Add debug-scoped /tmp/gh-aw file inventory to setup post cleanup

[Copilot]

When Actions debug mode is enabled, setup post-cleanup lacked visibility into what was left under /tmp/gh-aw before deletion. This updates the post step to emit a bounded file inventory so debugging cleanup/state issues is faster without noisy default logs.

• Debug-only /tmp/gh-aw inventory

  • Adds debug gating via RUNNER_DEBUG or ACTIONS_STEP_DEBUG.
  • Emits a pre-cleanup file list only in debug mode.

• Bounded and stable output

  • Recursively lists files with hard limits (maxDepth = 4, maxFiles = 200).
  • Sorts directory entries for deterministic output.
  • Prints truncation/read-error signals when limits or permission/read issues are hit.

• Cleanup behavior unchanged

  • Existing cleanup flow remains intact (sudo rm -rf with fs.rmSync fallback).

• Incidental repo-required lint cleanup

  • Replaces fmt.Sprintf("/repos/github/gh-aw/commits/%s", ref) with string concatenation in pkg/workflow/action_resolver.go to satisfy enforced linting in required progress gates.

const maxDebugDepth = 4;
const maxDebugFiles = 200;

if (isDebugModeEnabled()) {
  listTmpGhAwFiles("/tmp/gh-aw", maxDebugDepth, maxDebugFiles);
}

[github-actions]

Hey @app/copilot-swe-agent 👋 — thanks for adding debug-scoped visibility into the /tmp/gh-aw cleanup step! The bounded file inventory with depth/count limits is a thoughtful touch, and the debug-gating via RUNNER_DEBUG/ACTIONS_STEP_DEBUG is the right approach to avoid noisy default logs.

A couple of things worth addressing before this lands:

• Split unrelated changes — the PR bundles three distinct concerns: (1) the debug file inventory in post.js, (2) portability/config changes in the smoke workflow lock file (/home/runner → $HOME, restructuring XDG_CONFIG_HOME/GH_AW_MCP_CONFIG from static env vars to inline exports), and (3) an incidental Go lint fix in action_resolver.go. Each is independently reviewable and should ideally live in its own PR.
• Add tests — the new isDebugModeEnabled() and listTmpGhAwFiles() functions in post.js have no test coverage. Unit tests for edge cases (empty dir, depth-limit truncation, file-limit truncation, read errors) would increase confidence and catch regressions.

If you would like to address these, here is a prompt you can assign to your coding agent:

In the PR "Add debug-scoped /tmp/gh-aw file inventory to setup post cleanup" (gh-aw#38780):

1. Move the Go lint fix (fmt.Sprintf → string concat + indentation in pkg/workflow/action_resolver.go) into its own separate PR with a focused title and description.

2. Move the smoke workflow lock file changes (.github/workflows/smoke-copilot-aoai-entra.lock.yml) into their own separate PR: clearly explain what bug or limitation the /home/runner → $HOME portability fix and the XDG_CONFIG_HOME/GH_AW_MCP_CONFIG restructuring address.

3. Add unit tests for the two new JavaScript functions in actions/setup/post.js:
   - isDebugModeEnabled(): test with RUNNER_DEBUG=1, ACTIONS_STEP_DEBUG=true, both set, and neither set.
   - listTmpGhAwFiles(): test with a non-existent directory, an empty directory, a directory that exceeds maxFiles (200 files), and a directory that exceeds maxDepth (4 levels).

Generated by ✅ Contribution Check · 387.1 AIC · ⌖ 13.1 AIC · ⊞ 24.7K · ◷

[Copilot]

Pull request overview

This PR improves troubleshooting of setup post-cleanup by emitting a bounded /tmp/gh-aw file inventory only when GitHub Actions debug mode is enabled, while keeping the cleanup behavior unchanged. It also includes a small Go lint-driven tweak and a workflow hardening update to avoid hard-coded home paths.

Changes:

• Add debug-gated, bounded, sorted /tmp/gh-aw file inventory logging in actions/setup/post.js before cleanup.
• Replace a simple fmt.Sprintf usage with string concatenation in pkg/workflow/action_resolver.go to satisfy linting.
• Update the compiled smoke workflow to use $HOME for Copilot config paths and export related env vars in the run script.

Show a summary per file

File	Description
pkg/workflow/action_resolver.go	Simplifies GitHub API path construction for resolving --gh-aw-ref.
actions/setup/post.js	Adds debug-only, bounded /tmp/gh-aw inventory output prior to cleanup.
.github/workflows/smoke-copilot-aoai-entra.lock.yml	Switches Copilot config paths to $HOME and adjusts related env handling.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 2

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #38780 does not have the 'implementation' label (has_implementation_label=false) and has only 9 new lines in business logic directories, well under the 100-line threshold (requires_adr_by_default_volume=false).

[github-actions]

🧪 Test Quality Sentinel completed test quality analysis.

No test files were added or modified in PR #38780. The PR changes actions/setup/post.js (production), pkg/workflow/action_resolver.go (production), and a workflow lock file. Test Quality Sentinel skipped.

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[github-actions]

Skills-Based Review 🧠

Applied /tdd, /diagnose, and /zoom-out — commenting with non-blocking observations.

📋 Key Themes & Highlights

Key Themes

• Missing unit tests: listTmpGhAwFiles and isDebugModeEnabled are entirely untested. The functions are not exported, so testing them requires a minor refactor (extract to a module or add a conditional module.exports).
• Depth truncation is silent: maxDepth cutoff leaves no trace in the debug output — only maxFiles overflow emits a signal. Adding a depthCapped flag and a companion log line would complete the observability story.
• DFS traversal may produce a misleading truncated listing: the 200-file cap can be consumed entirely inside a deeply nested subdir, omitting all shallow-level siblings. For a pre-cleanup inventory, files-before-dirs ordering is more useful.

Positive Highlights

• ✅ Debug gating (isDebugModeEnabled) correctly normalises "1" and "true" and checks both RUNNER_DEBUG and ACTIONS_STEP_DEBUG.
• ✅ Bounded limits (maxDepth=4, maxFiles=200) and read-error reporting prevent the listing from becoming noisy or hanging on permission-denied paths.
• ✅ Alphabetical sort on entries makes the output deterministic — great for diffing across runs.
• ✅ The action_resolver.go lint fix is clean and correct; the lock-file $HOME portability change is a solid improvement.

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 209.2 AIC · ⌖ 13.8 AIC · ⊞ 29.3K

[github-actions]

[/tdd] listTmpGhAwFiles (and isDebugModeEnabled) have no unit tests — edge-case bugs here will surface as silent debug-output gaps rather than test failures.

💡 Key cases to cover

Scenario	Why it matters
tmpDir does not exist	guard branch already in code — should be verified
permission-denied on a subdirectory	readErrors counter path
exactly maxFiles entries	off-by-one on the truncation flag
maxDepth = 0	walk should not recurse at all
RUNNER_DEBUG=1 vs RUNNER_DEBUG=true	both should enable debug mode

Because the functions are not exported they would need a light refactor (e.g. module.exports = { listTmpGhAwFiles, isDebugModeEnabled } behind a test guard, or extract into a debug-inventory.js module) before a test file can import them.

[github-actions]

[/diagnose] The truncation signal only fires when maxFiles is hit, not when maxDepth silently caps recursion. A reader of the debug output has no way to know that subdirectories beyond depth 4 were skipped.

💡 Suggested fix

Track whether any directory was skipped due to depth, and emit a companion signal:

const walk = (currentDir, depth) => {
  if (depth >= maxDepth) {
    depthCapped = true;   // new flag
    return;
  }
  if (files.length >= maxFiles) {
    return;
  }
  // ...
};

Then after the walk:

if (depthCapped) {
  console.log(`[debug] some subdirectories beyond depth ${maxDepth} were not listed`);
}

This keeps the two truncation reasons distinct and both observable.

[github-actions]

[/zoom-out] DFS-first traversal means the 200-file limit can be exhausted entirely inside a deep subdirectory, silently omitting all sibling files at shallower levels. For a debug inventory whose purpose is to show what was left before cleanup, breadth-first (or listing files before recursing) would give a more representative snapshot.

💡 Files-before-dirs alternative

A minimal change: process file entries in the current directory before recursing into subdirs.

// separate dirs and files
const dirs = entries.filter(e => e.isDirectory());
const fileEntries = entries.filter(e => !e.isDirectory());

for (const entry of fileEntries) {
  if (files.length >= maxFiles) return;
  files.push(path.relative(tmpDir, path.join(currentDir, entry.name)));
}
for (const dir of dirs) {
  if (files.length >= maxFiles) return;
  walk(path.join(currentDir, dir.name), depth + 1);
}

This ensures the root-level (most actionable) files always appear, regardless of how many nested files exist.

[pelikhan]

@copilot run pr-finisher skill

[Copilot]

@copilot run pr-finisher skill

Ran a pr-finisher pass on PR #38780.

• ✅ Reviews — triaged; no new code changes made in this pass.
• ✅ Checks (local) — make fmt, make lint, make test-unit, make test, and make recompile all passed locally.
• ❓ Checks (CI) — stale after agent activity and currently includes a failed PR Code Quality Reviewer activation step (Check daily workflow token guardrail). This is workflow/guardrail related, not reproduced by local make targets.
• ❓ Mergeable — PR currently reports mergeable_state: unstable.

Actions taken: collected review/CI state and validated locally with no file changes.
Hand-off: CI must be re-triggered by a maintainer (close/reopen PR, workflow_dispatch, or maintainer push) before merge.