feat: portable GH_AW_HOME for self-hosted runner support#19744
Open
feat: portable GH_AW_HOME for self-hosted runner support#19744
Conversation
This was referenced Mar 5, 2026
Add OpenCode as a new agentic engine supporting provider-agnostic AI coding with BYOK (Bring Your Own Key) and full MCP Gateway + API proxy support. New engine features: - Provider-agnostic: supports Anthropic, OpenAI, Google, Groq, etc. - Dynamic domain allowlists based on model provider prefix - API proxy on port 10004 (default: Anthropic routing) - MCP Gateway integration with opencode.jsonc converter - Headless CI mode via `opencode run -q` - Auto-configured permissions to prevent CI hanging - 22 unit tests covering all engine methods - Smoke test workflow (5 tests) Files: opencode_engine.go, opencode_mcp.go, opencode_engine_test.go, convert_gateway_config_opencode.sh, smoke-opencode.md/.lock.yml Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add comprehensive external-facing documentation for the OpenCode engine: - New guide: docs/src/content/docs/guides/opencode.md (460 lines) - Quick start, auth/providers, network security, MCP support - Example workflows, engine comparison, known limitations - Update engines.md: add OpenCode to available agents list - Update auth.mdx: add OpenCode authentication reference - Update network.md: add OpenCode domain config + dynamic provider docs - Update astro.config.mjs: add sidebar link Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix BaseEngine struct changes (llmGatewayPort field, remove supportsFirewall, remove UsesAPIProxy from AWFCommandConfig) - Bump DefaultFirewallVersion to v0.23.1 which includes port 10004 for OpenCode API proxy (gh-aw-firewall#1055) - Recompile smoke-opencode.lock.yml with v0.23.1 - Fix test: use constants.OpenCodeLLMGatewayPort assertion Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
OpenCode v1.2.14 does not support -q/--quiet flag. The `run` subcommand accepts the message as a positional argument directly. Discovered from smoke test failure where the CLI printed usage and exited with code 1. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
Contributor
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
Contributor
|
❌ Tool validation failed! Agent Container Smoke Test detected missing tools: failed |
Contributor
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
Contributor
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
OpenCode phones home to opencode.ai during initialization (telemetry/ config). Without this domain in the allowlist, Squid blocks the request and OpenCode fails silently with exit code 0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…xpansion
Re-applies all GH_AW_HOME portable path changes that were silently reverted
during the merge with main. Also fixes a critical bug where job-level env
vars using shell expansion syntax were not expanded by GitHub Actions
${{ env.X }} expressions (used by upload-artifact).
Key fixes:
- Move GH_AW_SAFE_OUTPUTS/CONFIG_PATH/TOOLS_PATH from job-level env to
$GITHUB_ENV (set in "Create gh-aw temp directory" step after setup.sh
sets GH_AW_HOME)
- Re-apply JsRequireGhAw() for all require() patterns
- Re-apply GhAwHome shell expansion for all bash run: blocks
- Re-apply DefaultGhAwMount with shell expansion
- Update golden files and test expectations
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mossaka
force-pushed
the
portable-gh-aw-home
branch
from
192debf to
42c1f84
Compare
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Contributor
|
@copilot recompile, review code and simplify if possible (by compile resolved value and avoid repeating magic string) |
Contributor
…constants (#19793) * Initial plan * Initial plan: use GhAwHome/GhAwHomeJS/JsRequireGhAw constants everywhere Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> * refactor: replace magic GH_AW_HOME path strings with constants/helpers Replace all raw occurrences of `(process.env.GH_AW_HOME || '/opt/gh-aw')` and `${GH_AW_HOME:-/opt/gh-aw}` in non-test Go source files with the constants and helper defined in setup_action_paths.go: - `GhAwHomeJS` for JavaScript expressions - `GhAwHome` for shell expressions - `JsRequireGhAw(relativePath)` for JS require() calls 22 source files updated. Generated output is byte-for-byte identical. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
@copilot fix build wasm |
Contributor
This comment has been minimized.
This comment has been minimized.
Contributor
|
@copilot merge main and recompile |
Contributor
Contributor
Contributor
|
@copilot merge main and recompile |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Contributor
|
Hey What looks great:
Concern: PR mixes multiple distinct features This PR bundles at least two independent features:
Per the contribution guidelines, PRs should be focused on a single concern — this makes review faster and reduces risk. Splitting these would help each land independently. Also noted: There are two CI failures (Smoke Codex, Agent Container Smoke Test missing tools) that would need to be resolved before merging. Suggestion: Consider splitting into separate PRs — one for
|
This was referenced Mar 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/opt/gh-aw/paths with aGH_AW_HOMEenvironment variable (defaults to/opt/gh-aw, falls back to$RUNNER_TEMP/gh-awon self-hosted runners)setup.shauto-detects a writable path and exportsGH_AW_HOMEto$GITHUB_ENVfor all subsequent steps${GH_AW_HOME:-/opt/gh-aw}/..., JSrequire()uses(process.env.GH_AW_HOME || '/opt/gh-aw') + '/...'Why: GitHub-hosted runners allow writing to
/opt/, but self-hosted runners typically don't — requiring admins tosudo mkdir -p /opt/gh-aw && sudo chmod 777 /opt/gh-aw. This change makes gh-aw work out of the box on both.Security:
$RUNNER_TEMP/gh-awis NOT mounted into the AWF agent container (only$GITHUB_WORKSPACEand/tmpare writable to the agent), so the security model is preserved.Test plan
make buildsucceedsmake test-unit— all tests pass (updated 36 test files + 3 golden fixtures)make test-js— all 209 JS test files pass (4928 tests)make golint-incremental BASE_REF=HEAD— 0 issuesmake recompile— all 165 lock files regenerated.lock.ymlfiles use$GH_AW_HOMEpatterns correctly/opt/gh-awstill works)🤖 Generated with Claude Code