Move github-app token minting to activation job#24251
Merged
Conversation
- generateGitHubMCPAppTokenMintingSteps now returns []string for use in buildActivationJob instead of writing to a strings.Builder - activation job mints github-mcp-app-token and exposes it via output github_mcp_app_token so app-id/private-key never reach the agent job - remove generateGitHubMCPAppTokenMintingStep call from compiler_yaml_main_job.go - update generateGitHubMCPAppTokenInvalidationStep to reference needs.activation.outputs.github_mcp_app_token instead of step output - update mcp_environment.go and copilot_engine_execution.go to consume GITHUB_MCP_SERVER_TOKEN from needs.activation.outputs.github_mcp_app_token - update tests to assert new activation-output pattern Agent-Logs-Url: https://github.com/github/gh-aw/sessions/60528c57-92cc-4bc2-a14d-48ec635b7922 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
pelikhan
April 3, 2026 05:26
View session
Collaborator
|
@copilot also migrate top level |
…tivation job - Move safe-outputs.github-app token minting from safe_outputs + conclusion jobs to the activation job; expose as safe_outputs_app_token + safe_outputs_app_token_minting_failed outputs - Update buildGitHubAppTokenInvalidationStep to accept a tokenExpr parameter so callers (safe_outputs, conclusion, checkout) can each use their own token reference - Update all steps.safe-outputs-app-token.outputs.token references to needs.activation.outputs.safe_outputs_app_token across: safe_outputs_config_helpers.go, safe_outputs_env.go, compiler_safe_outputs_steps.go, create_code_scanning_alert.go, safe_outputs_jobs.go - Add activation to safe_outputs job needs when safe-outputs.github-app is configured (required to access needs.activation.outputs.*) - Remove minting from compiler_safe_outputs_job.go and notify_comment.go; keep invalidation in both jobs pointing to activation output - Update GH_AW_CONCLUSION_APP_TOKEN_MINTING_FAILED to reference activation output rather than the now-gone step outcome - Remove redundant inline invalidation logic from generateGitHubMCPAppTokenInvalidationStep (now uses shared helper) - Update all test assertions to reflect the new token flow Agent-Logs-Url: https://github.com/github/gh-aw/sessions/0c514f57-c2f0-4257-85f5-ef3a2cb2e579 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 70cfcbc. All three remaining github-app configurations have been migrated:
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Copilot
AI
changed the title
Move tools.github.github-app token minting to activation job
Move all github-app token minting to activation job
Apr 3, 2026
Collaborator
|
@copilot safe-outputs.github-app steps should stay in the safe_output job |
Collaborator
|
@copilot migrate all github-app steps to activation job due the MCP-server configuration Review remaining github-app steps in agent job and move to activation. |
…outputs job Reverts the safe-outputs.github-app token minting migration from the activation job back to the safe_outputs/conclusion jobs. The safe-outputs app-id/private-key steps should remain in the safe_outputs job per feedback. The tools.github.github-app token minting (moved to activation in 9bfc46e) is kept as-is. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6962f747-7aeb-41bc-9ae2-cb8917df7dfc Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Reverted in 467a9c2. The Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Copilot
AI
changed the title
Move all github-app token minting to activation job
Move tools.github.github-app token minting to activation job
Apr 3, 2026
Checkout github-app token minting steps (id: checkout-app-token-{n}) are moved
from the agent job to the activation job. Each minted token is exposed as an
activation output (checkout_app_token_{n}) so the agent job references it via
needs.activation.outputs.checkout_app_token_{n}.
- checkout_manager.go: add CheckoutAppTokenOutputs() returning output-name→step-expr map
- checkout_step_generator.go: update all steps.checkout-app-token-{n}.outputs.token
references (checkout step token, fetch step token, invalidation step) to
needs.activation.outputs.checkout_app_token_{n}
- compiler_activation_job.go: call GenerateCheckoutAppTokenSteps and expose outputs
via maps.Copy
- compiler_yaml_main_job.go: remove checkout app token minting block
- checkout_manager_test.go: update assertions to new token expression form
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/b6eaaeca-639c-4eae-8717-8990944195bc
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 0ea5e77. Checkout github-app token minting ( Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Copilot
AI
changed the title
Move tools.github.github-app token minting to activation job
Move github-app token minting to activation job
Apr 3, 2026
Collaborator
|
@copilot add compiler assertion that no token is minted in the agent job |
In compiler_main_job.go, after generating the agent job step content, assert that the YAML does not contain "create-github-app-token". Any minting step in the agent job violates the invariant that app-id / private-key secrets must not reach the agent's environment. Added TestAgentJobDoesNotMintGitHubAppTokens to verify the invariant holds for tools.github.github-app, checkout.github-app, and top-level github-app fallback for checkout configurations. Agent-Logs-Url: https://github.com/github/gh-aw/sessions/70226ef9-d1ce-4dea-aba9-330019bc0a0b Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 4f22805. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR moves GitHub App token minting (for tools.github.github-app and checkout.github-app) from the agent job into the activation job so that GitHub App secrets never reach the agent job; only short-lived tokens are passed via activation job outputs.
Changes:
- Mint GitHub MCP server and checkout GitHub App tokens in the activation job and expose them as
needs.activation.outputs.*. - Update agent job consumption paths (env vars, checkout token wiring, invalidation steps) to reference activation outputs instead of step outputs.
- Add a compiler invariant (and tests) to prevent
create-github-app-tokenfrom appearing in the agent job.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/mcp_environment.go | Switch MCP server token env var to needs.activation.outputs.github_mcp_app_token. |
| pkg/workflow/copilot_engine_execution.go | Set GITHUB_MCP_SERVER_TOKEN from activation job outputs when app auth is configured. |
| pkg/workflow/compiler_yaml_main_job.go | Remove GitHub App token minting from agent job step generation. |
| pkg/workflow/compiler_main_job.go | Add compile-time invariant to fail if agent job contains create-github-app-token. |
| pkg/workflow/compiler_github_mcp_steps.go | Refactor MCP app minting to return steps for activation job; update invalidation to use activation outputs. |
| pkg/workflow/compiler_activation_job.go | Add MCP + checkout app token minting steps to activation job and expose tokens as job outputs. |
| pkg/workflow/checkout_step_generator.go | Update checkout token references/invalidation to use needs.activation.outputs.checkout_app_token_{n}. |
| pkg/workflow/checkout_manager.go | Add helper to produce activation job output map for checkout app tokens. |
| pkg/workflow/github_mcp_app_token_test.go | Update assertions for activation outputs; add invariant coverage test. |
| pkg/workflow/checkout_manager_test.go | Update expectations to match activation-output token references. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+621
to
+632
| // Locate the agent job section (after " agent:" and before the next top-level job) | ||
| agentJobStart := strings.Index(lockContent, "\n agent:\n") | ||
| require.NotEqual(t, -1, agentJobStart, "Agent job should be present") | ||
|
|
||
| // Find the next top-level job after agent (or end of file) | ||
| nextJobStart := strings.Index(lockContent[agentJobStart+len("\n agent:\n"):], "\n ") | ||
| var agentJobContent string | ||
| if nextJobStart == -1 { | ||
| agentJobContent = lockContent[agentJobStart:] | ||
| } else { | ||
| agentJobContent = lockContent[agentJobStart : agentJobStart+len("\n agent:\n")+nextJobStart] | ||
| } |
There was a problem hiding this comment.
The agent job section extraction in this test is incorrect: strings.Index(..., "\n ") will match many indented lines within the agent job itself (e.g., \n runs-on: starts with \n ), so agentJobContent can end up containing only the first line(s) of the job and miss later steps. This can make the assertion a false negative even if create-github-app-token appears later in the agent job. Consider locating the next job header by matching \n <job_id>:\n at exactly 2-space indentation (e.g., via a regexp like \n [^\s][^:]*:\n) starting after the agent header, or parse the YAML and inspect jobs.agent.steps directly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
app-idandprivate-keysecrets fortools.github.github-appand checkoutgithub-appconfigurations were being consumed in the agent job to mint tokens. Moving all minting to the activation job ensures these secrets never reach the agent job; only the short-lived tokens are passed through as job outputs.Changes
tools.github.github-appcompiler_activation_job.go— callsgenerateGitHubMCPAppTokenMintingStepswhenParsedTools.GitHub.GitHubAppis set; exposes the result asoutputs["github_mcp_app_token"]compiler_github_mcp_steps.go—generateGitHubMCPAppTokenMintingStep(builder sink) replaced bygenerateGitHubMCPAppTokenMintingSteps(returns[]string); invalidation step now referencesneeds.activation.outputs.github_mcp_app_tokeninstead ofsteps.github-mcp-app-token.outputs.tokencompiler_yaml_main_job.go— removes the minting call from the agent job stepsmcp_environment.go,copilot_engine_execution.go—GITHUB_MCP_SERVER_TOKENset to${{ needs.activation.outputs.github_mcp_app_token }}when app is configuredCheckout
github-appcompiler_activation_job.go— creates aCheckoutManagerfor the activation job; callsGenerateCheckoutAppTokenStepswhen any checkout uses app auth; exposes each token asoutputs["checkout_app_token_{index}"]viaCheckoutAppTokenOutputs()checkout_manager.go— addsCheckoutAppTokenOutputs()returning a map of output names to step token expressionscheckout_step_generator.go— all token references updated fromsteps.checkout-app-token-{n}.outputs.tokentoneeds.activation.outputs.checkout_app_token_{n}in checkout steps, fetch steps, and invalidation stepscompiler_yaml_main_job.go— removes the checkout app token minting block from the agent job stepsCompiler invariant
compiler_main_job.go— after generating the agent job steps, asserts the resulting YAML does not containcreate-github-app-token; returns an error immediately if the invariant is violated to catch regressions at compile timegithub_mcp_app_token_test.go— addsTestAgentJobDoesNotMintGitHubAppTokenscoveringtools.github.github-app,checkout.github-app, and the top-levelgithub-appfallback for checkoutsafe-outputs.github-appandon.github-appNo change — token minting for these configurations remains in the
safe_outputsand conclusion jobs where it was.Result