Skip to content

chore: bump gh-aw-firewall to v0.27.29#44659

Merged
pelikhan merged 3 commits into
mainfrom
copilot/update-gh-aw-firewall-release
Jul 10, 2026
Merged

chore: bump gh-aw-firewall to v0.27.29#44659
pelikhan merged 3 commits into
mainfrom
copilot/update-gh-aw-firewall-release

Conversation

Copilot AI commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps DefaultFirewallVersion v0.27.28v0.27.29 and recompiles all 256 workflows.

What's in v0.27.29

  • feat: recursive alias resolution with cycle protection in validateRequestedModel
  • fix: log stderr from rootless permission repair; make chroot-home removal non-fatal
  • refactor: pre-validate host port specs once in TypeScript (removes duplicate shell parser)
  • chore: model-to-API mapping refresh (2026-07-09)

No new CLI flags → no new AWF*MinVersion gates required.

Copilot AI and others added 2 commits July 10, 2026 05:36
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan

Copy link
Copy Markdown
Collaborator

@copilot resolve container shas

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

@copilot resolve container shas

Done. All 4 firewall container images for v0.27.29 are now SHA-pinned in the lock files and actions-lock.json:

  • agent:0.27.29sha256:debc0b18ef8ea3a64585c4d1eea1099f0d9fa76b53d34a1f3c53b3225fe158fe
  • api-proxy:0.27.29sha256:c7754df3f06f346c817db0525ba523cbdaf5349239fd7f37897c4250a8fc7bde
  • cli-proxy:0.27.29sha256:bfc90b1f10d2ff61dbbbf0d57600001f85bf5f6444ed78bc05d9f6677327e4b8
  • squid:0.27.29sha256:7bfa0742f9a5bd6309507caaa80a8b6cf3e05bd95a1429affbf64cc94cfbd34f

@pelikhan pelikhan marked this pull request as ready for review July 10, 2026 06:38
Copilot AI review requested due to automatic review settings July 10, 2026 06:38
@pelikhan pelikhan merged commit 80cf454 into main Jul 10, 2026
24 of 26 checks passed
@pelikhan pelikhan deleted the copilot/update-gh-aw-firewall-release branch July 10, 2026 06:38

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bumps the default gh-aw-firewall (AWF) version from v0.27.28 to v0.27.29, updates the pinned container digests for the new firewall release, and recompiles workflow lockfiles so generated workflows reference the new AWF version and image SHAs.

Changes:

  • Update DefaultFirewallVersion to v0.27.29.
  • Add new 0.27.29 firewall container image digest pins (agent, api-proxy, cli-proxy, squid).
  • Regenerate workflow .lock.yml files to reference v0.27.29 (AWF version env, schema URLs, and container pins).
Show a summary per file
File Description
pkg/constants/version_constants.go Bumps DefaultFirewallVersion to v0.27.29.
pkg/workflow/data/action_pins.json Adds digest pins for gh-aw-firewall images at 0.27.29.
pkg/actionpins/data/action_pins.json Mirrors the 0.27.29 firewall image digest pins for action pinning.
.github/aw/actions-lock.json Updates the repo’s Actions/containers lock data with 0.27.29 firewall image pins.
.github/workflows/smoke-ci.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/firewall.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/example-permissions-warning.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/daily-malicious-code-scan.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/codex-github-remote-mcp-test.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/bot-detection.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/ai-moderator.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/agentic-token-optimizer.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.
.github/workflows/ace-editor.lock.yml Regenerated lock workflow to use v0.27.29 and updated pinned firewall images/schema URL.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 35/260 changed files
  • Comments generated: 3
  • Review effort level: Low

Comment on lines 840 to +846
@@ -841,6 +841,26 @@
"image": "semgrep/semgrep:latest",
"digest": "sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2",
"pinned_image": "semgrep/semgrep:latest@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2"
},
"ghcr.io/github/gh-aw-firewall/agent:0.27.29": {
"image": "ghcr.io/github/gh-aw-firewall/agent:0.27.29",
Comment on lines 840 to +846
@@ -841,6 +841,26 @@
"image": "semgrep/semgrep:latest",
"digest": "sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2",
"pinned_image": "semgrep/semgrep:latest@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2"
},
"ghcr.io/github/gh-aw-firewall/agent:0.27.29": {
"image": "ghcr.io/github/gh-aw-firewall/agent:0.27.29",
Comment on lines 840 to +846
"semgrep/semgrep:latest": {
"image": "semgrep/semgrep:latest",
"digest": "sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2",
"pinned_image": "semgrep/semgrep:latest@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2"
},
"ghcr.io/github/gh-aw-firewall/agent:0.27.29": {
"image": "ghcr.io/github/gh-aw-firewall/agent:0.27.29",
@github-actions

Copy link
Copy Markdown
Contributor

🎉 This pull request is included in a new release.

Release: v0.82.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants