Skip to content

Commit 80e0622

Browse files
CopilotlpcoxCopilot
authored
optimize(secret-digger-claude): default threat detection to Haiku, drop version-reporting import (#1974)
* Initial plan * optimize: use Haiku for Secret Digger threat detection, remove version-reporting import - Set GH_AW_MODEL_DETECTION_CLAUDE default to claude-haiku-4-5-20251001 in lock file (was empty string, causing fallback to Sonnet when repo var unset — ~73% cost savings) - Remove shared/version-reporting.md import from secret-digger-claude.md (~120 token savings) - Recompile all lock files via gh aw compile + postprocess script Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/e49af1c2-1b78-4f62-b8cf-8b4da06508e8 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> * Update .github/workflows/secret-digger-claude.lock.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com> Co-authored-by: Landon Cox <landon.cox@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent e543784 commit 80e0622

18 files changed

+61
-56
lines changed

.github/workflows/agentics-maintenance.yml

Lines changed: 36 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
1313
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
1414
#
15-
# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.68.0). DO NOT EDIT.
15+
# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.68.1). DO NOT EDIT.
1616
#
1717
# To regenerate this workflow, run:
1818
# gh aw compile
@@ -40,8 +40,16 @@ on:
4040
operation:
4141
description: 'Optional maintenance operation to run'
4242
required: false
43-
type: string
43+
type: choice
4444
default: ''
45+
options:
46+
- ''
47+
- 'disable'
48+
- 'enable'
49+
- 'update'
50+
- 'upgrade'
51+
- 'safe_outputs'
52+
- 'create_labels'
4553
run_url:
4654
description: 'Run URL or run ID to replay safe outputs from (e.g. https://github.com/owner/repo/actions/runs/12345 or 12345). Required when operation is safe_outputs.'
4755
required: false
@@ -60,34 +68,34 @@ jobs:
6068
pull-requests: write
6169
steps:
6270
- name: Setup Scripts
63-
uses: github/gh-aw-actions/setup@0acfb4a691fe207cd8bc982ea5cb9d750d57a702 # v0.68.0
71+
uses: github/gh-aw-actions/setup@2fe53acc038ba01c3bbdc767d4b25df31ca5bdfc # v0.68.1
6472
with:
6573
destination: ${{ runner.temp }}/gh-aw/actions
6674

6775
- name: Close expired discussions
68-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
76+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
6977
with:
7078
script: |
7179
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
72-
setupGlobals(core, github, context, exec, io);
80+
setupGlobals(core, github, context, exec, io, getOctokit);
7381
const { main } = require('${{ runner.temp }}/gh-aw/actions/close_expired_discussions.cjs');
7482
await main();
7583
7684
- name: Close expired issues
77-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
85+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
7886
with:
7987
script: |
8088
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
81-
setupGlobals(core, github, context, exec, io);
89+
setupGlobals(core, github, context, exec, io, getOctokit);
8290
const { main } = require('${{ runner.temp }}/gh-aw/actions/close_expired_issues.cjs');
8391
await main();
8492
8593
- name: Close expired pull requests
86-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
94+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
8795
with:
8896
script: |
8997
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
90-
setupGlobals(core, github, context, exec, io);
98+
setupGlobals(core, github, context, exec, io, getOctokit);
9199
const { main } = require('${{ runner.temp }}/gh-aw/actions/close_expired_pull_requests.cjs');
92100
await main();
93101
@@ -105,27 +113,27 @@ jobs:
105113
persist-credentials: false
106114

107115
- name: Setup Scripts
108-
uses: github/gh-aw-actions/setup@0acfb4a691fe207cd8bc982ea5cb9d750d57a702 # v0.68.0
116+
uses: github/gh-aw-actions/setup@2fe53acc038ba01c3bbdc767d4b25df31ca5bdfc # v0.68.1
109117
with:
110118
destination: ${{ runner.temp }}/gh-aw/actions
111119

112120
- name: Check admin/maintainer permissions
113-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
121+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
114122
with:
115123
github-token: ${{ secrets.GITHUB_TOKEN }}
116124
script: |
117125
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
118-
setupGlobals(core, github, context, exec, io);
126+
setupGlobals(core, github, context, exec, io, getOctokit);
119127
const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
120128
await main();
121129
122130
- name: Install gh-aw
123-
uses: github/gh-aw-actions/setup-cli@0acfb4a691fe207cd8bc982ea5cb9d750d57a702 # v0.68.0
131+
uses: github/gh-aw-actions/setup-cli@2fe53acc038ba01c3bbdc767d4b25df31ca5bdfc # v0.68.1
124132
with:
125-
version: v0.68.0
133+
version: v0.68.1
126134

127135
- name: Run operation
128-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
136+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
129137
env:
130138
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
131139
GH_AW_OPERATION: ${{ github.event.inputs.operation }}
@@ -134,7 +142,7 @@ jobs:
134142
github-token: ${{ secrets.GITHUB_TOKEN }}
135143
script: |
136144
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
137-
setupGlobals(core, github, context, exec, io);
145+
setupGlobals(core, github, context, exec, io, getOctokit);
138146
const { main } = require('${{ runner.temp }}/gh-aw/actions/run_operation_update_upgrade.cjs');
139147
await main();
140148
@@ -156,30 +164,30 @@ jobs:
156164
persist-credentials: false
157165

158166
- name: Setup Scripts
159-
uses: github/gh-aw-actions/setup@0acfb4a691fe207cd8bc982ea5cb9d750d57a702 # v0.68.0
167+
uses: github/gh-aw-actions/setup@2fe53acc038ba01c3bbdc767d4b25df31ca5bdfc # v0.68.1
160168
with:
161169
destination: ${{ runner.temp }}/gh-aw/actions
162170

163171
- name: Check admin/maintainer permissions
164-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
172+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
165173
with:
166174
github-token: ${{ secrets.GITHUB_TOKEN }}
167175
script: |
168176
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
169-
setupGlobals(core, github, context, exec, io);
177+
setupGlobals(core, github, context, exec, io, getOctokit);
170178
const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
171179
await main();
172180
173181
- name: Apply Safe Outputs
174-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
182+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
175183
env:
176184
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
177185
GH_AW_RUN_URL: ${{ github.event.inputs.run_url }}
178186
with:
179187
github-token: ${{ secrets.GITHUB_TOKEN }}
180188
script: |
181189
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
182-
setupGlobals(core, github, context, exec, io);
190+
setupGlobals(core, github, context, exec, io, getOctokit);
183191
const { main } = require('${{ runner.temp }}/gh-aw/actions/apply_safe_outputs_replay.cjs');
184192
await main();
185193
@@ -196,33 +204,33 @@ jobs:
196204
persist-credentials: false
197205

198206
- name: Setup Scripts
199-
uses: github/gh-aw-actions/setup@0acfb4a691fe207cd8bc982ea5cb9d750d57a702 # v0.68.0
207+
uses: github/gh-aw-actions/setup@2fe53acc038ba01c3bbdc767d4b25df31ca5bdfc # v0.68.1
200208
with:
201209
destination: ${{ runner.temp }}/gh-aw/actions
202210

203211
- name: Check admin/maintainer permissions
204-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
212+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
205213
with:
206214
github-token: ${{ secrets.GITHUB_TOKEN }}
207215
script: |
208216
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
209-
setupGlobals(core, github, context, exec, io);
217+
setupGlobals(core, github, context, exec, io, getOctokit);
210218
const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
211219
await main();
212220
213221
- name: Install gh-aw
214-
uses: github/gh-aw-actions/setup-cli@0acfb4a691fe207cd8bc982ea5cb9d750d57a702 # v0.68.0
222+
uses: github/gh-aw-actions/setup-cli@2fe53acc038ba01c3bbdc767d4b25df31ca5bdfc # v0.68.1
215223
with:
216-
version: v0.68.0
224+
version: v0.68.1
217225

218226
- name: Create missing labels
219-
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
227+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
220228
env:
221229
GH_AW_CMD_PREFIX: gh aw
222230
with:
223231
github-token: ${{ secrets.GITHUB_TOKEN }}
224232
script: |
225233
const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
226-
setupGlobals(core, github, context, exec, io);
234+
setupGlobals(core, github, context, exec, io, getOctokit);
227235
const { main } = require('${{ runner.temp }}/gh-aw/actions/create_labels.cjs');
228236
await main();

.github/workflows/ci-cd-gaps-assessment.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/claude-token-usage-analyzer.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/cli-flag-consistency-checker.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/copilot-token-usage-analyzer.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/dependency-security-monitor.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/doc-maintainer.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/firewall-issue-dispatcher.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/issue-monster.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/pelis-agent-factory-advisor.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)