chore: pin all self-refs to full SHAs and update release flow

Signed-off-by: Derek Misler <derek.misler@docker.com>

chore: remove confused reaction from reply-to-feedback workflow

Remove the second confused emoji reaction that was added when
reply generation failed. Consistent with the previous commit -
failures are already logged in workflow runs.

chore: remove confused reaction on thread-build failure

The confused emoji reaction was confusing users when thread context
building failed. Remove the step entirely - failures are already
logged in the workflow run.

fix: address code review findings

- Add --paginate flag to consumer repo search to handle >100 repos
- Add validation for SHA-pinned refs without version comments
- Replace unsafe heredoc PR body with printf to prevent command injection
- Add trap-based cleanup for temp directories to prevent resource leaks
- Move ROOT_COMMENT_ID validation to shared step for both auth paths

Fixes identified in strict code review:
- HIGH: Consumer repo pagination truncation
- MEDIUM: Command injection via FILE_PATH in PR body
- MEDIUM: Weak validation pattern for SHA pinning
- MEDIUM: Temp directory leaks on errors
- MEDIUM: Missing ROOT_COMMENT_ID validation in authorized path

chore: remove redundant token validation step

Assisted-By: docker-agent

Author: derekmisler

.github/workflows/release.yml

@@ -327,28 +327,3 @@ jobs:
           github-token: ${{ steps.app-token.outputs.token || github.token }}
           skip-auth: "true" # Org membership already verified above
 
-      # ----------------------------------------------------------------
-      # Failure handling
-      # ----------------------------------------------------------------
-      - name: React on failure
-        if: >-
-          always() &&
-          steps.meta.outputs.proceed == 'true' &&
-          steps.auth.outputs.authorized == 'true' &&
-          (steps.checkout.outcome == 'failure' || steps.thread.outcome == 'failure' || steps.run-reply.outcome == 'failure')
-        continue-on-error: true
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        env:
-          COMMENT_ID: ${{ steps.meta.outputs.comment_id }}
-          REPO: ${{ steps.meta.outputs.repo }}
-        with:
-          github-token: ${{ steps.app-token.outputs.token || github.token }}
-          script: |
-            const [owner, repo] = process.env.REPO.split('/');
-            await github.rest.reactions.createForPullRequestReviewComment({
-              owner,
-              repo,
-              comment_id: parseInt(process.env.COMMENT_ID, 10),
-              content: 'confused'
-            });
-            console.log('😕 Reply failed — added confused reaction');

.github/workflows/reply-to-feedback.yml

@@ -12,7 +12,7 @@
 #
 #   jobs:
 #     review:
-#       uses: docker/cagent-action/.github/workflows/review-pr.yml@latest
+#       uses: docker/cagent-action/.github/workflows/review-pr.yml@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
 #       # Scoped to the job so other jobs in this workflow aren't over-permissioned
 #       permissions:
 #         contents: read       # Read repository files and PR diffs
@@ -179,7 +179,7 @@ jobs:
         if: steps.membership.outputs.is_member == 'true'
         id: run-review
         continue-on-error: true # Don't fail the calling workflow if the review errors
-        uses: docker/cagent-action/review-pr@latest
+        uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
         with:
           pr-number: ${{ inputs.pr-number || github.event.pull_request.number }}
           additional-prompt: ${{ inputs.additional-prompt }}
@@ -301,7 +301,7 @@ jobs:
         if: steps.membership.outputs.is_member == 'true'
         id: run-review
         continue-on-error: true # Don't fail the calling workflow if the review errors
-        uses: docker/cagent-action/review-pr@latest
+        uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
         with:
           pr-number: ${{ inputs.pr-number || github.event.issue.number }}
           comment-id: ${{ inputs.comment-id || github.event.comment.id }}
@@ -457,6 +457,21 @@ jobs:
             echo "⏭️ Not a reply to agent comment, skipping"
           fi
 
+      - name: Validate root comment ID
+        if: steps.check.outputs.is_agent == 'true'
+        shell: bash
+        env:
+          ROOT_COMMENT_ID: ${{ steps.check.outputs.root_comment_id }}
+        run: |
+          if [ -z "$ROOT_COMMENT_ID" ]; then
+            echo "::error::ROOT_COMMENT_ID is not set"
+            exit 1
+          fi
+          if ! [[ "$ROOT_COMMENT_ID" =~ ^[0-9]+$ ]]; then
+            echo "::error::ROOT_COMMENT_ID is not a valid integer: '$ROOT_COMMENT_ID'"
+            exit 1
+          fi
+
       - name: Check authorization
         if: steps.check.outputs.is_agent == 'true'
         id: auth
@@ -509,16 +524,6 @@ jobs:
           ROOT_COMMENT_ID: ${{ steps.check.outputs.root_comment_id }}
           AUTHOR: ${{ github.event.comment.user.login }}
         run: |
-          # Validate ROOT_COMMENT_ID is a valid integer before using it
-          if [ -z "$ROOT_COMMENT_ID" ]; then
-            echo "::error::ROOT_COMMENT_ID is not set"
-            exit 1
-          fi
-          
-          if ! [[ "$ROOT_COMMENT_ID" =~ ^[0-9]+$ ]]; then
-            echo "::error::ROOT_COMMENT_ID is not a valid integer: '$ROOT_COMMENT_ID'"
-            exit 1
-          fi
           
           jq -n \
             --arg body "Sorry @$AUTHOR, conversational replies are currently available to repository collaborators only. Your feedback has still been captured and will be used to improve future reviews.
@@ -639,7 +644,7 @@ jobs:
       - name: Run reply
         if: steps.check.outputs.is_agent == 'true' && steps.auth.outputs.authorized == 'true'
         continue-on-error: true
-        uses: docker/cagent-action/review-pr/reply@latest
+        uses: docker/cagent-action/review-pr/reply@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
         with:
           thread-context: ${{ steps.thread.outputs.prompt }}
           comment-id: ${{ github.event.comment.id }}
@@ -652,20 +657,3 @@ jobs:
           mistral-api-key: ${{ secrets.MISTRAL_API_KEY }}
           github-token: ${{ steps.app-token.outputs.token || github.token }}
           skip-auth: "true" # Org membership already verified above
-
-      - name: React on thread-build failure
-        if: >-
-          always() &&
-          steps.check.outputs.is_agent == 'true' &&
-          steps.auth.outputs.authorized == 'true' &&
-          steps.thread.outcome == 'failure'
-        continue-on-error: true
-        shell: bash
-        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
-          REPO: ${{ github.repository }}
-          COMMENT_ID: ${{ github.event.comment.id }}
-        run: |
-          gh api "repos/$REPO/pulls/comments/$COMMENT_ID/reactions" \
-            -f content="confused" --silent || true
-          echo "😕 Thread context build failed — added confused reaction"

.github/workflows/review-pr.yml

@@ -2,7 +2,7 @@ name: Update Docker Agent version
 
 on:
   repository_dispatch:
-    types: [cagent-release]
+    types: [docker-agent-release]
   workflow_dispatch:
     inputs:
       version:
@@ -13,28 +13,24 @@ on:
 jobs:
   update-version:
     runs-on: ubuntu-latest
-    env:
-      HAS_APP_SECRETS: ${{ secrets.CAGENT_REVIEWER_APP_ID != '' }}
     steps:
       - name: Generate GitHub App token
-        if: env.HAS_APP_SECRETS == 'true'
         id: app-token
-        continue-on-error: true
         uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2
         with:
           app_id: ${{ secrets.CAGENT_REVIEWER_APP_ID }}
           private_key: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }}
 
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          token: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Determine version
         id: version
         env:
           DISPATCH_VERSION: ${{ github.event.client_payload.version }}
           INPUT_VERSION: ${{ inputs.version }}
-          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
         run: |
           if [ -n "$INPUT_VERSION" ]; then
             VERSION="$INPUT_VERSION"
@@ -52,7 +48,7 @@ jobs:
 
       - name: Validate version exists
         env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           VERSION: ${{ steps.version.outputs.version }}
         run: |
           echo "Validating that $VERSION exists as a release on docker/docker-agent..."
@@ -91,7 +87,7 @@ jobs:
       - name: Create or update PR
         if: steps.check.outputs.skip != 'true'
         env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           VERSION: ${{ steps.version.outputs.version }}
           CURRENT: ${{ steps.check.outputs.current }}
         run: |

…thub/workflows/update-cagent-version.yml …orkflows/update-docker-agent-version.yml.github/workflows/update-cagent-version.yml renamed to .github/workflows/update-docker-agent-version.yml .github/workflows/update-cagent-version.yml renamed to .github/workflows/update-docker-agent-version.yml

@@ -7,7 +7,7 @@ A GitHub Action for running [Docker Agent](https://github.com/docker/docker-agen
 1. **Add the action to your workflow**:
 
    ```yaml
-   - uses: docker/cagent-action@latest
+   - uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
      with:
        agent: path/to/agent.yaml
        prompt: "Analyze this code"
@@ -62,7 +62,7 @@ permissions:
 
 jobs:
   review:
-    uses: docker/cagent-action/.github/workflows/review-pr.yml@latest
+    uses: docker/cagent-action/.github/workflows/review-pr.yml@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
     # Scoped to the job so other jobs in this workflow aren't over-permissioned
     permissions:
       contents: read # Read repository files and PR diffs
@@ -84,7 +84,7 @@ See the [full PR Review documentation](review-pr/README.md) for more details.
 
 ```yaml
 - name: Run Custom Agent
-  uses: docker/cagent-action@latest
+  uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     agent: ./agents/my-agent.yaml
     prompt: "Analyze the codebase"
@@ -95,7 +95,7 @@ See the [full PR Review documentation](review-pr/README.md) for more details.
 
