chore: bump gh-aw-firewall to v0.27.29#44659
Merged
Merged
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
pelikhan
July 10, 2026 05:38
View session
Collaborator
|
@copilot resolve container shas |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done. All 4 firewall container images for v0.27.29 are now SHA-pinned in the lock files and
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR bumps the default gh-aw-firewall (AWF) version from v0.27.28 to v0.27.29, updates the pinned container digests for the new firewall release, and recompiles workflow lockfiles so generated workflows reference the new AWF version and image SHAs.
Changes:
- Update
DefaultFirewallVersiontov0.27.29. - Add new
0.27.29firewall container image digest pins (agent, api-proxy, cli-proxy, squid). - Regenerate workflow
.lock.ymlfiles to referencev0.27.29(AWF version env, schema URLs, and container pins).
Show a summary per file
| File | Description |
|---|---|
| pkg/constants/version_constants.go | Bumps DefaultFirewallVersion to v0.27.29. |
| pkg/workflow/data/action_pins.json | Adds digest pins for gh-aw-firewall images at 0.27.29. |
| pkg/actionpins/data/action_pins.json | Mirrors the 0.27.29 firewall image digest pins for action pinning. |
| .github/aw/actions-lock.json | Updates the repo’s Actions/containers lock data with 0.27.29 firewall image pins. |
| .github/workflows/smoke-ci.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/firewall.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/example-permissions-warning.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/daily-malicious-code-scan.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/codex-github-remote-mcp-test.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/bot-detection.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/ai-moderator.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/agentic-token-optimizer.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
| .github/workflows/ace-editor.lock.yml | Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 35/260 changed files
- Comments generated: 3
- Review effort level: Low
Comment on lines
840
to
+846
| @@ -841,6 +841,26 @@ | |||
| "image": "semgrep/semgrep:latest", | |||
| "digest": "sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2", | |||
| "pinned_image": "semgrep/semgrep:latest@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2" | |||
| }, | |||
| "ghcr.io/github/gh-aw-firewall/agent:0.27.29": { | |||
| "image": "ghcr.io/github/gh-aw-firewall/agent:0.27.29", | |||
Comment on lines
840
to
+846
| @@ -841,6 +841,26 @@ | |||
| "image": "semgrep/semgrep:latest", | |||
| "digest": "sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2", | |||
| "pinned_image": "semgrep/semgrep:latest@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2" | |||
| }, | |||
| "ghcr.io/github/gh-aw-firewall/agent:0.27.29": { | |||
| "image": "ghcr.io/github/gh-aw-firewall/agent:0.27.29", | |||
Comment on lines
840
to
+846
| "semgrep/semgrep:latest": { | ||
| "image": "semgrep/semgrep:latest", | ||
| "digest": "sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2", | ||
| "pinned_image": "semgrep/semgrep:latest@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2" | ||
| }, | ||
| "ghcr.io/github/gh-aw-firewall/agent:0.27.29": { | ||
| "image": "ghcr.io/github/gh-aw-firewall/agent:0.27.29", |
Contributor
|
🎉 This pull request is included in a new release. Release: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps
DefaultFirewallVersionv0.27.28→v0.27.29and recompiles all 256 workflows.What's in v0.27.29
validateRequestedModelNo new CLI flags → no new
AWF*MinVersiongates required.