Skip to content

[review] fix(arc-dind): mount workspace correctly and unify artifact roots#43228

Open
github-actions[bot] wants to merge 5 commits into
mainfrom
fix/arc-dind-workspace-mount-review-1783093749995
Open

[review] fix(arc-dind): mount workspace correctly and unify artifact roots#43228
github-actions[bot] wants to merge 5 commits into
mainfrom
fix/arc-dind-workspace-mount-review-1783093749995

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Reason: agent_failure

Review the workflow run logs for details.

This PR contains changes that were originally intended for PR #43222 (fix/arc-dind-workspace-mount).
Please review the changes carefully before merging.


Generated by 👨‍🍳 PR Sous Chef · 7.23 AIC · ⌖ 3.11 AIC · ⊞ 6.6K ·
Comment /souschef to run again

lpcox and others added 3 commits July 3, 2026 08:33
Bug A: The agent sees an empty workspace because dockerHostPathPrefix
translates the workspace mount source to a non-existent path. With
sysroot-stage active, the Docker daemon can see all needed paths via:
  - Shared work volume (/home/runner/_work/) for workspace & RUNNER_TEMP
  - Sysroot named volume for system binaries
  - Kernel VFS for /dev, /sys
Remove dockerHostPathPrefix from the AWF config — it's unnecessary and
harmful when sysroot provides all system paths.

Bug B: The agent artifact upload spans two path roots (/tmp/gh-aw/ and
${{ runner.temp }}/gh-aw/), causing upload-artifact to compute '/' as
the common ancestor. This creates a nested directory layout that breaks
downstream artifact downloads (detection job can't find agent_output.json).
Fix by:
  1. Rewriting all /tmp/gh-aw/ artifact paths to ${{ runner.temp }}/gh-aw/
  2. Adding a consolidation step that copies /tmp/gh-aw/ contents to the
     runner.temp location before upload

Fixes: gh-aw#34896
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Base automatically changed from fix/arc-dind-workspace-mount to main July 3, 2026 16:03
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address unresolved review comments, and rerun checks once the branch is up to date.

Generated by 👨‍🍳 PR Sous Chef · 7.23 AIC · ⌖ 3.11 AIC · ⊞ 6.6K ·
Comment /souschef to run again

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@copilot please run the pr-finisher skill, address unresolved review comments, and rerun checks once the branch is up to date.

...

Done. Found one lint failure (modernize: HasPrefix+TrimPrefix can be simplified to CutPrefix) in arc_dind_artifacts.go, fixed in commit fix(arc-dind): use strings.CutPrefix to satisfy modernize linter. No unresolved review threads. Local validation passes:

  • ✅ Reviews — no unresolved review threads
  • ✅ Checks (local) — make fmt, make lint (0 issues), make test-unit all pass
  • ❓ Checks (CI) — stale after agent push; needs human re-trigger. Prior failures: fixed (lint was the root cause)
  • ✅ Mergeable — branch is up to date with base, no conflicts

Hand-off: CI must be re-triggered by a maintainer (close/reopen PR, workflow_dispatch, or push) before merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants