build(deps): bump github/gh-aw from 0.77.5 to 0.79.9 in the github-actions group across 1 directory

[dependabot]

Bumps the github-actions group with 1 update in the / directory: github/gh-aw.

Updates github/gh-aw from 0.77.5 to 0.79.9

Release notes

Sourced from github/gh-aw's releases.

v0.79.8

🌟 Release Highlights

v0.79.8 brings two new Go linters for code quality enforcement, a wave of targeted bug fixes improving reliability and portability, a performance boost for workflow run queries, and codemod improvements to complete the max-effective-tokens → max-ai-credits migration.

✨ What's New

• httpnoctx linter (#38888) — Automatically flags Go HTTP calls made without a context.Context parameter, helping catch a common source of non-cancellable requests before they reach production.
• hardcodedfilepath linter (#38742) — Detects hard-coded file path string literals in Go code, surfacing brittle path assumptions that break across environments.
• Code Simplifier budget caps (#38851) — Per-run hard budgets with graceful noop exit prevent runaway simplification loops from consuming unbounded AI credits.
• --gh-aw-ref resolved to commit SHA at compile time (#38689) — Branch and tag references passed via --gh-aw-ref are now pinned to their commit SHA during compilation, ensuring deterministic and auditable workflow builds.
• AOAI Entra smoke workflow (#38706) — New end-to-end smoke workflow validates Azure OpenAI Entra authentication for Copilot, extending CI coverage to AOAI-backed runs.

🐛 Bug Fixes & Improvements

• environment: propagation fixed (#38918) — Top-level environment: blocks are now correctly propagated to the detection job, resolving a compilation gap that silently dropped environment bindings.
• set_issue_field GraphQL fix (#38882) — Corrects an invalid GraphQL query in fetchIssueFields that caused set_issue_field calls to fail at runtime.
• String-form create_issue.labels handled (#38738) — Safe-output validation and schema definitions now correctly handle labels provided as a comma-separated string in addition to arrays, fixing label assignment failures.
• False-positive AI credits failures eliminated (#38737) — Prevents erroneous failure issues from being filed on successful runs that happened to trigger unknown-model detection logic.
• Copilot supports arbitrary HOME directories (#38725) — The Copilot engine integration no longer assumes /home/runner as the home directory, improving portability for non-standard runner environments.
• Designer Drift Audit permissions fix (#38855) — Added the missing pull-requests: read scope so the Designer Drift Audit workflow can read PR data without permission errors.

⚡ Performance

• Faster workflow run queries (#38779) — listWorkflowRuns pagination now stops as soon as the 24-hour cutoff is reached rather than fetching all pages, significantly reducing API calls on active repositories.

🔧 Migration

• max-effective-tokens: -1 codemod completed (#38850) — The effective-tokens-to-ai-credits codemod (gh aw fix --write) now correctly rewrites the -1 sentinel value for max-effective-tokens, closing the last gap in the legacy budget migration. Run gh aw fix --write if you still see max-effective-tokens: -1 in your workflows.

📚 Documentation

• Updated docs covering features shipped through 2026-06-12 (#38828) including spec audits for fileutil, constants, timeutil, and tty packages (#38848).

Generated by 🚀 Release · 110.8 AIC · ⊞ 28.8K

---

What's Changed

• Prevent false-positive AI credits/unknown-model failure issues on successful runs by @​Copilot in github/gh-aw#38737
• Scale homepage hero slides correctly on mobile by @​Copilot in github/gh-aw#38740
• Add hardcodedfilepath linter to detect hard-coded file path string literals by @​Copilot in github/gh-aw#38742
• fix(copilot): support arbitrary HOME directory, not just /home/runner by @​Copilot in github/gh-aw#38725
• Add AOAI Entra smoke workflow for Copilot by @​Copilot in github/gh-aw#38706
• Handle string-form create_issue.labels across safe-output validation and schema/tool definitions by @​Copilot in github/gh-aw#38738
• [community] Update community contributions in README by @​github-actions[bot] in github/gh-aw#38771
• Resolve --gh-aw-ref branch/tag to commit SHA at compile time by @​dsyme in github/gh-aw#38689
• Fix lint-go CGO failure by normalizing ResolveGhAwRef formatting and string construction by @​Copilot in github/gh-aw#38778

... (truncated)

Commits

• 54ad1f8 Allow cross-repo safe-outputs.dispatch-workflow allowlists (#39080)
• cbc240f docs: consolidate developer specifications into instructions file (#39082)
• 350dfb3 feat: add "Optimize token consumption" section to agent failure issues when a...
• 61344a1 Add gh-aw-node publish workflow for the safe-outputs MCP runtime (#39081)
• 7c17f17 Reduce Copilot template-injection noise by moving max-ai-credits expression t...
• 247bb74 [actions] Update GitHub Actions versions - 2026-06-13 (#39056)
• 2bee20b httpnoctx: convert 3 context-free HTTP calls to NewRequestWithContext+Do and ...
• 00fa6d3 [ab-advisor] architecture-guardian: A/B test sub_agent_strategy (sub_agents v...
• e1cc4da Make safe-outputs.add-comment discussions permission opt-in by default (#39...
• d3286d9 Refactor duplicated on.* frontmatter trigger parsing in YAML extraction (#3...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions