Skip to content

Bump github/gh-aw from 0.61.0 to 0.68.3#1289

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.68.3
Open

Bump github/gh-aw from 0.61.0 to 0.68.3#1289
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.68.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 20, 2026

Bumps github/gh-aw from 0.61.0 to 0.68.3.

Release notes

Sourced from github/gh-aw's releases.

v0.68.3

🌟 Release Highlights

This release delivers a major overhaul of push_signed_commits.cjs for edge-case reliability, significant improvements to shared workflow imports, smarter AI model error handling, and a wave of community-driven fixes.

✨ What's New

  • Model-not-supported detection — When a model is unavailable or not supported by your Copilot plan, the workflow now stops retrying and surfaces a clear, actionable error in the failure report rather than spinning indefinitely. (#26229)
  • checkout field in shared imports — Shared importable workflows now support a checkout field, giving you control over which ref is checked out when importing a shared workflow. (#26292)
  • env field in shared imports — You can now pass environment variables via env: in shared import blocks, eliminating the need for workarounds when shared workflows require custom env context. (#26113)
  • Time Between Turns (TBT) metricgh aw audit and gh aw logs now report Time Between Turns, a key indicator of whether LLM prompt caching is effective for your workflows. (#26321)
  • OTEL token breakdown — Conclusion spans now include token category breakdowns as attributes, enabling richer cost analysis in your observability dashboards. (#26121)
  • API consumption charts as inline images — API consumption reports now render charts as inline Markdown images for instant visibility without requiring external image hosting. (#26150)

🐛 Bug Fixes & Improvements

push_signed_commits.cjs — five targeted fixes:

  • File content is now read from commit objects (not the working tree), preventing stale-file bugs in agent-driven commits. (#26287)
  • Copy/rename detection and C-quoted filenames are now handled correctly. (#26277)
  • Non-100644 file modes (executables, symlinks) are detected and handled gracefully. (#26259)
  • Commit ordering uses --topo-order and merge commits are handled with a git push fallback. (#26306)
  • Submodule entries now fall back to a plain git push instead of erroring. (#26298)

Other notable fixes:

  • on.github-token propagated to activation job — Cross-org workflow_call setups no longer fail because the GitHub token was missing from checkout and hash-check steps. (#26137)
  • copilot-driver --resume auth recovery — Authentication failures during --continue/--resume are now handled instead of crashing the driver. (#26146)
  • add_comment gains reply_to_id — The reply_to_id parameter is now documented in the MCP tool schema so agents reliably pass it when threading replies. (#26288)
  • safe-outputs.actions tools exposed — Custom action tools defined in safe-outputs.actions are now included in the agent's MCP toolset. (#26291)
  • engine.max-turns preserved through shared imports — The max-turns setting no longer silently drops when the engine config is sourced from a shared import. (#26122)
  • Docker no longer required for gh aw compile --validate — Validation now skips Docker image checks when Docker is unavailable; opt in with --validate-images when needed. (#26074)
  • GH_HOST env var used for GH CLI callsgh repo view and gh pr create now respect GH_HOST, fixing failures in GHES and cross-org contexts. (#26311)
  • resolveIssueNumber strips stray quotes — Item numbers wrapped in quotes no longer cause resolution failures. (#26114)
  • --safe-update renamed to --approve — The flag name now more clearly conveys its intent. (#26160)

📚 Documentation

🌍 Community Contributions

@arthurfvives

... (truncated)

Commits
  • ce17949 fix: use GH_HOST env var instead of --hostname flag for gh repo view and gh p...
  • c25673e fix: --topo-order and merge commit fallback in push_signed_commits.cjs (#26306)
  • d37c7c6 fix(USE-001): add standardized ERR_* error codes to two non-conformant handle...
  • 9939478 fix(USE-003): emit staged mode preview summary in upload_artifact handler (#2...
  • b8e0b8a fix: expose safe-outputs.actions custom action tools to agent MCP toolset (#2...
  • 549223d feat: support checkout field in importable shared workflows (#26292)
  • ace4abb Split frontmatter_types.go into types, parsing, and serialization files (#2...
  • b048b08 Split gateway_logs.go into concern-aligned files (#26296)
  • a12b147 refactor: split audit_report_render.go into domain-specific files (#26304)
  • f109ff0 Handle submodule entries in push_signed_commits by falling back to git push (...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github/gh-aw from 0.61.0 to 0.68.3
1409a7c 
Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.61.0 to 0.68.3.
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@v0.61.0...v0.68.3)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.68.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 20, 2026
@dependabot dependabot bot mentioned this pull request Apr 20, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 20, 2026

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.sh | bash -s -- 1289

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.ps1) } 1289"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants