Fix agent job needs not populated from engine.env needs expressions

[Copilot]

engine.env values containing needs.<job>.outputs.* expressions were silently ignored during compilation — referenced custom jobs were never added to the agent job's needs list, causing those expressions to evaluate to empty strings at runtime.

Changes

• compiler_main_job.go: Extend the custom-job reference scan in buildMainJob to include all engine.env values in addition to markdown content and custom steps. Engine env content is computed once and reused for:
  • Adding referenced custom jobs as direct needs dependencies of the agent job
  • Emitting a compiler warning when engine.env values reference built-in jobs (detection, safe_outputs, etc.) that cannot be wired as direct agent dependencies — built-in jobs already present as direct dependencies (e.g., activation) are correctly excluded from this warning

Example

Given this frontmatter:

engine:
  id: copilot
  env:
    RECEIVED_VALUE: ${{ needs.provide_value_to_agent.outputs.provided_value }}
jobs:
  provide_value_to_agent:
    runs-on: ubuntu-latest
    # ...

Before: agent.needs = [activation] → needs.provide_value_to_agent is undefined at runtime.
After: agent.needs = [activation, provide_value_to_agent] → expression evaluates correctly.

Tests

• Unit test: engine.env reference adds custom job as direct dependency
• Unit test: no duplication when job is referenced in both engine.env and normal content
• Unit test: no false warning emitted when engine.env references activation (already a direct dependency)
• Integration unit test (pkg/workflow): end-to-end compilation of the exact bug-report scenario
• CLI integration test (pkg/cli): compiles test-engine-env-needs.md fixture and asserts provide_value_to_agent appears in the agent job's needs

[!WARNING]

[Copilot]

Pull request overview

Fixes a compilation gap where engine.env values containing needs.<job>.outputs.* were not considered when computing the agent job’s direct needs, leading to those expressions evaluating to empty strings at runtime.

Changes:

• Extend agent job dependency scanning in buildMainJob to include all engine.env values.
• Emit a compiler warning when engine.env references built-in jobs via needs.* expressions.
• Add unit + end-to-end compilation tests covering the engine.env dependency behavior.

Show a summary per file

File	Description
pkg/workflow/compiler_main_job.go	Includes engine.env values in the referenced-job scan so the agent job needs list is correctly populated; adds warnings for built-in job references in engine.env.
pkg/workflow/compiler_jobs_test.go	Adds tests ensuring engine.env needs-expressions add custom jobs to agent needs and don’t duplicate entries; includes an end-to-end compilation assertion.
.github/workflows/metrics-collector.lock.yml	Regenerates the lock workflow output (adds GH_AW_INFO_VERSION in a setup step env block).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 1

[pelikhan]

@copilot review all comments

[Copilot]

@copilot review all comments

Addressed in 7e3bc98. The warning now skips any built-in job already present in depends (e.g., activation), so ${{ needs.activation.outputs.* }} in engine.env no longer triggers a false warning. A regression test TestBuildMainJobEngineEnvActivationNoFalseWarning was added to cover this case.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ignore-path ../../../.prettierignore (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[pelikhan]

@copilot add integration workflow tests in pkg/cli/workflows

[Copilot]

@copilot add integration workflow tests in pkg/cli/workflows

Added in d4f67c8:

• pkg/cli/workflows/test-engine-env-needs.md — workflow fixture with a custom job referenced via engine.env
• pkg/cli/compile_engine_env_needs_integration_test.go — TestCompileEngineEnvNeedsExpression compiles the fixture and asserts the agent job's needs contains both activation and provide_value_to_agent

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE sh -c npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go node (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9.0.0
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)