 ```yaml
 - name: Run Docker Agent with Custom Settings
-  uses: docker/cagent-action@latest
+  uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     agent: docker/code-analyzer
     prompt: "Analyze this codebase"
@@ -115,7 +115,7 @@ See the [full PR Review documentation](review-pr/README.md) for more details.
 ```yaml
 - name: Run Docker Agent
   id: agent
-  uses: docker/cagent-action@latest
+  uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     agent: docker/code-analyzer
     prompt: "Analyze this codebase"
@@ -245,14 +245,14 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Security Review
-        uses: docker/cagent-action@latest
+        uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
         with:
           agent: docker/github-action-security-scanner
           prompt: "Analyze for security issues"
           anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
 
       - name: Code Quality Analysis
-        uses: docker/cagent-action@latest
+        uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
         with:
           agent: docker/code-quality-analyzer
           prompt: "Analyze code quality and best practices"
@@ -285,7 +285,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Run Agent
-        uses: docker/cagent-action@latest
+        uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
         with:
           agent: ${{ github.event.inputs.agent }}
           prompt: ${{ github.event.inputs.prompt }}

README.md

@@ -23,7 +23,7 @@ permissions:
 
 jobs:
   review:
-    uses: docker/cagent-action/.github/workflows/review-pr.yml@latest
+    uses: docker/cagent-action/.github/workflows/review-pr.yml@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
     # Scoped to the job so other jobs in this workflow aren't over-permissioned
     permissions:
       contents: read       # Read repository files and PR diffs
@@ -146,7 +146,7 @@ jobs:
           fetch-depth: 0
           ref: refs/pull/${{ github.event.issue.number }}/head
 
-      - uses: docker/cagent-action/review-pr@latest
+      - uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
         with:
           anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -163,7 +163,7 @@ The recommended approach is to add an `AGENTS.md` file to your repository root.
 For workflow-level overrides or guidelines that apply across multiple repos, use the `additional-prompt` input:
 
 ```yaml
-- uses: docker/cagent-action/review-pr@latest
+- uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
     additional-prompt: |
@@ -174,7 +174,7 @@ For workflow-level overrides or guidelines that apply across multiple repos, use
 ```
 
 ```yaml
-- uses: docker/cagent-action/review-pr@latest
+- uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
     additional-prompt: |
@@ -186,7 +186,7 @@ For workflow-level overrides or guidelines that apply across multiple repos, use
 
 ```yaml
 # Project-specific conventions
-- uses: docker/cagent-action/review-pr@latest
+- uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
     additional-prompt: |
@@ -207,31 +207,31 @@ Override for more thorough or cost-effective reviews:
 
 ```yaml
 # Anthropic (default provider)
-- uses: docker/cagent-action/review-pr@latest
+- uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
     model: anthropic/claude-opus-4 # More thorough reviews
 ```
 
 ```yaml
 # OpenAI Codex
-- uses: docker/cagent-action/review-pr@latest
+- uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     openai-api-key: ${{ secrets.OPENAI_API_KEY }}
     model: openai/codex-mini
 ```
 
 ```yaml
 # Google Gemini
-- uses: docker/cagent-action/review-pr@latest
+- uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     google-api-key: ${{ secrets.GOOGLE_API_KEY }}
     model: gemini/gemini-2.0-flash
 ```
 
 ```yaml
 # xAI Grok
-- uses: docker/cagent-action/review-pr@latest
+- uses: docker/cagent-action/review-pr@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     xai-api-key: ${{ secrets.XAI_API_KEY }}
     model: xai/grok-2

review-pr/README.md

@@ -676,7 +676,7 @@ runs:
     - name: Process pending feedback
       if: steps.lock-check.outputs.skip != 'true' && steps.pending-feedback.outputs.has_feedback == 'true'
       continue-on-error: true
-      uses: docker/cagent-action@latest
+      uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
       with:
         agent: ${{ github.action_path }}/agents/pr-review-feedback.yaml
         prompt: |
@@ -779,7 +779,7 @@ runs:
     - name: Run PR Review
       if: steps.lock-check.outputs.skip != 'true'
       id: run-review
-      uses: docker/cagent-action@latest
+      uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
       with:
         agent: ${{ github.action_path }}/agents/pr-review.yaml
         prompt: ${{ steps.context.outputs.review_prompt }}

review-pr/action.yml

@@ -71,7 +71,7 @@ runs:
     - name: Run reply agent
       id: run-reply
       continue-on-error: true
-      uses: docker/cagent-action@latest
+      uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
       with:
         agent: ${{ github.action_path }}/../agents/pr-review-reply.yaml
         prompt: ${{ inputs.thread-context }}

review-pr/reply/action.yml

@@ -220,7 +220,7 @@ All tests must pass before deployment.
 ```yaml
 - name: Run Agent
   id: agent
-  uses: docker/cagent-action@latest
+  uses: docker/cagent-action@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
   with:
     agent: my-agent
     prompt: "Analyze the logs"