From 68cfcb5c465e1c85ea8fa8660eb5dc5783c8ba71 Mon Sep 17 00:00:00 2001
From: Bruno Borges <brborges@microsoft.com>
Date: Tue, 24 Feb 2026 15:08:38 -0500
Subject: [PATCH] fix: update forbidden file check to allow actions-lock.json
 for workflow compilation

---
 .github/workflows/validate-agentic-workflows-pr.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/validate-agentic-workflows-pr.yml b/.github/workflows/validate-agentic-workflows-pr.yml
index 5f5ff281..98ccb5d6 100644
--- a/.github/workflows/validate-agentic-workflows-pr.yml
+++ b/.github/workflows/validate-agentic-workflows-pr.yml
@@ -25,12 +25,14 @@ jobs:
         id: check
         run: |
           # Check for YAML/lock files in workflows/ and any .github/ modifications
+          # Allow .github/aw/actions-lock.json which is needed for workflow compilation
           forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \
             'workflows/**/*.yml' \
             'workflows/**/*.yaml' \
             'workflows/**/*.lock.yml' \
             '.github/*' \
-            '.github/**')
+            '.github/**' \
+            | grep -v '^\.github/aw/actions-lock\.json$')
 
           if [ -n "$forbidden" ]; then
             echo "❌ Forbidden files detected:"