Capture exit codes and stderr when gh CLI commands fail, fix Docker git ownership

[Copilot]

When gh workflow list failed in the status command, error logs contained only wrapped errors without exit codes, stderr output, or the executed command. Additionally, the Docker container was experiencing "dubious ownership in repository" errors when running with mounted volumes.

Changes

• Enhanced fetchGitHubWorkflows error handling

  • Extract exit code from exec.ExitError
  • Capture and log stderr output
  • Log full command with arguments via workflowsLog

• Applied same pattern to restoreWorkflowState

  • Consistent error diagnostics for gh workflow disable failures

• Fixed Docker container git ownership issue

  • Added git config --global --add safe.directory '*' to Dockerfile
  • Prevents "fatal: detected dubious ownership in repository" errors
  • Necessary when container runs with mounted volumes owned by different users (e.g., GitHub Actions)

Example

Before:

if err != nil {
    return nil, fmt.Errorf("failed to execute gh workflow list command: %w", err)
}

After:

if err != nil {
    var exitCode int
    var stderr string
    if exitErr, ok := err.(*exec.ExitError); ok {
        exitCode = exitErr.ExitCode()
        stderr = string(exitErr.Stderr)
        workflowsLog.Printf("gh workflow list command failed with exit code %d. Command: gh %v", exitCode, args)
        workflowsLog.Printf("stderr output: %s", stderr)
        return nil, fmt.Errorf("failed to execute gh workflow list command (exit code %d): %w. stderr: %s", exitCode, err, stderr)
    }
    workflowsLog.Printf("gh workflow list command failed with error (not ExitError): %v. Command: gh %v", err, args)
    return nil, fmt.Errorf("failed to execute gh workflow list command: %w", err)
}

Pattern matches existing implementation in fetchLatestRunsByRef for consistency.

Original prompt

Reference: https://github.com/github/gh-aw/actions/runs/21754229152/job/62759997935#step:44:1

It seems that the call to gh workflows list in the status command is failing. Make that maximum logging is collected when a call to "gh" fails.

See agentic-workflows.log in the artifacts of the run.

Check that the token passed to the MCP server is secrets.GITHUB_TOKEN and that it has enough permissions

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Log exit codes and stderr for failing gh workflow list/disable commands and configure the Docker image to trust every directory so mounted volumes do not trigger dubious ownership errors.

Generated by Changeset Generator

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

❌ Changeset Generator failed. Please review the logs for details.

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.52.0
jq	✅	1.7
yq	✅	4.52.2
curl	✅	8.5.0
gh	✅	2.86.0
node	✅	20.20.0
python3	✅	3.12.3
go	✅	1.24.12
java	✅	21.0.10 (requires LD_LIBRARY_PATH)
dotnet	❌	execution error

Result: 11/12 tools available ⚠️

Notes:

• Java: Works correctly but requires LD_LIBRARY_PATH to be set properly
• Dotnet: Binary is present at /usr/share/dotnet/dotnet but fails with error: "cannot execute dotnet when renamed to bash" - this appears to be an environment configuration issue rather than a missing installation

AI generated by Agent Container Smoke Test

[github-actions]

Smoke Test Results ✅

PR #14156 - Capture exit codes and stderr when gh CLI commands fail
PR #14027 - chore: bump AWF to v0.13.9

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ✅ Serena MCP (6 symbols)
• ✅ Playwright
• ✅ File I/O
• ✅ Bash Tools
• ✅ Discussion Comment
• ✅ Build gh-aw
• ✅ Workflow Dispatch

Status: PASS | Run §21755113641

cc @pelikhan

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[pelikhan]

@copilot the gh workflow command failed with this message:

  [2026-02-06T15:04:39Z] [INFO] [backend] [stderr] cli:workflows stderr output: failed to run git: fatal: detected dubious ownership in repository at '/home/runner/work/gh-aw/gh-aw'

Fix Dockerfile configure to remove this issue.

[Copilot]

@copilot the gh workflow command failed with this message:

  [2026-02-06T15:04:39Z] [INFO] [backend] [stderr] cli:workflows stderr output: failed to run git: fatal: detected dubious ownership in ...

Fixed in commit 21cd16e. Added git config --global --add safe.directory '*' to the Dockerfile to trust all directories and prevent the "dubious ownership" error when the container runs with mounted volumes owned by different users.

[github-actions]

✅ Changeset Generator completed successfully!

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

Agent Container Tool Check - Smoke Test Results

Tool	Status	Version
bash	✅	5.2.21(1)-release
sh	✅	available
git	✅	2.52.0
jq	✅	1.7
yq	✅	4.52.2
curl	✅	8.5.0
gh	✅	2.86.0
node	✅	20.20.0
python3	✅	3.12.3
go	✅	1.24.12
java	❌	unavailable
dotnet	❌	unavailable

Result: 10/12 tools available ❌

Missing Tools:

• Java runtime is not accessible (expected at /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/)
• .NET runtime is not accessible (expected at /usr/bin/dotnet)

Core development tools (bash, git, gh, node, python3, go) and essential utilities (jq, yq, curl) are all available and functional.

AI generated by Agent Container Smoke Test

[github-actions]

Smoke Test Results - Run 21755850804

PRs Reviewed:

• core: update create.md #14151: core: update create.md
• Remove prompt file management functions from init/upgrade/fix commands #14150: Remove prompt file management functions

Test Results:

• ✅ GitHub MCP
• ✅ Safe Inputs GH CLI
• ⚠️ Serena MCP (0 symbols found)
• ✅ Playwright
• ✅ File Writing
• ✅ Bash Tools
• ✅ Discussion Interaction
• ✅ Build gh-aw
• ✅ Workflow Dispatch

Overall Status: ⚠️ PARTIAL PASS

@Copilot

AI generated by Smoke Copilot

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[pelikhan]

@copilot increase smoke-claude timeout to 15min

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.