Conversation
…s (injection-safe) Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c51df6f6-c27b-4883-bf3c-d39f473f36ec Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Enables engine.version to accept GitHub Actions expressions (e.g., from workflow_call inputs) while avoiding shell-injection by routing expression-derived versions through an env var instead of direct command interpolation.
Changes:
- Update Node.js npm-install step generation to use
ENGINE_VERSIONenv var whenengine.versionis an expression. - Update Copilot CLI installer step generation to use the same env-var mechanism for expression versions.
- Extend schema docs and add/extend tests to cover expression-based versions across engines and config extraction.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/nodejs.go | Adds expression detection for npm DCC0 install and uses an env var for safer argument passing. |
| pkg/workflow/copilot_installer.go | Adds expression detection and env-var passing for Copilot installer script version arg. |
| pkg/parser/schemas/main_workflow_schema.json | Documents that engine.version may be a GitHub Actions expression. |
| pkg/workflow/engine_config_test.go | Adds coverage for extracting an expression-based engine version. |
| pkg/workflow/copilot_installer_test.go | Adds tests asserting expression versions use env-var indirection. |
| pkg/workflow/claude_engine_test.go | Adds engine-level test for expression version handling in install steps. |
| pkg/workflow/codex_engine_test.go | Adds engine-level test for expression version handling in install steps. |
| pkg/workflow/gemini_engine_test.go | Adds engine-level test for expression version handling in install steps. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| nodejsLog.Printf("Version contains GitHub Actions expression, using env var for injection safety: %s", version) | ||
| installCmd := fmt.Sprintf(`npm install %s%s@"${ENGINE_VERSION}"`, globalFlag, packageName) | ||
| installStep = GitHubActionStep{ | ||
| " - name: " + stepName, | ||
| " run: " + installCmd, |
There was a problem hiding this comment.
The expression-handling branch builds installCmd using a Go raw string that includes \"${ENGINE_VERSION}\" (backslash-escaped quotes). That will emit backslashes into the YAML, so the shell treats the quotes as literal characters and ${ENGINE_VERSION} expands unquoted—defeating the intended injection-safety. Remove the backslashes so the final shell command actually double-quotes the env var expansion.
|
@copilot review comments |
The reviewer's concern doesn't apply here — the Go code uses raw string literals (backtick-delimited), which produce literal run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh "${ENGINE_VERSION}"
env:
ENGINE_VERSION: ${{ inputs.engine-version }}and for npm-based engines: run: npm install -g @anthropic-ai/claude-code@"${ENGINE_VERSION}"
env:
ENGINE_VERSION: ${{ inputs.engine-version }}The double-quotes around |
…b-423e-87fd-4c648b69c782 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…engine.version, and tools.timeout
- frontmatter.md: note that timeout-minutes accepts expressions for workflow_call parameterization
- engines.md: add example showing engine.version with ${{ inputs.engine-version }}, noting injection-safe env-var treatment
- tools.md: add Tool Timeout Configuration section documenting tools.timeout and tools.startup-timeout fields, including expression support and Codex TOML limitation
Covers: #23863, #23870, #23888
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
engine.versiononly accepted literal strings, blockingworkflow_callworkflows from passing the engine version as an input. Accepting expressions requires injection-safe handling since the value is interpolated into shell commands.Changes
pkg/workflow/nodejs.go—GenerateNpmInstallStepsWithScope: whenversionmatches${{ ... }}, emits the value via anENGINE_VERSIONenv var and references"${ENGINE_VERSION}"in the npm command instead of direct interpolationpkg/workflow/copilot_installer.go—GenerateCopilotInstallerSteps: same env-var treatment for the Copilot installer scriptpkg/parser/schemas/main_workflow_schema.json— updatedengine.versiondescription and examples to document expression supportExtractEngineConfigExample
Compiled output uses an env var rather than raw shell substitution:
This prevents injection: the expression is evaluated by GitHub Actions into the env var;
"${ENGINE_VERSION}"in the shell is a single double-quoted word, so no shell metacharacters from the value can escape.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git TkrXmhwvJ g/tty/tty_wasm.grev-parse ache/go/1.25.0/x--show-toplevel git(http block)/usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name otOrdering3291792969/001/go/1.25.0/x64/bin/go 8696908/b417/_pkgit -trimpath 8696908/b417=> git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git LrkR/fQkmIpjEVxggit pkg/mod/github.crev-parse 0/x64/bin/node git(http block)/usr/bin/gh gh repo view owner/repo rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu-name /usr/bin/git 6692940/b131/impgit -trimpath /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git /tmp/go-build159git -trimpath 8696908/b437/str--show-toplevel git(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build1596692940/b139/importcfg -pack /home/REDACTED/go/pkg/mod/golang.org/x/oauth2@v0.34.0/internal/doc.go -o /tmp/go-build269-p -trimpath 64/bin/go -p main -lang=go1.25 go(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --git-dir x_amd64/compile /usr/bin/git b/workflows GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE x_amd64/vet /usr/bin/git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha /tmp/go-build1596692940/b253/_pkg_.a -trimpath ache/node/24.14.0/x64/bin/node -p golang.org/x/modrev-parse -lang=go1.25 /tmp/go-build1598696908/b411/fileutil.test t-37�� sistency_KeyOrdering2912820786/001/test1.md -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha g_.a 0/message/catalog.go 64/pkg/tool/linux_amd64/compile GOINSECURE exbyte_wasm.o 64/src/internal/--get-regexp 64/pkg/tool/linu^remote\..*\.gh-resolved$ env g_.a u-JHp87yA ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel v0ujMfQ/slA-8kBq-test.v=true /usr/bin/git -json GO111MODULE x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 6692940/b134/_pkgit r9DB/JyLwAedChb8rev-parse 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git artifacts-summargit GO111MODULE /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha uts.version go /usr/bin/git -json GO111MODULE x_amd64/compile git chec�� .github/workflows/test.md x_amd64/compile /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go r,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,disp--show-toplevel -json flow x_amd64/compile git init�� 0:00Z x_amd64/compile /usr/bin/git -json GO111MODULE x_amd64/compile git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/asm /usr/bin/git 1514-33177/test-git GO111MODULE .cfg git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 6692940/b176/_pkgit GO111MODULE ache/go/1.25.0/x--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -goversion go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build1596692940/b207/importcfg -pack -c log.showsignatur-p go 64/bin/go -n1 --format=format:-o 2b5d23cb43b0 go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha log.showsignatur-p log 64/bin/go -d 64/pkg/tool/linu-o 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha /tmp/go-build269-p -trimpath 64/bin/go -d github.com/ayman-o -lang=go1.24 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha GOMODCACHE tomic_wasm.s r,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,disp--show-toplevel -json flow-12345 x_amd64/asm git -C /tmp/gh-aw-test-runs/20260401-121514-33177/test-2447879192 status /usr/bin/git .github/workflowgit GO111MODULE x_amd64/compile git(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha /tmp/go-build1598696908/b446/_pkg_.a -trimpath /usr/bin/git -p main -lang=go1.25 git rev-�� --show-toplevel -dwarf=false /usr/bin/git go1.25.0 -c=4 -nolocalimports git(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha 1514-33177/test-2447879192 -trimpath g_.a -p errors -lang=go1.25 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build1596692940/b194/_pkg_.a -trimpath 0/x64/bin/node -p vendor/golang.orrev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu1(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha atjTay5oJ -trimpath 8696908/b400/vet.cfg l weak -lang=go1.25 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile ortc�� /tmp/go-build1596692940/b189/_pkg_.a stmain.go ache/node/24.14.0/x64/bin/node -p crypto/internal/rev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 3238558104/.github/workflows GO111MODULE 64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/asm(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/pkg/tool/linu-buildmode=exe GOINSECURE GOMOD GOMODCACHE arith_wasm.s env -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a @v1.19.2/token/token.go 64/pkg/tool/linux_amd64/asm GOINSECURE order GOMODCACHE 64/pkg/tool/linux_amd64/asm(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/asm env -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/pkg/tool/linux_amd64/asm GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/asm env 3238558104/.github/workflows @v1.19.2/context.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD arith_wasm.s 64/pkg/tool/linux_amd64/compile env g_.a GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path che/go-build/ec/-p GOPROXY 64/bin/go iles use Prettie/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile GOWORK 64/bin/go /opt/hostedtoolc-trimpath -o /tmp/go-build269-p -trimpath 64/bin/go -p github.com/githu1 -lang=go1.25 go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD sm_wasm.s 64/pkg/tool/linustatus estl�� -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md/tmp/go-build1598696908/b396/cli.test /tmp/go-build1598696908/b396/cli.test -test.testlogfile=/tmp/go-build1598696908/b396/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -importcfg /tmp/go-build1596692940/b215/importcfg -pack /home/REDACTED/go/pkg/mod/github.com/segmentio/asm@v1.1.3/base64/base64.go /hom�� --check scripts/**/*.js 64/bin/go .prettierignore 64/pkg/tool/linu-o 64/bin/go go(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel u1NbgiD/uvljh3C4Test User /usr/bin/git ty-test.md GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a @v1.1.3/keyset/kshow-ref 64/pkg/tool/linu--verify git(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a 0/internal/tag/tag.go x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD wasm.s go env -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD sm.s go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json .go 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env sm-opt -Oz (size-p GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/compile sm); \ wasm-optgit GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env g_.a 0/internal/stringset/set.go 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 1161365263/.github/workflows GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOSUMDB GOWORK run-script/lib/n/tmp/go-build1596692940/b120/_pkg_.a /opt/hostedtoolc-trimpath -o /tmp/go-build269-p -trimpath 64/bin/go -p github.com/githu-f1 -lang=go1.25 go(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go **/*.json --ignore-path ../../../.pretti/tmp/go-build1596692940/b129/_pkg_.a cloxRh0m-Frt -o /tmp/go-build269-p -trimpath 64/bin/go -p main -lang=go1.25 go(http block)/usr/bin/gh gh workflow list --repo owner/repo --json name,path,state /usr/bin/git /tmp/go-build159git pkg/mod/github.crev-parse /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linuremote.origin.url /usr/bin/git /tmp/go-build159git -trimpath /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build1598696908/b396/cli.test /tmp/go-build1598696908/b396/cli.test -test.testlogfile=/tmp/go-build1598696908/b396/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true -importcfg /tmp/go-build1596692940/b215/importcfg -pack /home/REDACTED/go/pkg/mod/github.com/segmentio/asm@v1.1.3/base64/base64.go /hom�� --check scripts/**/*.js 64/bin/go .prettierignore 64/pkg/tool/linu-o 64/bin/go go(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build1596692940/b254/importcfg -pack /home/REDACTED/go/pkg/mod/go.yaml.in/yaml/v3@v3.0.4/apic.go -o /tmp/go-build269-p -trimpath 64/bin/go -p main -lang=go1.25 go(http block)https://api.github.com/repos/test/repo/usr/bin/gh gh api /repos/test/repo --jq .default_branch --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git runs/20260401-12git -trimpath /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel 8696908/b398/importcfg /usr/bin/git 8696908/b398/embgit -trimpath ache/node/24.14.--show-toplevel git(http block)If you need me to access, download, or install something from one of these locations, you can either: