fix: double-mount runner tool cache at /host prefix for AWF chroot on GPU runners

[Copilot]

All workflows on aw-gpu-runner-T4 have been failing since inception because the AWF chroot pre-flight check can't find node. The GPU runner stores its tool cache at /home/runner/work/_tool (not /opt/hostedtoolcache), and the AWF container's chroot root is /host — so a path mounted only at its normal container path is invisible to the chroot.

Root cause

toolCacheMountProbe was generating a single bind-mount for non-/opt/* tool caches:

GH_AW_TOOL_CACHE_MOUNT="$GH_AW_TOOL_CACHE:$GH_AW_TOOL_CACHE:ro"
# → container sees /home/runner/work/_tool
# → chroot needs /host/home/runner/work/_tool  ✗

The ${RUNNER_TEMP}/gh-aw path already uses the correct double-mount pattern (once at its normal path, once at /host-prefix), but the tool cache didn't.

Changes

• pkg/workflow/awf_helpers.go — Added GH_AW_TOOL_CACHE_HOST_MOUNT variable. Both the RUNNER_TOOL_CACHE and /home/runner/work/_tool fallback branches now set it to $GH_AW_TOOL_CACHE:/host$GH_AW_TOOL_CACHE:ro. Added toolCacheHostMountRef and included it in all four BuildAWFCommand branches:

  GH_AW_TOOL_CACHE_MOUNT="$GH_AW_TOOL_CACHE:$GH_AW_TOOL_CACHE:ro"
  GH_AW_TOOL_CACHE_HOST_MOUNT="$GH_AW_TOOL_CACHE:/host$GH_AW_TOOL_CACHE:ro"
  # AWF invocation now includes both:
  ${GH_AW_TOOL_CACHE_MOUNT:+--mount "$GH_AW_TOOL_CACHE_MOUNT"} \
  ${GH_AW_TOOL_CACHE_HOST_MOUNT:+--mount "$GH_AW_TOOL_CACHE_HOST_MOUNT"}

• pkg/workflow/awf_config_test.go — Extended TestBuildAWFCommand_AddsToolCacheMountProbe to assert both the normal and /host-prefixed mount vars and refs are present in the generated command.
• 250 workflow .lock.yml files recompiled; golden test files updated.

Affects all four workflows using aw-gpu-runner-T4: daily-news, daily-issues-report, daily-fact, hippo-embed.

[Copilot]

Pull request overview

This PR fixes AWF chroot execution on aw-gpu-runner-T4 by ensuring the runner tool cache is bind-mounted both at its normal container path and at the /host-prefixed path required by AWF’s chroot root. This makes node (and other tool-cache-provided binaries) visible to the chroot pre-flight checks on GPU runners whose tool cache lives outside /opt.

Changes:

• Extend the tool cache mount probe in BuildAWFCommand to also emit GH_AW_TOOL_CACHE_HOST_MOUNT and inject its --mount argument into all command assembly branches.
• Update unit test coverage to assert the new /host-prefixed mount variable and mount ref are included in the generated AWF command.
• Refresh generated golden fixtures and compiled workflow .lock.yml outputs to reflect the updated AWF invocation.

Show a summary per file

File	Description
pkg/workflow/awf_helpers.go	Adds GH_AW_TOOL_CACHE_HOST_MOUNT and injects the /host mount into all AWF command-building branches.
pkg/workflow/awf_config_test.go	Extends assertions to cover the new host-prefixed tool cache mount variable and mount ref.
actions/setup-cli/install.sh	Fixes sync note to correctly describe install-gh-aw.sh as the canonical source.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden	Updates generated output to include GH_AW_TOOL_CACHE_HOST_MOUNT and its AWF --mount injection.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden	Updates generated output to include the host-prefixed tool cache mount.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/playwright-cli-mode.golden	Updates generated output to include the host-prefixed tool cache mount.
pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden	Updates generated output to include the host-prefixed tool cache mount.
pkg/workflow/testdata/TestWasmGolden_AllEngines/pi.golden	Updates generated output to include the host-prefixed tool cache mount.
pkg/workflow/testdata/TestWasmGolden_AllEngines/gemini.golden	Updates generated output to include the host-prefixed tool cache mount.
pkg/workflow/testdata/TestWasmGolden_AllEngines/copilot.golden	Updates generated output to include the host-prefixed tool cache mount.
pkg/workflow/testdata/TestWasmGolden_AllEngines/codex.golden	Updates generated output to include the host-prefixed tool cache mount.
pkg/workflow/testdata/TestWasmGolden_AllEngines/claude.golden	Updates generated output to include the host-prefixed tool cache mount.
.github/workflows/workflow-normalizer.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/video-analyzer.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/update-astro.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/test-workflow.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/test-project-url-default.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/test-dispatcher.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-test-tools.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-temporary-id.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-pi.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-opencode.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-gemini.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-crush.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-ci.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/smoke-antigravity.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/security-review.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/research.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/repo-tree-map.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/release.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/pdf-summary.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/notion-issue-summary.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/issue-triage-agent.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/hippo-embed.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/gpclean.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/functional-pragmatist.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/firewall.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/example-permissions-warning.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/example-failure-category-filter.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/dependabot-repair.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/dependabot-go-checker.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/daily-team-status.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/daily-malicious-code-scan.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/daily-credit-limit-test.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/daily-byok-ollama-test.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/copilot-pr-merged-report.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/codex-github-remote-mcp-test.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/changeset.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/brave.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/bot-detection.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/architecture-guardian.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/ai-moderator.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/agentic-token-optimizer.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.
.github/workflows/ace-editor.lock.yml	Regenerated compiled workflow output reflecting the additional tool cache /host mount.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 136/262 changed files
• Comments generated: 0

[pelikhan]

@copilot merge main and recompile
Run pr-finisher skill

[Copilot]

@copilot merge main and recompile
Run pr-finisher skill

Done. Merged main into this branch (merge commit c347e85), resolved 3 .lock.yml conflicts by keeping our GH_AW_TOOL_CACHE_HOST_MOUNT changes, then ran make recompile — all 250 workflows compiled cleanly. make fmt, make lint, and make test-unit all pass locally.

CI must be re-triggered by a maintainer (close/reopen or push) to confirm on the runner.

[pelikhan]

@copilot still broken https://github.com/github/gh-aw/actions/runs/27760141601/job/82132181721#step:44:1

[github-actions]

@copilot please fix the GPU-runner tool-cache mount issue and rerun checks, then summarize any remaining blocker.

Generated by 👨‍🍳 PR Sous Chef · 46.5 AIC · ⌖ 0.993 AIC · ⊞ 17.2K · ◷

[github-actions]

@copilot rerun the GPU-runner validation and summarize the remaining blocker.

Generated by 👨‍🍳 PR Sous Chef · 71.6 AIC · ⌖ 1 AIC · ⊞ 17.2K · ◷