Add GitHub Copilot CLI to hosted runner images#14045
Draft
salmanmkc wants to merge 1 commit into
Draft
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds the GitHub Copilot CLI to the Ubuntu 24.04 and 26.04 hosted runner image bake, so workflows can use copilot without installing it at runtime.
Changes:
- Add a new Ubuntu build script to install
@github/copilotglobally vianpm. - Add a Pester test to validate
copilot --versionsucceeds (skipped on Ubuntu 22.04). - Wire the install script into the Ubuntu 24.04 and 26.04 Packer build templates.
Show a summary per file
| File | Description |
|---|---|
| images/ubuntu/templates/build.ubuntu-26_04.pkr.hcl | Adds the Copilot CLI install step to the Ubuntu 26.04 image build script list. |
| images/ubuntu/templates/build.ubuntu-24_04.pkr.hcl | Adds the Copilot CLI install step to the Ubuntu 24.04 image build script list. |
| images/ubuntu/scripts/tests/CLI.Tools.Tests.ps1 | Adds a Pester validation that copilot --version returns exit code 0 (skipped on 22.04). |
| images/ubuntu/scripts/build/install-copilot-cli.sh | New installer that installs the Copilot CLI via npm and invokes the corresponding tests. |
Copilot's findings
- Files reviewed: 4/4 changed files
- Comments generated: 2
Comment on lines
111
to
116
| "${path.root}/../scripts/build/install-cmake.sh", | ||
| "${path.root}/../scripts/build/install-codeql-bundle.sh", | ||
| "${path.root}/../scripts/build/install-awf.sh", | ||
| "${path.root}/../scripts/build/install-copilot-cli.sh", | ||
| "${path.root}/../scripts/build/install-container-tools.sh", | ||
| "${path.root}/../scripts/build/install-dotnetcore-sdk.sh", |
Author
There was a problem hiding this comment.
Fixed in 921ae04 \u2014 install-copilot-cli.sh now runs right after install-nodejs.sh in both Ubuntu 24.04 and 26.04 provisioner lists. While I was in there I also pinned the install to a known-good version pulled from the agentic workflows compatibility matrix (raw.githubusercontent.com/github/gh-aw-actions/main/.github/aw/compat.json), so the baked tool-cache version matches what the runtime setup action will resolve to. Falls back to latest on any fetch failure so an outage on raw.githubusercontent.com does not block the image bake.
Comment on lines
108
to
114
| "${path.root}/../scripts/build/install-aws-tools.sh", | ||
| "${path.root}/../scripts/build/install-clang.sh", | ||
| "${path.root}/../scripts/build/install-cmake.sh", | ||
| "${path.root}/../scripts/build/install-codeql-bundle.sh", | ||
| "${path.root}/../scripts/build/install-awf.sh", | ||
| "${path.root}/../scripts/build/install-copilot-cli.sh", | ||
| "${path.root}/../scripts/build/install-container-tools.sh", |
Author
There was a problem hiding this comment.
Same fix in 921ae04 \u2014 see the 24.04 reply above for the full rationale.
Install @github/copilot into the agent tool cache during image bake
for Ubuntu 24.04 and 26.04, pinned to the version validated by the
gh-aw agent compatibility matrix.
The CLI is staged at $AGENT_TOOLSDIRECTORY/copilot-cli/<version>/x64/
with the matching x64.complete marker file, so a runtime consumer
using @actions/tool-cache can find it via tc.find("copilot-cli", ...)
and expose it on PATH with core.addPath. This is the standard hosted-
runner toolcache layout used by install-awf.sh and install-codeql-
bundle.sh in the same directory.
Version resolution: fetch
https://raw.githubusercontent.com/github/gh-aw-actions/main/.github/aw/compat.json
and read the catch-all max-agent value (max-gh-aw == "*"). This is
the highest Copilot CLI version validated against the current gh-aw
release line. Hard-fails the bake on fetch/parse failure, multiple
catch-all rows, or non-semver values (matches the install-awf.sh
fail-fast pattern; we'd rather rebuild later than ship an
unvalidated version).
Tightens the curl invocation with --proto '=https' --proto-redir
'=https' to prevent silent fall-through to a plaintext redirect if
raw.githubusercontent.com were ever to 302 elsewhere.
Pester test in Tools.Tests.ps1 verifies the toolcache layout
(directory present, bin/copilot exists, .complete marker present),
mirroring the existing AWF test block.
Backward compatible: the bake step neither shadows nor removes
anything from the global PATH, so workflows that today install the
CLI at runtime keep working unchanged.
salmanmkc
force-pushed
the
salmanmkc/install-copilot-cli
branch
from
cdc05fd to
95d1aca
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Install
@github/copilotinto the agent tool cache during image bake for Ubuntu 24.04 and 26.04. The CLI is staged at$AGENT_TOOLSDIRECTORY/copilot-cli/<version>/x64/with the matchingx64.completemarker file, so a runtime consumer using@actions/tool-cachecan find it viatc.find("copilot-cli", ...)and expose it on PATH withcore.addPath.This enables agentic workflows that use the Copilot engine to skip the runtime
npm installstep on a cache hit, reducing workflow startup time. The toolcache version is read fromhttps://raw.githubusercontent.com/github/gh-aw-actions/main/.github/aw/compat.json(the agentic-workflows compatibility matrix), specifically themax-agentvalue on the catch-all row.Changes
images/ubuntu/scripts/build/install-copilot-cli.sh— fetch the toolcache version fromcompat.json, install vianpm install -g --prefix <toolcache>/x64/, writex64.completemarker. Hard-fails the bake on fetch/parse failure (matchesinstall-awf.shsemantics).images/ubuntu/scripts/tests/Tools.Tests.ps1— Pester test verifying the toolcache layout (/opt/hostedtoolcache/copilot-cli/*/x64/bin/copilot,x64.completemarker present). Mirrors the existing AWF test block.images/ubuntu/templates/build.ubuntu-24_04.pkr.hcl— invokeinstall-copilot-cli.shin the build (afterinstall-nodejs.shsonpmis available).images/ubuntu/templates/build.ubuntu-26_04.pkr.hcl— same.Why toolcache instead of system PATH
A runtime consumer needs to (a) pick a specific version that satisfies a semver range and (b) ensure the binary is on PATH for the agent step. The standard pattern for both is
@actions/tool-cache:tc.find("copilot-cli", range)returns the cached path,core.addPath(<path>/bin)exposes it. That requires the on-disk layout to be$RUNNER_TOOL_CACHE/<tool>/<version>/<arch>/with a.completemarker — which is exactly what this script produces. AWF (install-awf.shin this same repo) uses the same pattern.Backward compatibility
This change is no-op for workflows that don't use
@actions/tool-cacheto find the Copilot CLI. The bake step neither shadows nor removes anything from the global PATH (the previous globalnpm install -glocation is replaced because nothing else needs the binary there). Workflows that today install Copilot CLI vianpm install -gat runtime keep doing so unchanged.