Move update-project and create-project-status-update to unified handler

actions/setup/js/safe_output_project_handler_manager.cjs

@@ -7,7 +7,10 @@
  * This module manages the dispatch of project-related safe output messages to dedicated handlers.
  * It handles safe output types that require GH_AW_PROJECT_GITHUB_TOKEN:
  * - create_project
- * - create_project_status_update
+ * - copy_project
+ *
+ * Note: update_project and create_project_status_update are now handled by the unified
+ * handler manager (safe_output_unified_handler_manager.cjs) and should NOT be processed here.
  *
  * These types are separated from the main handler manager because they require a different
  * GitHub token (GH_AW_PROJECT_GITHUB_TOKEN) than other safe output types.
@@ -23,11 +26,12 @@ const { loadCustomSafeOutputJobTypes } = require("./safe_output_helpers.cjs");
  * Handler map configuration for project-related safe outputs
  * Maps safe output types to their handler module file paths
  * All these types require GH_AW_PROJECT_GITHUB_TOKEN
+ *
+ * Note: update_project and create_project_status_update are intentionally excluded
+ * from this map as they are now handled by the unified handler manager.
  */
 const PROJECT_HANDLER_MAP = {
   create_project: "./create_project.cjs",
-  create_project_status_update: "./create_project_status_update.cjs",
-  update_project: "./update_project.cjs",
   copy_project: "./copy_project.cjs",
 };
 

pkg/workflow/compiler_safe_outputs_config.go

@@ -422,20 +422,17 @@ var handlerRegistry = map[string]handlerBuilder{
 			AddIfNotEmpty("github-token", c.GitHubToken).
 			Build()
 	},
-}
-
-// projectHandlerRegistry maps project handler names to their builder functions
-var projectHandlerRegistry = map[string]handlerBuilder{
-	"create_project": func(cfg *SafeOutputsConfig) map[string]any {
-		if cfg.CreateProjects == nil {
+	// Note: update_project and create_project_status_update are handled by the unified handler,
+	// not the separate project handler manager, so they are included in this registry.
+	"update_project": func(cfg *SafeOutputsConfig) map[string]any {
+		if cfg.UpdateProjects == nil {
 			return nil
 		}
-		c := cfg.CreateProjects
+		c := cfg.UpdateProjects
 		builder := newHandlerConfigBuilder().
 			AddIfPositive("max", c.Max).
-			AddIfNotEmpty("target_owner", c.TargetOwner).
-			AddIfNotEmpty("title_prefix", c.TitlePrefix).
-			AddIfNotEmpty("github-token", c.GitHubToken)
+			AddIfNotEmpty("github-token", c.GitHubToken).
+			AddIfNotEmpty("project", c.Project)
 		if len(c.Views) > 0 {
 			builder.AddDefault("views", c.Views)
 		}
@@ -452,15 +449,25 @@ var projectHandlerRegistry = map[string]handlerBuilder{
 		return newHandlerConfigBuilder().
 			AddIfPositive("max", c.Max).
 			AddIfNotEmpty("github-token", c.GitHubToken).
+			AddIfNotEmpty("project", c.Project).
 			Build()
 	},
-	"update_project": func(cfg *SafeOutputsConfig) map[string]any {
-		if cfg.UpdateProjects == nil {
+}
+
+// projectHandlerRegistry maps project handler names to their builder functions
+// Note: As of recent changes, only create_project and copy_project are in this registry.
+// update_project and create_project_status_update have been moved to the main handlerRegistry
+// as they are now handled by the unified handler.
+var projectHandlerRegistry = map[string]handlerBuilder{
+	"create_project": func(cfg *SafeOutputsConfig) map[string]any {
+		if cfg.CreateProjects == nil {
 			return nil
 		}
-		c := cfg.UpdateProjects
+		c := cfg.CreateProjects
 		builder := newHandlerConfigBuilder().
 			AddIfPositive("max", c.Max).
+			AddIfNotEmpty("target_owner", c.TargetOwner).
+			AddIfNotEmpty("title_prefix", c.TitlePrefix).
 			AddIfNotEmpty("github-token", c.GitHubToken)
 		if len(c.Views) > 0 {
 			builder.AddDefault("views", c.Views)
@@ -523,8 +530,10 @@ func (c *Compiler) addHandlerManagerConfigEnvVar(steps *[]string, data *Workflow
 }
 
 // addProjectHandlerManagerConfigEnvVar adds the GH_AW_SAFE_OUTPUTS_PROJECT_HANDLER_CONFIG environment variable
-// containing JSON configuration for project-related safe output handlers (create_project, create_project_status_update).
+// containing JSON configuration for project-related safe output handlers (create_project, copy_project).
 // These handlers require GH_AW_PROJECT_GITHUB_TOKEN and are processed separately from the main handler manager.
+// Note: update_project and create_project_status_update are now handled by the unified handler and are
+// NOT included in this config.
 func (c *Compiler) addProjectHandlerManagerConfigEnvVar(steps *[]string, data *WorkflowData) {
 	if data.SafeOutputs == nil {
 		compilerSafeOutputsConfigLog.Print("No safe-outputs configuration, skipping project handler config")

pkg/workflow/compiler_safe_outputs_job.go

@@ -148,14 +148,15 @@ func (c *Compiler) buildConsolidatedSafeOutputsJob(data *WorkflowData, mainJobNa
 
 	// Check if any project-handler-manager-supported types are enabled
 	// These types require GH_AW_PROJECT_GITHUB_TOKEN and are processed separately
+	// Note: update-project and create-project-status-update are handled by the unified handler,
+	// not the project handler manager, so they are excluded from this check
 	hasProjectHandlerManagerTypes := data.SafeOutputs.CreateProjects != nil ||
-		data.SafeOutputs.CreateProjectStatusUpdates != nil ||
-		data.SafeOutputs.UpdateProjects != nil ||
 		data.SafeOutputs.CopyProjects != nil
 
-	// 1. Project Handler Manager step (processes create_project, update_project, copy_project, etc.)
+	// 1. Project Handler Manager step (processes create_project, copy_project)
 	// These types require GH_AW_PROJECT_GITHUB_TOKEN and must be processed separately from the main handler manager
 	// This runs FIRST to ensure projects exist before issues/PRs are created and potentially added to them
+	// Note: update-project and create-project-status-update are handled by the unified handler
 	if hasProjectHandlerManagerTypes {
 		consolidatedSafeOutputsJobLog.Print("Using project handler manager for project-related safe outputs")
 		projectHandlerManagerSteps := c.buildProjectHandlerManagerStep(data)
@@ -169,15 +170,10 @@ func (c *Compiler) buildConsolidatedSafeOutputsJob(data *WorkflowData, mainJobNa
 		// Add permissions for project-related types
 		// Note: Projects v2 cannot use GITHUB_TOKEN; it requires a PAT or GitHub App token
 		// The permissions here are for workflow-level permissions, actual API calls use GH_AW_PROJECT_GITHUB_TOKEN
+		// Only create_project and copy_project are handled by the project handler manager
 		if data.SafeOutputs.CreateProjects != nil {
 			permissions.Merge(NewPermissionsContentsReadProjectsWrite())
 		}
-		if data.SafeOutputs.CreateProjectStatusUpdates != nil {
-			permissions.Merge(NewPermissionsContentsReadProjectsWrite())
-		}
-		if data.SafeOutputs.UpdateProjects != nil {
-			permissions.Merge(NewPermissionsContentsReadProjectsWrite())
-		}
 		if data.SafeOutputs.CopyProjects != nil {
 			permissions.Merge(NewPermissionsContentsReadProjectsWrite())
 		}
@@ -254,6 +250,14 @@ func (c *Compiler) buildConsolidatedSafeOutputsJob(data *WorkflowData, mainJobNa
 		if data.SafeOutputs.DispatchWorkflow != nil {
 			permissions.Merge(NewPermissionsActionsWrite())
 		}
+		// Project-related types now handled by the unified handler
+		// (not the separate project handler manager step)
+		if data.SafeOutputs.UpdateProjects != nil {
+			permissions.Merge(NewPermissionsContentsReadProjectsWrite())
+		}
+		if data.SafeOutputs.CreateProjectStatusUpdates != nil {
+			permissions.Merge(NewPermissionsContentsReadProjectsWrite())
+		}
 
 		// If create-issue is configured with assignees: copilot, run a follow-up step to
 		// assign the Copilot coding agent. The handler manager exports the list via