Add GitHub Copilot CLI to hosted runner images#14045
Open
salmanmkc wants to merge 3 commits into
Open
Conversation
Install @github/copilot via npm during image bake for Ubuntu 24.04 and 26.04. This pre-installs the Copilot CLI so agentic workflows using the Copilot engine do not need to install it at runtime, reducing workflow startup time. - Add install-copilot-cli.sh install script - Add Copilot CLI test to CLI.Tools.Tests.ps1 - Add to 24.04 and 26.04 Packer templates
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds the GitHub Copilot CLI to the Ubuntu 24.04 and 26.04 hosted runner image bake, so workflows can use copilot without installing it at runtime.
Changes:
- Add a new Ubuntu build script to install
@github/copilotglobally vianpm. - Add a Pester test to validate
copilot --versionsucceeds (skipped on Ubuntu 22.04). - Wire the install script into the Ubuntu 24.04 and 26.04 Packer build templates.
Show a summary per file
| File | Description |
|---|---|
| images/ubuntu/templates/build.ubuntu-26_04.pkr.hcl | Adds the Copilot CLI install step to the Ubuntu 26.04 image build script list. |
| images/ubuntu/templates/build.ubuntu-24_04.pkr.hcl | Adds the Copilot CLI install step to the Ubuntu 24.04 image build script list. |
| images/ubuntu/scripts/tests/CLI.Tools.Tests.ps1 | Adds a Pester validation that copilot --version returns exit code 0 (skipped on 22.04). |
| images/ubuntu/scripts/build/install-copilot-cli.sh | New installer that installs the Copilot CLI via npm and invokes the corresponding tests. |
Copilot's findings
- Files reviewed: 4/4 changed files
- Comments generated: 2
Comment on lines
111
to
116
| "${path.root}/../scripts/build/install-cmake.sh", | ||
| "${path.root}/../scripts/build/install-codeql-bundle.sh", | ||
| "${path.root}/../scripts/build/install-awf.sh", | ||
| "${path.root}/../scripts/build/install-copilot-cli.sh", | ||
| "${path.root}/../scripts/build/install-container-tools.sh", | ||
| "${path.root}/../scripts/build/install-dotnetcore-sdk.sh", |
Author
There was a problem hiding this comment.
Fixed in 921ae04 \u2014 install-copilot-cli.sh now runs right after install-nodejs.sh in both Ubuntu 24.04 and 26.04 provisioner lists. While I was in there I also pinned the install to a known-good version pulled from the agentic workflows compatibility matrix (raw.githubusercontent.com/github/gh-aw-actions/main/.github/aw/compat.json), so the baked tool-cache version matches what the runtime setup action will resolve to. Falls back to latest on any fetch failure so an outage on raw.githubusercontent.com does not block the image bake.
Comment on lines
108
to
114
| "${path.root}/../scripts/build/install-aws-tools.sh", | ||
| "${path.root}/../scripts/build/install-clang.sh", | ||
| "${path.root}/../scripts/build/install-cmake.sh", | ||
| "${path.root}/../scripts/build/install-codeql-bundle.sh", | ||
| "${path.root}/../scripts/build/install-awf.sh", | ||
| "${path.root}/../scripts/build/install-copilot-cli.sh", | ||
| "${path.root}/../scripts/build/install-container-tools.sh", |
Author
There was a problem hiding this comment.
Same fix in 921ae04 \u2014 see the 24.04 reply above for the full rationale.
The previous version installed Copilot CLI before Node.js, which would fail on a clean image build because npm doesn't exist until install- nodejs.sh runs. Move the script down past install-nodejs.sh in both Ubuntu 24.04 and 26.04 provisioner lists so npm is available. Pin the install to the catch-all max-agent version published in the GitHub agentic workflows compatibility matrix at https://raw.githubusercontent.com/github/gh-aw-actions/main/.github/aw/compat.json This is the highest Copilot CLI version validated against the current agentic workflows release line, so workflows that resolve to the same matrix entry hit the baked tool-cache version on a cache hit instead of triggering a runtime install. Falls back to 'latest' on any fetch failure (network, 5xx, malformed JSON), so a raw.githubusercontent.com outage doesn't block the image bake. jq is already available because configure-apt.sh installs it earlier in the provisioner chain.
Previously this script fell back to installing the npm `latest` tag if the compat.json fetch or parse failed. That fallback silently bakes an unvalidated Copilot CLI version into the runner image when the matrix is the documented single source of truth for which version is approved. It also means a transient network blip during image bake can ship an arbitrarily newer version that has not been validated. Replace the silent fallback with fail-fast behaviour matching the install-awf.sh pattern: - Exit 1 with a clear error if the compat.json fetch fails. - Exit 1 with a clear error if the catch-all max-agent row is missing (use jq -e so a missing/null result returns non-zero instead of producing an empty version string). - Exit 1 if the catch-all selector returns more than one row, with the duplicates printed so the matrix author can fix it. - Exit 1 if the resolved value is not a valid SemVer (defends against malformed matrix entries and injection-shaped values like '1.0.48; rm -rf /'). Also tighten the curl invocation with --proto '=https' --proto-redir '=https' to prevent silent fall-through to a plaintext redirect if raw.githubusercontent.com were ever to 302 elsewhere. Verified against 8 cases: happy path, valid prerelease, curl failure, malformed JSON, missing catch-all row, multiple catch-all rows, non-semver value, and an injection-shaped value. Happy paths exit 0; all failure modes exit 1 with descriptive errors.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Install
@github/copilotvia npm during image bake for Ubuntu 24.04 and 26.04. This pre-installs the Copilot CLI so agentic workflows using the Copilot engine do not need to install it at runtime, reducing workflow startup time.Changes
images/ubuntu/scripts/build/install-copilot-cli.sh— install script usingnpm install -g @github/copilot --ignore-scriptsimages/ubuntu/scripts/tests/CLI.Tools.Tests.ps1— Pester test verifyingcopilot --versionreturns 0images/ubuntu/templates/build.ubuntu-24_04.pkr.hcl— add to 24.04 image buildimages/ubuntu/templates/build.ubuntu-26_04.pkr.hcl— add to 26.04 image build