute path on the host machine, and is an absolute path in the container.", + "type": "array", + "items": { + "type": "string" + }, + "minItems": 1 + }, + "options": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idoptions", + "description": "Additional Docker container resource options. For a list of options, see https://docs.docker.com/engine/reference/commandline/create/#options.", + "type": "string" + }, + "command": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_idcommand", + "description": "Overrides the Docker image's default command (`CMD`). The value is passed as arguments after the image name in the `docker create` command. If you also specify `entrypoint`, `command` provides the arguments to that entrypoint.", + "type": "string" + }, + "entrypoint": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idservicesservice_identrypoint", + "description": "Overrides the Docker image's default `ENTRYPOINT`. The value is a single string defining the executable to run. Use this when you need to replace the image's entrypoint entirely. You can combine `entrypoint` with `command` to pass arguments to the custom entrypoint.", + "type": "string" + } + }, + "required": ["image"], + "additionalProperties": false + }, + "defaults": { + "type": "object", + "properties": { + "run": { + "type": "object", + "properties": { + "shell": { + "$ref": "#/definitions/shell" + }, + "working-directory": { + "$ref": "#/definitions/working-directory" + } + }, + "minProperties": 1, + "additionalProperties": false + } + }, + "minProperties": 1, + "additionalProperties": false + }, + "permissions": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions", + "description": "You can modify the default permissions granted to the GITHUB_TOKEN, adding or removing access as required, so that you only allow the minimum required access.", + "oneOf": [ + { + "type": "string", + "enum": ["read-all", "write-all"] + }, + { + "$ref": "#/definitions/permissions-event" + } + ] + }, + "permissions-event": { + "type": "object", + "additionalProperties": false, + "properties": { + "actions": { + "$ref": "#/definitions/permissions-level" + }, + "artifact-metadata": { + "$ref": "#/definitions/permissions-level" + }, + "attestations": { + "$ref": "#/definitions/permissions-level" + }, + "checks": { + "$ref": "#/definitions/permissions-level" + }, + "code-quality": { + "$ref": "#/definitions/permissions-level" + }, + "contents": { + "$ref": "#/definitions/permissions-level" + }, + "deployments": { + "$ref": "#/definitions/permissions-level" + }, + "discussions": { + "$ref": "#/definitions/permissions-level" + }, + "id-token": { + "$ref": "#/definitions/permissions-level" + }, + "issues": { + "$ref": "#/definitions/permissions-level" + }, + "models": { + "type": "string", + "enum": ["read", "none"] + }, + "packages": { + "$ref": "#/definitions/permissions-level" + }, + "pages": { + "$ref": "#/definitions/permissions-level" + }, + "pull-requests": { + "$ref": "#/definitions/permissions-level" + }, + "repository-projects": { + "$ref": "#/definitions/permissions-level" + }, + "security-events": { + "$ref": "#/definitions/permissions-level" + }, + "statuses": { + "$ref": "#/definitions/permissions-level" + }, + "copilot-requests": { + "type": "string", + "enum": ["write", "none"] + }, + "vulnerability-alerts": { + "type": "string", + "enum": ["read", "none"] + } + } + }, + "permissions-level": { + "type": "string", + "enum": ["read", "write", "none"] + }, + "env": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/environment-variables", + "description": "To set custom environment variables, you need to specify the variables in the workflow file. You can define environment variables for a step, job, or entire workflow using the jobs..steps[*].env, jobs..env, and env keywords. For more information, see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv", + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "boolean" + } + ] + } + }, + { + "$ref": "#/definitions/stringContainingExpressionSyntax" + } + ] + }, + "environment": { + "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment", + "description": "The environment that the job references", + "type": "object", + "properties": { + "name": { + "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#example-using-a-single-environment-name", + "description": "The name of the environment configured in the repo.", + "type": "string" + }, + "url": { + "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#example-using-environment-name-and-url", + "description": "A deployment URL", + "type": "string" + }, + "deployment": { + "$comment": "https://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments#using-environments-without-deployments", + "description": "Whether to create a deployment for this job. Setting to false lets the job use environment secrets and variables without creating a deployment record. Wait timers and required reviewers still apply.", + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ], + "default": true + } + }, + "required": ["name"], + "additionalProperties": false + }, + "event": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows", + "type": "string", + "enum": [ + "branch_protection_rule", + "check_run", + "check_suite", + "create", + "delete", + "deployment", + "deployment_status", + "discussion", + "discussion_comment", + "fork", + "gollum", + "issue_comment", + "issues", + "label", + "merge_group", + "milestone", + "page_build", + "project", + "project_card", + "project_column", + "public", + "pull_request", + "pull_request_review", + "pull_request_review_comment", + "pull_request_target", + "push", + "registry_package", + "release", + "status", + "watch", + "workflow_call", + "workflow_dispatch", + "workflow_run", + "repository_dispatch" + ] + }, + "eventObject": { + "oneOf": [ + { + "type": "object" + }, + { + "type": "null" + } + ], + "additionalProperties": true + }, + "expressionSyntax": { + "$comment": "escape `{` and `}` in pattern to be unicode compatible (#1360)", + "type": "string", + "pattern": "^\\$\\{\\{(.|[\r\n])*\\}\\}$" + }, + "stringContainingExpressionSyntax": { + "$comment": "escape `{` and `}` in pattern to be unicode compatible (#1360)", + "type": "string", + "pattern": "^.*\\$\\{\\{(.|[\r\n])*\\}\\}.*$" + }, + "globs": { + "type": "array", + "items": { + "type": "string", + "minLength": 1 + }, + "minItems": 1 + }, + "machine": { + "type": "string", + "enum": ["linux", "macos", "windows"] + }, + "name": { + "type": "string", + "pattern": "^[_a-zA-Z][a-zA-Z0-9_-]*$" + }, + "path": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onpushpull_requestpaths", + "$ref": "#/definitions/globs", + "description": "When using the push and pull_request events, you can configure a workflow to run when at least one file does not match paths-ignore or at least one modified file matches the configured paths. Path filters are not evaluated for pushes to tags.\nThe paths-ignore and paths keywords accept glob patterns that use the * and ** wildcard characters to match more than one path name. For more information, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet.\nYou can exclude paths using two types of filters. You cannot use both of these filters for the same event in a workflow.\n- paths-ignore - Use the paths-ignore filter when you only need to exclude path names.\n- paths - Use the paths filter when you need to filter paths for positive matches and exclude paths." + }, + "shell": { + "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell", + "description": "You can override the default shell settings in the runner's operating system using the shell keyword. You can use built-in shell keywords, or you can define a custom set of shell options.", + "anyOf": [ + { + "type": "string" + }, + { + "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#custom-shell", + "type": "string", + "enum": ["bash", "pwsh", "python", "sh", "cmd", "powershell"] + } + ] + }, + "snapshot": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idsnapshot", + "description": "You can use `jobs..snapshot` to generate a custom image.\nAdd the snapshot keyword to the job, using either the string syntax or mapping syntax as shown in https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#generating-a-custom-image.\nEach job that includes the snapshot keyword creates a separate image. To generate only one image or image version, include all workflow steps in a single job. Each successful run of a job that includes the snapshot keyword creates a new version of that image.\nFor more information, see https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images.", + "oneOf": [ + { + "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#string-syntax", + "type": "string", + "description": "You can use the string syntax with `snapshot` to define the image name. This method creates a new image or adds a new version to an existing image with the same name. You cannot specify a version number using this syntax." + }, + { + "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#mapping-syntax", + "type": "object", + "additionalProperties": false, + "description": "You can use the mapping syntax with `snapshot` to define both the `image-name` and the optional `version`. When you specify a major version, the minor versioning automatically increments if that major version already exists. Patch versions are not supported.", + "properties": { + "image-name": { + "type": "string" + }, + "version": { + "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#specifying-a-version-in-your-workflow", + "type": "string", + "pattern": "^\\d+(\\.\\d+|\\*)?$" + } + }, + "required": ["image-name"] + } + ] + }, + "step": { + "type": "object", + "additionalProperties": false, + "dependencies": { + "working-directory": ["run"], + "shell": ["run"] + }, + "oneOf": [ + { + "required": ["uses"] + }, + { + "required": ["run"] + }, + { + "required": ["wait"] + }, + { + "required": ["wait-all"] + }, + { + "required": ["cancel"] + }, + { + "required": ["parallel"] + } + ], + "properties": { + "id": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsid", + "description": "A unique identifier for the step. You can use the id to reference the step in contexts. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", + "type": "string" + }, + "if": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsif", + "description": "You can use the if conditional to prevent a step from running unless a condition is met. You can use any supported context and expression to create a conditional.\nExpressions in an if conditional do not require the ${{ }} syntax. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", + "type": ["boolean", "number", "string"] + }, + "name": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsname", + "description": "A name for your step to display on GitHub.", + "type": "string" + }, + "uses": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsuses", + "description": "Selects an action to run as part of a step in your job. An action is a reusable unit of code. You can use an action defined in the same repository as the workflow, a public repository, or in a published Docker container image (https://hub.docker.com/).\nWe strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag number. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update.\n- Using the commit SHA of a released action version is the safest for stability and security.\n- Using the specific major action version allows you to receive critical fixes and security patches while still maintaining compatibility. It also assures that your workflow should still work.\n- Using the master branch of an action may be convenient, but if someone releases a new major version with a breaking change, your workflow could break.\nSome actions require inputs that you must set using the with keyword. Review the action's README file to determine the inputs required.\nActions are either JavaScript files or Docker containers. If the action you're using is a Docker container you must run the job in a Linux virtual environment. For more details, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", + "type": "string" + }, + "run": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsrun", + "description": "Runs command-line programs using the operating system's shell. If you do not provide a name, the step name will default to the text specified in the run command.\nCommands run using non-login shells by default. You can choose a different shell and customize the shell used to run commands. For more information, see https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#using-a-specific-shell.\nEach run keyword represents a new process and shell in the virtual environment. When you provide multi-line commands, each line runs in the same shell.", + "type": "string" + }, + "working-directory": { + "$ref": "#/definitions/working-directory" + }, + "shell": { + "$ref": "#/definitions/shell" + }, + "with": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswith", + "$ref": "#/definitions/env", + "description": "A map of the input parameters defined by the action. Each input parameter is a key/value pair. Input parameters are set as environment variables. The variable is prefixed with INPUT_ and converted to upper case.", + "properties": { + "args": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswithargs", + "type": "string" + }, + "entrypoint": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswithentrypoint", + "type": "string" + } + } + }, + "env": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv", + "$ref": "#/definitions/env", + "description": "Sets environment variables for steps to use in the virtual environment. You can also set environment variables for the entire workflow or a job." + }, + "continue-on-error": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error", + "description": "Prevents a job from failing when a step fails. Set to true to allow a job to pass when this step fails.", + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ], + "default": false + }, + "timeout-minutes": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes", + "description": "The maximum number of minutes to run the step before killing the process.", + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ] + }, + "background": { + "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsbackground", + "description": "Runs a step asynchronously so the job continues to the next step without waiting for it to finish. You can use background on steps that use run or uses. To reference a background step from wait or cancel, give it an id. A maximum of 10 background steps can run concurrently in a single job.", + "type": "boolean" + }, + "wait": { + "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswait", + "description": "Pauses the job until one or more background steps complete. Provide a single step id as a string, or multiple step ids as an array. After a wait step completes, the outputs of the referenced background steps become available to subsequent steps.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + }, + "minItems": 1 + } + ] + }, + "wait-all": { + "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswait-all", + "description": "Pauses the job until all active background steps complete. The wait-all keyword takes no arguments.", + "type": ["boolean", "null"] + }, + "cancel": { + "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepscancel", + "description": "Gracefully terminates a running background step. The runner sends the step's process a termination signal (SIGTERM) so it can clean up. The cancel keyword targets a single background step by its id.", + "type": "string" + }, + "parallel": { + "$comment": "https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsparallel", + "description": "Runs a group of steps concurrently, then waits for all of them to finish before continuing. Every step in the group runs as a background step, with an implicit wait at the end of the group.", + "type": "array", + "items": { + "$ref": "#/definitions/step" + }, + "minItems": 1 + } + } + }, + "types": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onevent_nametypes", + "description": "Selects the types of activity that will trigger a workflow run. Most GitHub events are triggered by more than one type of activity. For example, the event for the release resource is triggered when a release is published, unpublished, created, edited, deleted, or prereleased. The types keyword enables you to narrow down activity that causes the workflow to run. When only one activity type triggers a webhook event, the types keyword is unnecessary.\nYou can use an array of event types. For more information about each event and their activity types, see https://help.github.com/en/articles/events-that-trigger-workflows#webhook-events.", + "oneOf": [ + { + "type": "array", + "minItems": 1 + }, + { + "type": "string" + } + ] + }, + "working-directory": { + "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun", + "description": "Using the working-directory keyword, you can specify the working directory of where to run the command.", + "type": "string" + }, + "jobNeeds": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idneeds", + "description": "Identifies any jobs that must complete successfully before this job will run. It can be a string or array of strings. If a job fails, all jobs that need it are skipped unless the jobs use a conditional statement that causes the job to continue.", + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/name" + }, + "minItems": 1 + }, + { + "$ref": "#/definitions/name" + } + ] + }, + "matrix": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix", + "description": "A build matrix is a set of different configurations of the virtual environment. For example you might run a job against more than one supported version of a language, operating system, or tool. Each configuration is a copy of the job that runs and reports a status.\nYou can specify a matrix by supplying an array for the configuration options. For example, if the GitHub virtual environment supports Node.js versions 6, 8, and 10 you could specify an array of those versions in the matrix.\nWhen you define a matrix of operating systems, you must set the required runs-on keyword to the operating system of the current job, rather than hard-coding the operating system name. To access the operating system name, you can use the matrix.os context parameter to set runs-on. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", + "oneOf": [ + { + "type": "object", + "patternProperties": { + "^(in|ex)clude$": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#example-including-configurations-in-a-matrix-build", + "oneOf": [ + { + "$ref": "#/definitions/expressionSyntax" + }, + { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/configuration" + } + }, + "minItems": 1 + } + ] + } + }, + "additionalProperties": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/configuration" + }, + "minItems": 1 + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ] + }, + "minProperties": 1 + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ] + }, + "reusableWorkflowCallJob": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/reusing-workflows#calling-a-reusable-workflow", + "description": "Each job must have an id to associate with the job. The key job_id is a string and its value is a map of the job's configuration data. You must replace with a string that is unique to the jobs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", + "type": "object", + "properties": { + "name": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idname", + "description": "The name of the job displayed on GitHub.", + "type": "string" + }, + "needs": { + "$ref": "#/definitions/jobNeeds" + }, + "permissions": { + "$ref": "#/definitions/permissions" + }, + "if": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idif", + "description": "You can use the if conditional to prevent a job from running unless a condition is met. You can use any supported context and expression to create a conditional.\nExpressions in an if conditional do not require the ${{ }} syntax. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", + "type": ["boolean", "number", "string"] + }, + "uses": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_iduses", + "description": "The location and version of a reusable workflow file to run as a job, of the form './{path/to}/{localfile}.yml' or '{owner}/{repo}/{path}/{filename}@{ref}'. {ref} can be a SHA, a release tag, or a branch name. Using the commit SHA is the safest for stability and security.", + "type": "string", + "pattern": "^(.+\\/)+(.+)\\.(ya?ml)(@.+)?$" + }, + "with": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idwith", + "$ref": "#/definitions/env", + "description": "A map of inputs that are passed to the called workflow. Any inputs that you pass must match the input specifications defined in the called workflow. Unlike 'jobs..steps[*].with', the inputs you pass with 'jobs..with' are not be available as environment variables in the called workflow. Instead, you can reference the inputs by using the inputs context." + }, + "secrets": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idsecrets", + "description": "When a job is used to call a reusable workflow, you can use 'secrets' to provide a map of secrets that are passed to the called workflow. Any secrets that you pass must match the names defined in the called workflow.", + "oneOf": [ + { + "$ref": "#/definitions/env" + }, + { + "type": "string", + "enum": ["inherit"] + } + ] + }, + "strategy": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy", + "description": "A strategy creates a build matrix for your jobs. You can define different variations of an environment to run each job in.", + "type": "object", + "properties": { + "matrix": { + "$ref": "#/definitions/matrix" + }, + "fail-fast": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast", + "description": "When set to true, GitHub cancels all in-progress jobs if any matrix job fails. Default: true", + "type": ["boolean", "string"], + "default": true + }, + "max-parallel": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymax-parallel", + "description": "The maximum number of jobs that can run simultaneously when using a matrix job strategy. By default, GitHub will maximize the number of jobs run in parallel depending on the available runners on GitHub-hosted virtual machines.", + "type": ["number", "string"] + } + }, + "required": ["matrix"], + "additionalProperties": false + }, + "concurrency": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idconcurrency", + "description": "Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. The expression can use any context except for the secrets context. \nYou can also specify concurrency at the workflow level. \nWhen a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`. To also cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/concurrency" + } + ] + } + }, + "required": ["uses"], + "additionalProperties": false + }, + "normalJob": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_id", + "description": "Each job must have an id to associate with the job. The key job_id is a string and its value is a map of the job's configuration data. You must replace with a string that is unique to the jobs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", + "type": "object", + "properties": { + "name": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idname", + "description": "The name of the job displayed on GitHub.", + "type": "string" + }, + "needs": { + "$ref": "#/definitions/jobNeeds" + }, + "snapshot": { + "$ref": "#/definitions/snapshot" + }, + "permissions": { + "$ref": "#/definitions/permissions" + }, + "runs-on": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idruns-on", + "description": "The type of machine to run the job on. The machine can be either a GitHub-hosted runner, or a self-hosted runner.", + "anyOf": [ + { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#github-hosted-runners", + "type": "string" + }, + { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#self-hosted-runners", + "type": "array", + "anyOf": [ + { + "items": [ + { + "type": "string" + } + ], + "minItems": 1, + "additionalItems": { + "type": "string" + } + } + ] + }, + { + "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#choosing-runners-in-a-group", + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "labels": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + } + } + }, + { + "$ref": "#/definitions/stringContainingExpressionSyntax" + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ] + }, + "environment": { + "$comment": "https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment", + "description": "The environment that the job references.", + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/environment" + } + ] + }, + "outputs": { + "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idoutputs", + "description": "A map of outputs for a job. Job outputs are available to all downstream jobs that depend on this job.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "minProperties": 1 + }, + "env": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idenv", + "$ref": "#/definitions/env", + "description": "A map of environment variables that are available to all steps in the job." + }, + "defaults": { + "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_iddefaults", + "$ref": "#/definitions/defaults", + "description": "A map of default settings that will apply to all steps in the job." + }, + "if": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idif", + "description": "You can use the if conditional to prevent a job from running unless a condition is met. You can use any supported context and expression to create a conditional.\nExpressions in an if conditional do not require the ${{ }} syntax. For more information, see https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.", + "type": ["boolean", "number", "string"] + }, + "steps": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idsteps", + "description": "A job contains a sequence of tasks called steps. Steps can run commands, run setup tasks, or run an action in your repository, a public repository, or an action published in a Docker registry. Not all steps run actions, but all actions run as a step. Each step runs in its own process in the virtual environment and has access to the workspace and filesystem. Because steps run in their own process, changes to environment variables are not preserved between steps. GitHub provides built-in steps to set up and complete a job.\nMust contain either `uses` or `run`\n", + "type": "array", + "items": { + "$ref": "#/definitions/step" + }, + "minItems": 1 + }, + "timeout-minutes": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes", + "description": "The maximum number of minutes to let a workflow run before GitHub automatically cancels it. Default: 360", + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ], + "default": 360 + }, + "strategy": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy", + "description": "A strategy creates a build matrix for your jobs. You can define different variations of an environment to run each job in.", + "type": "object", + "properties": { + "matrix": { + "$ref": "#/definitions/matrix" + }, + "fail-fast": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast", + "description": "When set to true, GitHub cancels all in-progress jobs if any matrix job fails. Default: true", + "type": ["boolean", "string"], + "default": true + }, + "max-parallel": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymax-parallel", + "description": "The maximum number of jobs that can run simultaneously when using a matrix job strategy. By default, GitHub will maximize the number of jobs run in parallel depending on the available runners on GitHub-hosted virtual machines.", + "type": ["number", "string"] + } + }, + "required": ["matrix"], + "additionalProperties": false + }, + "continue-on-error": { + "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idcontinue-on-error", + "description": "Prevents a workflow run from failing when a job fails. Set to true to allow a workflow run to pass when this job fails.", + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "#/definitions/expressionSyntax" + } + ] + }, + "container": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainer", + "description": "A container to run any steps in a job that don't already specify a container. If you have steps that use both script and container actions, the container actions will run as sibling containers on the same network with the same volume mounts.\nIf you do not set a container, all steps will run directly on the host specified by runs-on unless a step refers to an action configured to run in a container.", + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/jobContainer" + } + ] + }, + "services": { + "$comment": "https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idservices", + "description": "Additional containers to host services for a job in a workflow. These are useful for creating databases or cache services like redis. The runner on the virtual machine will automatically create a network and manage the life cycle of the service containers.\nWhen you use a service container for a job or your step uses container actions, you don't need to set port information to access the service. Docker automatically exposes all ports between containers on the same network.\nWhen both the job and the action run in a container, you can directly reference the container by its hostname. The hostname is automatically mapped to the service name.\nWhen a step does not use a container action, you must access the service using localhost and bind the ports.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/serviceContainer" + } + }, + "concurrency": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idconcurrency", + "description": "Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. The expression can use any context except for the secrets context. \nYou can also specify concurrency at the workflow level. \nWhen a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`. To also cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/concurrency" + } + ] + } + }, + "required": ["runs-on"], + "additionalProperties": false + }, + "workflowDispatchInput": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_id", + "description": "A string identifier to associate with the input. The value of is a map of the input's metadata. The must be a unique identifier within the inputs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", + "type": "object", + "properties": { + "description": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddescription", + "description": "A string description of the input parameter.", + "type": "string" + }, + "deprecationMessage": { + "description": "A string shown to users using the deprecated input.", + "type": "string" + }, + "required": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_idrequired", + "description": "A boolean to indicate whether the action requires the input parameter. Set to true when the parameter is required.", + "type": "boolean" + }, + "default": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddefault", + "description": "A string representing the default value. The default value is used when an input parameter isn't specified in a workflow file." + }, + "type": { + "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputsinput_idtype", + "description": "A string representing the type of the input.", + "type": "string", + "enum": ["string", "choice", "boolean", "number", "environment"] + }, + "options": { + "$comment": "https://github.blog/changelog/2021-11-10-github-actions-input-types-for-manual-workflows", + "description": "The options of the dropdown list, if the type is a choice.", + "type": "array", + "items": { + "type": "string" + }, + "minItems": 1 + } + }, + "allOf": [ + { + "if": { + "properties": { + "type": { + "const": "string" + } + }, + "required": ["type"] + }, + "then": { + "properties": { + "default": { + "type": "string" + } + } + } + }, + { + "if": { + "properties": { + "type": { + "const": "boolean" + } + }, + "required": ["type"] + }, + "then": { + "properties": { + "default": { + "type": "boolean" + } + } + } + }, + { + "if": { + "properties": { + "type": { + "const": "number" + } + }, + "required": ["type"] + }, + "then": { + "properties": { + "default": { + "type": "number" + } + } + } + }, + { + "if": { + "properties": { + "type": { + "const": "environment" + } + }, + "required": ["type"] + }, + "then": { + "properties": { + "default": { + "type": "string" + } + } + } + }, + { + "if": { + "properties": { + "type": { + "const": "choice" + } + }, + "required": ["type"] + }, + "then": { + "required": ["options"] + } + } + ], + "additionalProperties": false + } + }, + "properties": { + "name": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#name", + "description": "The name of your workflow. GitHub displays the names of your workflows on your repository's actions page. If you omit this field, GitHub sets the name to the workflow's filename.", + "type": "string" + }, + "on": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#on", + "description": "The name of the GitHub event that triggers the workflow. You can provide a single event string, array of events, array of event types, or an event configuration map that schedules a workflow or restricts the execution of a workflow to specific files, tags, or branch changes. For a list of available events, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows.", + "oneOf": [ + { + "$ref": "#/definitions/event" + }, + { + "type": "array", + "items": { + "$ref": "#/definitions/event" + }, + "minItems": 1 + }, + { + "type": "object", + "properties": { + "branch_protection_rule": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#branch_protection_rule", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the branch_protection_rule event occurs. More than one activity type triggers this event.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "edited", "deleted"] + }, + "default": ["created", "edited", "deleted"] + } + } + }, + "check_run": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#check-run-event-check_run", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the check_run event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/checks/runs.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "rerequested", "completed", "requested_action"] + }, + "default": ["created", "rerequested", "completed", "requested_action"] + } + } + }, + "check_suite": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#check-suite-event-check_suite", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the check_suite event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/checks/suites/.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["completed", "requested", "rerequested"] + }, + "default": ["completed", "requested", "rerequested"] + } + } + }, + "create": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#create-event-create", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime someone creates a branch or tag, which triggers the create event. For information about the REST API, see https://developer.github.com/v3/git/refs/#create-a-reference." + }, + "delete": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#delete-event-delete", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime someone deletes a branch or tag, which triggers the delete event. For information about the REST API, see https://developer.github.com/v3/git/refs/#delete-a-reference." + }, + "deployment": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#deployment-event-deployment", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime someone creates a deployment, which triggers the deployment event. Deployments created with a commit SHA may not have a Git ref. For information about the REST API, see https://developer.github.com/v3/repos/deployments/." + }, + "deployment_status": { + "$comment": "https://docs.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime a third party provides a deployment status, which triggers the deployment_status event. Deployments created with a commit SHA may not have a Git ref. For information about the REST API, see https://developer.github.com/v3/repos/deployments/#create-a-deployment-status." + }, + "discussion": { + "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#discussion", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the discussion event occurs. More than one activity type triggers this event. For information about the GraphQL API, see https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"] + }, + "default": ["created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"] + } + } + }, + "discussion_comment": { + "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#discussion_comment", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the discussion_comment event occurs. More than one activity type triggers this event. For information about the GraphQL API, see https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "edited", "deleted"] + }, + "default": ["created", "edited", "deleted"] + } + } + }, + "fork": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#fork-event-fork", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime when someone forks a repository, which triggers the fork event. For information about the REST API, see https://developer.github.com/v3/repos/forks/#create-a-fork." + }, + "gollum": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#gollum-event-gollum", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow when someone creates or updates a Wiki page, which triggers the gollum event." + }, + "issue_comment": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#issue-comment-event-issue_comment", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the issue_comment event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues/comments/.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "edited", "deleted"] + }, + "default": ["created", "edited", "deleted"] + } + } + }, + "issues": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#issues-event-issues", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the issues event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"] + }, + "default": ["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"] + } + } + }, + "label": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#label-event-label", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the label event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues/labels/.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "edited", "deleted"] + }, + "default": ["created", "edited", "deleted"] + } + } + }, + "merge_group": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#merge_group", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow when a pull request is added to a merge queue, which adds the pull request to a merge group. For information about the merge queue, see https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue .", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["checks_requested"] + }, + "default": ["checks_requested"] + } + } + }, + "milestone": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#milestone-event-milestone", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the milestone event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/issues/milestones/.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "closed", "opened", "edited", "deleted"] + }, + "default": ["created", "closed", "opened", "edited", "deleted"] + } + } + }, + "page_build": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#page-build-event-page_build", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime someone pushes to a GitHub Pages-enabled branch, which triggers the page_build event. For information about the REST API, see https://developer.github.com/v3/repos/pages/." + }, + "project": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#project-event-project", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the project event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/projects/.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "updated", "closed", "reopened", "edited", "deleted"] + }, + "default": ["created", "updated", "closed", "reopened", "edited", "deleted"] + } + } + }, + "project_card": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#project-card-event-project_card", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the project_card event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/projects/cards.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "moved", "converted", "edited", "deleted"] + }, + "default": ["created", "moved", "converted", "edited", "deleted"] + } + } + }, + "project_column": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#project-column-event-project_column", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the project_column event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/projects/columns.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "updated", "moved", "deleted"] + }, + "default": ["created", "updated", "moved", "deleted"] + } + } + }, + "public": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#public-event-public", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime someone makes a private repository public, which triggers the public event. For information about the REST API, see https://developer.github.com/v3/repos/#edit." + }, + "pull_request": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#pull-request-event-pull_request", + "description": "Runs your workflow anytime the pull_request event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/pulls.\nNote: Workflows do not run on private base repositories when you open a pull request from a forked repository.\nWhen you create a pull request from a forked repository to the base repository, GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository.\nWorkflows don't run on forked repositories by default. You must enable GitHub Actions in the Actions tab of the forked repository.\nThe permissions for the GITHUB_TOKEN in forked repositories is read-only. For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", + "oneOf": [ + { + "type": "null" + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": [ + "assigned", + "unassigned", + "labeled", + "unlabeled", + "opened", + "edited", + "closed", + "reopened", + "synchronize", + "converted_to_draft", + "ready_for_review", + "locked", + "unlocked", + "milestoned", + "demilestoned", + "review_requested", + "review_request_removed", + "auto_merge_enabled", + "auto_merge_disabled", + "enqueued", + "dequeued" + ] + }, + "default": ["opened", "synchronize", "reopened"] + }, + "branches": { + "$ref": "#/definitions/branch" + }, + "branches-ignore": { + "$ref": "#/definitions/branch" + }, + "tags": { + "$ref": "#/definitions/branch" + }, + "tags-ignore": { + "$ref": "#/definitions/branch" + }, + "paths": { + "$ref": "#/definitions/path" + }, + "paths-ignore": { + "$ref": "#/definitions/path" + } + }, + "additionalProperties": false + }, + { + "not": { + "required": ["branches", "branches-ignore"] + } + }, + { + "not": { + "required": ["tags", "tags-ignore"] + } + }, + { + "not": { + "required": ["paths", "paths-ignore"] + } + } + ] + } + ] + }, + "pull_request_review": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#pull-request-review-event-pull_request_review", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the pull_request_review event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/pulls/reviews.\nNote: Workflows do not run on private base repositories when you open a pull request from a forked repository.\nWhen you create a pull request from a forked repository to the base repository, GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository.\nWorkflows don't run on forked repositories by default. You must enable GitHub Actions in the Actions tab of the forked repository.\nThe permissions for the GITHUB_TOKEN in forked repositories is read-only. For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["submitted", "edited", "dismissed"] + }, + "default": ["submitted", "edited", "dismissed"] + } + } + }, + "pull_request_review_comment": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#pull-request-review-comment-event-pull_request_review_comment", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime a comment on a pull request's unified diff is modified, which triggers the pull_request_review_comment event. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/pulls/comments.\nNote: Workflows do not run on private base repositories when you open a pull request from a forked repository.\nWhen you create a pull request from a forked repository to the base repository, GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository.\nWorkflows don't run on forked repositories by default. You must enable GitHub Actions in the Actions tab of the forked repository.\nThe permissions for the GITHUB_TOKEN in forked repositories is read-only. For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["created", "edited", "deleted"] + }, + "default": ["created", "edited", "deleted"] + } + } + }, + "pull_request_target": { + "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target", + "description": "This event is similar to pull_request, except that it runs in the context of the base repository of the pull request, rather than in the merge commit. This means that you can more safely make your secrets available to the workflows triggered by the pull request, because only workflows defined in the commit on the base repository are run. For example, this event allows you to create workflows that label and comment on pull requests, based on the contents of the event payload.", + "oneOf": [ + { + "type": "null" + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": [ + "assigned", + "unassigned", + "labeled", + "unlabeled", + "opened", + "edited", + "closed", + "reopened", + "synchronize", + "converted_to_draft", + "ready_for_review", + "locked", + "unlocked", + "review_requested", + "review_request_removed", + "auto_merge_enabled", + "auto_merge_disabled" + ] + }, + "default": ["opened", "synchronize", "reopened"] + }, + "branches": { + "$ref": "#/definitions/branch" + }, + "branches-ignore": { + "$ref": "#/definitions/branch" + }, + "tags": { + "$ref": "#/definitions/branch" + }, + "tags-ignore": { + "$ref": "#/definitions/branch" + }, + "paths": { + "$ref": "#/definitions/path" + }, + "paths-ignore": { + "$ref": "#/definitions/path" + } + }, + "additionalProperties": false + }, + { + "not": { + "required": ["branches", "branches-ignore"] + } + }, + { + "not": { + "required": ["tags", "tags-ignore"] + } + }, + { + "not": { + "required": ["paths", "paths-ignore"] + } + } + ] + } + ] + }, + "push": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#push-event-push", + "description": "Runs your workflow when someone pushes to a repository branch, which triggers the push event.\nNote: The webhook payload available to GitHub Actions does not include the added, removed, and modified attributes in the commit object. You can retrieve the full commit object using the REST API. For more information, see https://developer.github.com/v3/repos/commits/#get-a-single-commit.", + "oneOf": [ + { + "type": "null" + }, + { + "allOf": [ + { + "type": "object", + "properties": { + "branches": { + "$ref": "#/definitions/branch" + }, + "branches-ignore": { + "$ref": "#/definitions/branch" + }, + "tags": { + "$ref": "#/definitions/branch" + }, + "tags-ignore": { + "$ref": "#/definitions/branch" + }, + "paths": { + "$ref": "#/definitions/path" + }, + "paths-ignore": { + "$ref": "#/definitions/path" + } + }, + "additionalProperties": false + }, + { + "not": { + "required": ["branches", "branches-ignore"] + } + }, + { + "not": { + "required": ["tags", "tags-ignore"] + } + }, + { + "not": { + "required": ["paths", "paths-ignore"] + } + } + ] + } + ] + }, + "registry_package": { + "$comment": "https://help.github.com/en/actions/reference/events-that-trigger-workflows#registry-package-event-registry_package", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime a package is published or updated. For more information, see https://help.github.com/en/github/managing-packages-with-github-packages.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["published", "updated"] + }, + "default": ["published", "updated"] + } + } + }, + "release": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#release-event-release", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the release event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/repos/releases/ in the GitHub Developer documentation.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"] + }, + "default": ["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"] + } + } + }, + "status": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#status-event-status", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the status of a Git commit changes, which triggers the status event. For information about the REST API, see https://developer.github.com/v3/repos/statuses/." + }, + "watch": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#watch-event-watch", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "Runs your workflow anytime the watch event occurs. More than one activity type triggers this event. For information about the REST API, see https://developer.github.com/v3/activity/starring/." + }, + "workflow_call": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_call", + "description": "Allows workflows to be reused by other workflows.", + "properties": { + "inputs": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onworkflow_callinputs", + "description": "When using the workflow_call keyword, you can optionally specify inputs that are passed to the called workflow from the caller workflow.", + "type": "object", + "patternProperties": { + "^[_a-zA-Z][a-zA-Z0-9_-]*$": { + "$comment": "https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputsinput_id", + "description": "A string identifier to associate with the input. The value of is a map of the input's metadata. The must be a unique identifier within the inputs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", + "type": "object", + "properties": { + "description": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddescription", + "description": "A string description of the input parameter.", + "type": "string" + }, + "required": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_idrequired", + "description": "A boolean to indicate whether the action requires the input parameter. Set to true when the parameter is required.", + "type": "boolean" + }, + "type": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callinput_idtype", + "description": "Required if input is defined for the on.workflow_call keyword. The value of this parameter is a string specifying the data type of the input. This must be one of: boolean, number, or string.", + "type": "string", + "enum": ["boolean", "number", "string"] + }, + "default": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputsinput_iddefault", + "description": "The default value is used when an input parameter isn't specified in a workflow file.", + "type": ["boolean", "number", "string"] + } + }, + "required": ["type"], + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "outputs": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onworkflow_calloutputs", + "description": "When using the workflow_call keyword, you can optionally specify inputs that are passed to the called workflow from the caller workflow.", + "type": "object", + "patternProperties": { + "^[_a-zA-Z][a-zA-Z0-9_-]*$": { + "$comment": "https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#outputsoutput_id", + "description": "A string identifier to associate with the output. The value of is a map of the output's metadata. The must be a unique identifier within the outputs object. The must start with a letter or _ and contain only alphanumeric characters, -, or _.", + "type": "object", + "properties": { + "description": { + "$comment": "https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#outputsoutput_iddescription", + "description": "A string description of the output parameter.", + "type": "string" + }, + "value": { + "$comment": "https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#outputsoutput_idvalue", + "description": "The value that the output parameter will be mapped to. You can set this to a string or an expression with context. For example, you can use the steps context to set the value of an output to the output value of a step.", + "type": "string" + } + }, + "required": ["value"], + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "secrets": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecrets", + "description": "A map of the secrets that can be used in the called workflow. Within the called workflow, you can use the secrets context to refer to a secret.", + "patternProperties": { + "^[_a-zA-Z][a-zA-Z0-9_-]*$": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecretssecret_id", + "description": "A string identifier to associate with the secret.", + "properties": { + "description": { + "description": "A string description of the secret parameter.", + "type": "string" + }, + "required": { + "$comment": "https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecretssecret_idrequired", + "description": "A boolean specifying whether the secret must be supplied.", + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "workflow_dispatch": { + "$comment": "https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/", + "description": "You can now create workflows that are manually triggered with the new workflow_dispatch event. You will then see a 'Run workflow' button on the Actions tab, enabling you to easily trigger a run.", + "properties": { + "inputs": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions#inputs", + "description": "Input parameters allow you to specify data that the action expects to use during runtime. GitHub stores input parameters as environment variables. Input ids with uppercase letters are converted to lowercase during runtime. We recommended using lowercase input ids.", + "type": "object", + "patternProperties": { + "^[_a-zA-Z][a-zA-Z0-9_-]*$": { + "$ref": "#/definitions/workflowDispatchInput" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "workflow_run": { + "$comment": "https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_run", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "This event occurs when a workflow run is requested or completed, and allows you to execute a workflow based on the finished result of another workflow. For example, if your pull_request workflow generates build artifacts, you can create a new workflow that uses workflow_run to analyze the results and add a comment to the original pull request.", + "properties": { + "types": { + "allOf": [ + { + "$ref": "#/definitions/types" + } + ], + "items": { + "type": "string", + "enum": ["requested", "completed", "in_progress"] + }, + "default": ["requested", "completed"] + }, + "workflows": { + "type": "array", + "items": { + "type": "string" + }, + "minItems": 1 + } + }, + "patternProperties": { + "^branches(-ignore)?$": {} + } + }, + "repository_dispatch": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows#external-events-repository_dispatch", + "allOf": [ + { + "$ref": "#/definitions/eventObject" + } + ], + "description": "You can use the GitHub API to trigger a webhook event called repository_dispatch when you want to trigger a workflow for activity that happens outside of GitHub. For more information, see https://developer.github.com/v3/repos/#create-a-repository-dispatch-event.\nTo trigger the custom repository_dispatch webhook event, you must send a POST request to a GitHub API endpoint and provide an event_type name to describe the activity type. To trigger a workflow run, you must also configure your workflow to use the repository_dispatch event." + }, + "schedule": { + "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule", + "description": "You can schedule a workflow to run at specific UTC times using POSIX cron syntax (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). You can optionally specify a timezone using an IANA timezone string (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) for timezone-aware scheduling. Scheduled workflows run on the latest commit on the default or base branch. The shortest interval you can run scheduled workflows is once every 5 minutes.\nNote: GitHub Actions does not support the non-standard syntax @yearly, @monthly, @weekly, @daily, @hourly, and @reboot.\nYou can use crontab guru (https://crontab.guru/) to help generate your cron syntax and confirm what time it will run. To help you get started, there is also a list of crontab guru examples (https://crontab.guru/examples.html).", + "type": "array", + "items": { + "type": "object", + "properties": { + "cron": { + "description": "A cron expression that represents a schedule. A scheduled workflow will run at most once every 5 minutes.", + "type": "string" + }, + "timezone": { + "description": "A string that represents the time zone a scheduled workflow will run relative to in IANA format (e.g. 'America/New_York' or 'Europe/London'). If omitted, the workflow will run relative to midnight UTC.", + "type": "string" + } + }, + "required": ["cron"], + "additionalProperties": false + }, + "minItems": 1 + } + }, + "additionalProperties": false + } + ] + }, + "env": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env", + "$ref": "#/definitions/env", + "description": "A map of environment variables that are available to all jobs and steps in the workflow." + }, + "defaults": { + "$comment": "https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#defaults", + "$ref": "#/definitions/defaults", + "description": "A map of default settings that will apply to all jobs in the workflow." + }, + "concurrency": { + "$comment": "https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency", + "description": "Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. The expression can use any context except for the secrets context. \nYou can also specify concurrency at the workflow level. \nWhen a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the repository is in progress, the queued job or workflow will be pending. By default any previously pending job or workflow in the concurrency group will be canceled; this behavior can be changed with `queue`. To also cancel any currently running job or workflow in the same concurrency group, specify cancel-in-progress: true.", + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/concurrency" + } + ] + }, + "jobs": { + "$comment": "https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobs", + "description": "A workflow run is made up of one or more jobs. Jobs run in parallel by default. To run jobs sequentially, you can define dependencies on other jobs using the jobs..needs keyword.\nEach job runs in a fresh instance of the virtual environment specified by runs-on.\nYou can run an unlimited number of jobs as long as you are within the workflow usage limits. For more information, see https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#usage-limits.", + "type": "object", + "patternProperties": { + "^[_a-zA-Z][a-zA-Z0-9_-]*$": { + "oneOf": [ + { + "$ref": "#/definitions/normalJob" + }, + { + "$ref": "#/definitions/reusableWorkflowCallJob" + } + ] + } + }, + "minProperties": 1, + "additionalProperties": false + }, + "run-name": { + "$comment": "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#run-name", + "description": "The name for workflow runs generated from the workflow. GitHub displays the workflow run name in the list of workflow runs on your repository's 'Actions' tab.", + "type": "string" + }, + "permissions": { + "$ref": "#/definitions/permissions" + } + }, + "required": ["on", "jobs"], + "type": "object" +}