Skip to content

Add Node.js setup step to CredSweeper shared workflow #2914

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Add Node.js setup step to CredSweeper shared workflow #2914

wants to merge 4 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Oct 31, 2025
edited
Loading

The CredSweeper shared workflow creates a mask-secrets.js script that requires Node.js, but was missing the setup step, causing silent failures in workflows that imported it (e.g., daily-news run #18984795622).

Changes

  • Created .github/workflows/shared/credsweeper.md

    • Added Node.js 24 setup step using actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
    • Configured CredSweeper installation via pip
    • Created mask-secrets.js utility script with Node.js core module dependencies (fs, path, @actions/core)
    • Configured bash tools to allow node /tmp/gh-aw/credsweeper/mask-secrets.js * and credsweeper *

  • Updated .github/workflows/daily-news.md

    • Added import for shared/credsweeper.md

Configuration

---
tools:
  bash:
    - "node /tmp/gh-aw/credsweeper/mask-secrets.js *"
    - "credsweeper *"

steps:
  - name: Setup Node.js
    uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
    with:
      node-version: '24'
  
  - name: Setup CredSweeper
    id: setup-credsweeper
    run: |
      mkdir -p /tmp/gh-aw/credsweeper
      pip install --user credsweeper
      # Creates mask-secrets.js script...
---

Fixes the workflow execution path described in the issue where the agent never executed due to missing Node.js runtime.

Original prompt

This section details on the original issue you should resolve

<issue_title>[q] Fix Samsung CredSweeper shared workflow - add Node.js setup step</issue_title>
<issue_description># Q Workflow Optimization Report

Issues Found (from live data)

daily-news workflow (Run githubnext/gh-aw#18984795622)

Workflow Run: https://github.com/githubnext/gh-aw/actions/runs/18984795622/job/54225882260

Log Analysis: The workflow failed because the Copilot agent never executed. The logs show:

  • Log path not found: /tmp/gh-aw/.copilot/logs/
  • No agent execution logs were generated
  • The workflow ran successfully through all setup steps but the agent step didn't produce output

Root Cause: The shared workflow credsweeper.md added in PR #2888 creates a JavaScript file (mask-secrets.js) that needs to be executed with Node.js. However, the workflow was missing the Node.js setup step, which caused the compilation or execution to fail.

Evidence from PR #2888:

  • The lock file diff shows a Setup Node.js step was added: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 with node-version: '24'
  • This step is critical because the workflow includes: - "node /tmp/gh-aw/credsweeper/mask-secrets.js *" in the bash tools
  • The mask-secrets.js script uses Node.js core modules (fs, path, @actions/core)

Changes Made

.github/workflows/shared/credsweeper.md (NEW FILE)

Added missing Node.js setup step:

steps:
  - name: Setup Node.js
    uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
    with:
      node-version: '24'
  
  - name: Setup CredSweeper
    id: setup-credsweeper
    run: |
      # ... existing credsweeper setup

Why this fixes the issue:

  • The workflow creates /tmp/gh-aw/credsweeper/mask-secrets.js which is a Node.js script
  • The bash tools allow executing: node /tmp/gh-aw/credsweeper/mask-secrets.js *
  • Without Node.js installed, this command would fail
  • The setup-node step ensures Node.js 24 is available before the CredSweeper setup runs

.github/workflows/daily-news.md

Added import to enable CredSweeper in the daily-news workflow:

imports:
  - shared/mcp/tavily.md
  - shared/jqschema.md
  - shared/reporting.md
  - shared/credsweeper.md  # ← NEW

Expected Improvements

  • ✅ Fixes the daily-news workflow execution failure
  • ✅ Enables credential scanning capability in daily-news reports
  • ✅ Ensures Node.js is available before attempting to run mask-secrets.js
  • ✅ Follows the pattern established in the PR's lock file changes

Validation

The changes follow the exact pattern from PR #2888's lock file, which shows the Node.js setup step was intended to be included. This fix adds it to the source markdown file so it will be properly compiled into the lock file.

Note: Lock files will be generated automatically after merge per repository workflow.

References

Related to PR: #2888
Investigated workflow run: 18984795622
Fix applies to: Samsung CredSweeper shared workflow configuration

AI generated by Q

[!NOTE]
This was originally intended as a pull request, but the git push operation failed.

Workflow Run: View run details and download patch artifact

The patch file is available as an artifact (aw.patch) in the workflow run linked above.
To apply the patch locally:

# Download the artifact from the workflow run https://github.com/githubnext/gh-aw/actions/runs/18985937177
# (Use GitHub MCP tools if gh CLI is not available)
gh run download 18985937177 -n aw.patch
# Apply the patch
git am aw.patch
Show patch preview (500 of 527 lines) 
From 96de4cb2a292218cbffc5ee58b5cd09b74a884a6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Fri, 31 Oct 2025 21:48:25 +0000
Subject: [PATCH] [q] Fix Samsung CredSweeper shared workflow - add Node.js
 setup step

The shared workflow credsweeper.md creates a JavaScript file (mask-secrets.js)
that needs to be executed with Node.js. However, the workflow was missing the
Node.js setup step, causing the workflow to fail.

This fix adds the missing setup-node step before the CredSweeper setup step,
ensuring Node.js 24 is available for executing the mask-secrets.js script.

Fixes workflow run: https://github.com/githubnext/gh-aw/actions/runs/18984795622
---
 .github/wo...

</details>

- Fixes githubnext/gh-aw#2905

<!-- START COPILOT CODING AGENT TIPS -->
---

✨ Let Copilot coding agent [set things up for you](https://github.com/githubnext/gh-aw/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Fix Samsung CredSweeper shared workflow by adding Node.js setup Add Node.js setup step to CredSweeper shared workflow Oct 31, 2025
Copilot AI requested a review from pelikhan October 31, 2025 23:47
Copilot finished work on behalf of pelikhan October 31, 2025 23:47
@pelikhan pelikhan closed this Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan