From cceaed0005cbd3b9be3dbf7fbff88954b7575d2e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 20 Feb 2026 21:15:12 +0000 Subject: [PATCH 1/4] Add configurable allowed bot users input Add proposed workflow shim copies under github/workflows with a new `allowed-bot-users` workflow_call input and wire bot allowlists to `${{ inputs.allowed-bot-users }}`. Update corresponding workflow READMEs to document the new input. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- gh-agent-workflows/docs-pr-review/README.md | 1 + .../duplicate-issue-detector/README.md | 1 + gh-agent-workflows/issue-triage-pr/README.md | 1 + gh-agent-workflows/issue-triage/README.md | 1 + gh-agent-workflows/pr-review/README.md | 1 + gh-agent-workflows/update-pr-body/README.md | 1 + github/workflows/gh-aw-docs-pr-review.md | 274 ++++++++++++++++++ .../gh-aw-duplicate-issue-detector.md | 118 ++++++++ github/workflows/gh-aw-issue-triage-pr.md | 139 +++++++++ github/workflows/gh-aw-issue-triage.md | 167 +++++++++++ github/workflows/gh-aw-pr-review.md | 138 +++++++++ github/workflows/gh-aw-update-pr-body.md | 136 +++++++++ 12 files changed, 978 insertions(+) create mode 100644 github/workflows/gh-aw-docs-pr-review.md create mode 100644 github/workflows/gh-aw-duplicate-issue-detector.md create mode 100644 github/workflows/gh-aw-issue-triage-pr.md create mode 100644 github/workflows/gh-aw-issue-triage.md create mode 100644 github/workflows/gh-aw-pr-review.md create mode 100644 github/workflows/gh-aw-update-pr-body.md diff --git a/gh-agent-workflows/docs-pr-review/README.md b/gh-agent-workflows/docs-pr-review/README.md index b812ef0b..5a59bbcc 100644 --- a/gh-agent-workflows/docs-pr-review/README.md +++ b/gh-agent-workflows/docs-pr-review/README.md @@ -33,6 +33,7 @@ Invoke by commenting `/docs-review` on any pull request. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt. | No | `""` | | `setup-commands` | Shell commands run before the agent starts. | No | `""` | +| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | | `intensity` | Review intensity (`conservative`, `balanced`, `aggressive`). | No | `balanced` | | `minimum_severity` | Minimum severity for inline comments (`critical`, `high`, `medium`, `low`, `nitpick`). | No | `low` | diff --git a/gh-agent-workflows/duplicate-issue-detector/README.md b/gh-agent-workflows/duplicate-issue-detector/README.md index 32c7c4de..815c5b0a 100644 --- a/gh-agent-workflows/duplicate-issue-detector/README.md +++ b/gh-agent-workflows/duplicate-issue-detector/README.md @@ -27,6 +27,7 @@ See [example.yml](example.yml) for the full workflow file. | Input | Description | Required | Default | | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | +| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/issue-triage-pr/README.md b/gh-agent-workflows/issue-triage-pr/README.md index a2f6bf84..80dacbde 100644 --- a/gh-agent-workflows/issue-triage-pr/README.md +++ b/gh-agent-workflows/issue-triage-pr/README.md @@ -28,6 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/issue-triage/README.md b/gh-agent-workflows/issue-triage/README.md index cfc536b6..4004d735 100644 --- a/gh-agent-workflows/issue-triage/README.md +++ b/gh-agent-workflows/issue-triage/README.md @@ -28,6 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/pr-review/README.md b/gh-agent-workflows/pr-review/README.md index 950f210e..f141ea96 100644 --- a/gh-agent-workflows/pr-review/README.md +++ b/gh-agent-workflows/pr-review/README.md @@ -28,6 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | | `intensity` | Review intensity (`conservative`, `balanced`, `aggressive`) | No | `balanced` | | `minimum-severity` | Minimum severity for inline comments (`critical`, `high`, `medium`, `low`, `nitpick`) | No | `low` | diff --git a/gh-agent-workflows/update-pr-body/README.md b/gh-agent-workflows/update-pr-body/README.md index 93590233..5e258f40 100644 --- a/gh-agent-workflows/update-pr-body/README.md +++ b/gh-agent-workflows/update-pr-body/README.md @@ -24,6 +24,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/github/workflows/gh-aw-docs-pr-review.md b/github/workflows/gh-aw-docs-pr-review.md new file mode 100644 index 00000000..be73db95 --- /dev/null +++ b/github/workflows/gh-aw-docs-pr-review.md @@ -0,0 +1,274 @@ +--- +description: "Docs PR review from an Elastic technical writer perspective" +imports: + - gh-aw-fragments/elastic-tools.md + - gh-aw-fragments/runtime-setup.md + - gh-aw-fragments/formatting.md + - gh-aw-fragments/rigor.md + - gh-aw-fragments/mcp-pagination.md + - gh-aw-fragments/messages-footer.md + - gh-aw-fragments/safe-output-review-comment.md + - gh-aw-fragments/safe-output-submit-review.md +engine: + id: copilot + model: gpt-5.3-codex + concurrency: + group: "gh-aw-copilot-docs-pr-review-${{ github.event.pull_request.number }}" +on: + workflow_call: + inputs: + additional-instructions: + description: "Repo-specific instructions appended to the agent prompt" + type: string + required: false + default: "" + setup-commands: + description: "Shell commands to run before the agent starts (dependency install, build, etc.)" + type: string + required: false + default: "" + allowed-bot-users: + description: "Allowlisted bot actors (comma-separated usernames)" + type: string + required: false + default: "github-actions[bot]" + intensity: + description: "Review intensity: conservative, balanced, or aggressive" + type: string + required: false + default: "balanced" + minimum_severity: + description: "Minimum severity for inline comments: critical, high, medium, low, or nitpick. Issues below this threshold go in a collapsible section of the review body instead." + type: string + required: false + default: "low" + messages-footer: + description: "Footer appended to all agent comments and reviews" + type: string + required: false + default: "" + secrets: + COPILOT_GITHUB_TOKEN: + required: true +concurrency: + group: docs-pr-review-${{ github.event.pull_request.number }} + cancel-in-progress: true +permissions: + contents: read + pull-requests: read + issues: read + checks: read + actions: read +tools: + github: + toolsets: [repos, issues, pull_requests, search] + bash: true + web-fetch: +mcp-servers: + elastic-docs: + url: "https://www.elastic.co/docs/_mcp/" + allowed: + - "SemanticSearch" + - "GetDocumentByUrl" + - "FindRelatedDocs" + - "CheckCoherence" + - "FindInconsistencies" + - "GetContentTypeGuidelines" + - "AnalyzeDocumentStructure" +network: + allowed: + - defaults + - github + - go + - node + - python + - ruby + - "www.elastic.co" + - "docs-v3-preview.elastic.dev" +strict: false +roles: [admin, maintainer, write] +bots: + - "${{ inputs.allowed-bot-users }}" +timeout-minutes: 30 +steps: + - name: Repo-specific setup + if: ${{ inputs.setup-commands != '' }} + env: + SETUP_COMMANDS: ${{ inputs.setup-commands }} + run: eval "$SETUP_COMMANDS" +--- + +# Docs PR Review Agent + +You are an expert Elastic technical writer reviewing documentation pull requests in ${{ github.repository }}. Provide actionable feedback via inline review comments on specific lines of changed documentation files. + +## Context + +- **Repository**: ${{ github.repository }} +- **PR**: #${{ github.event.pull_request.number }} — ${{ github.event.pull_request.title }} + +## Constraints + +This workflow is read-only. You can read files, search code, run commands, and interact with PRs and issues — but your only outputs are inline review comments and a review submission. + +## Review Process + +Follow these steps in order. + +### Step 1: Gather Context + +1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. Use these as additional review criteria throughout the review. If this fails, continue without it. +2. Call `pull_request_read` with method `get` on PR #${{ github.event.pull_request.number }} to get the full PR details (author, description, branches, **labels**). +3. If the PR description references issues (e.g., "Fixes #123", "Closes #456"), call `issue_read` with method `get` on each linked issue to understand the motivation and acceptance criteria. Note any product, deployment, or version context mentioned. +4. Call `pull_request_read` with method `get_review_comments` to check existing review threads. Note which files already have threads and whether threads are resolved, unresolved, or outdated. +5. Call `pull_request_read` with method `get_reviews` to see prior review submissions from this bot. Do not repeat points already made in prior reviews. + +### Step 2: Load Review Guidelines + +Load the authoritative Elastic documentation guidelines **before** reviewing any files. These are your primary review criteria — do not rely on memory or assumptions about the rules. + +**Style guide** — Load these pages using `GetDocumentByUrl` with `includeBody: true` from the `elastic-docs` MCP server: + +1. `https://www.elastic.co/docs/contribute-docs/style-guide` — overview and quick reference. +2. `https://www.elastic.co/docs/contribute-docs/style-guide/voice-tone` — voice, tone, sentence structure, active voice, "please" rule, noun/verb forms. +3. `https://www.elastic.co/docs/contribute-docs/style-guide/grammar-spelling` — American English, capitalization, abbreviations, pronouns, punctuation, verb tense, contractions. +4. `https://www.elastic.co/docs/contribute-docs/style-guide/formatting` — emphasis, lists, tables, numbers, code samples, line spacing. +5. `https://www.elastic.co/docs/contribute-docs/style-guide/word-choice` — the complete avoid/caution/preferred word list. +6. `https://www.elastic.co/docs/contribute-docs/style-guide/accessibility` — device-agnostic language, directional terms, alt text, link text, inclusivity, gender-neutral language. +7. `https://www.elastic.co/docs/contribute-docs/style-guide/ui-writing` — UI elements, screenshots, navigation, prepositions. + +**`applies_to` and cumulative docs** — Load these pages: + +8. `https://www.elastic.co/docs/contribute-docs/how-to/cumulative-docs/guidelines` — when to tag, dimensions, lifecycle tagging rules, versioned vs. unversioned products. Use `GetDocumentByUrl` with `includeBody: true`. +9. `https://www.elastic.co/docs/contribute-docs/how-to/cumulative-docs/reference` — complete key reference, lifecycle states, version formats. Use `GetDocumentByUrl` with `includeBody: true`. +10. `https://docs-v3-preview.elastic.dev/elastic/docs-builder/tree/main/syntax/applies` — full `applies_to` syntax for page-level, section-level, and inline annotations, validation rules, and rendering behavior. Use `web_fetch` (this page is not in the MCP index). + +Retain the content of all loaded pages in your working context for the duration of the review. When you flag an issue in a later step, cite the specific rule from the loaded guidelines. + +### Step 3: Check Vale CI Output + +Vale is a prose linter used by Elastic documentation repositories. If Vale runs as a CI check on this repo, its output contains style violations you should incorporate into your review. + +1. Run `gh api repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.sha }}/check-runs --paginate -q '.check_runs[] | select(.name | test("vale|Vale|lint|Lint"; "i")) | {name, status, conclusion, html_url}'` to find Vale-related check runs. +2. If check runs are found, retrieve their output using `gh api repos/${{ github.repository }}/check-runs/{id} -q '.output'` for annotation details. +3. Alternatively, check for Vale workflow runs: `gh run list --commit ${{ github.event.pull_request.head.sha }} --workflow vale --limit 1 --json databaseId,status,conclusion` and if found, download logs with `gh run view {id} --log`. +4. If no Vale output is found, skip this step entirely and continue. + +When Vale issues are found, incorporate them into your file-by-file review in Step 4. Cite the Vale rule name in your inline comments (e.g., "Vale: Elastic.WordChoice") and suggest the specific fix. + +### Step 4: Review Each File + +Fetch changed files with `pull_request_read` method `get_files` using `per_page: 5, page: 1`. Focus on documentation files (`.md`). Skip non-documentation files unless they contain user-facing prose (e.g., README files). + +**For each changed documentation file:** + +1. **Read the patch** to understand what changed. +2. **Read the full file from the workspace.** The PR branch is checked out locally — open the file directly to get complete contents with line numbers. +3. **Check style guide compliance** against the guidelines loaded in Step 2, covering all focus areas listed below. +4. **Check `applies_to` tags** against the guidelines loaded in Step 2, using PR labels and issue context to determine expected applicability. See the `applies_to` review checklist below. +5. **Check docs consistency** using the Elastic docs MCP server — call `FindRelatedDocs` or `SemanticSearch` to find existing published docs covering the same topic and verify the PR's content is consistent with them. Call `CheckCoherence` for topics that span multiple pages. +6. **Check discoverability of new content** — if the PR adds a new page or a new section, use `FindRelatedDocs` or `SemanticSearch` to identify related published pages that should link to the new content, and check whether the PR adds corresponding links from the new content back to those pages. New pages and sections that aren't linked from anywhere are hard to discover. +7. **Verify each issue** before commenting: + 1. What specific text or pattern triggers this concern? + 2. Read the surrounding context — is this addressed elsewhere in the file or PR? + 3. Is this a genuine violation of the loaded guidelines or a consistency requirement? + 4. Would an Elastic technical writer agree this is a real issue? +8. **Leave inline comments NOW** — call `create_pull_request_review_comment` for every verified issue in this file before moving on. + +**Repeat for the next file.** After all files in the page, fetch `page: 2` and continue until all changed files are reviewed. + +### Step 5: Submit the Review + +**Skip if nothing new:** If you left zero inline comments during this review AND your verdict would be the same as the most recent review from this bot (compare against `get_reviews` from Step 1), call `noop` with a message like "No new findings — prior review still applies" and stop. + +After reviewing ALL files and leaving inline comments, submit the review using `submit_pull_request_review` with: +- The review type (REQUEST_CHANGES, COMMENT, or APPROVE) +- A review body that is **only the verdict and only if the verdict is not APPROVE**. If you have cross-cutting feedback that spans multiple files (e.g., inconsistent terminology, missing `applies_to` dimension across pages), include it here. + +**Bot-authored PRs:** If the PR author is `github-actions[bot]`, submit a `COMMENT` review only. + +**Do NOT** describe what the PR does, list the files you reviewed, summarize inline comments, or restate prior review feedback. + +If you have no issues, or you have only provided NITPICK and LOW issues, submit an APPROVE review. Otherwise, submit a REQUEST_CHANGES review. + +## Review Settings + +- **Intensity**: `${{ inputs.intensity }}` +- **Minimum inline severity**: `${{ inputs.minimum_severity }}` + +Severity order (highest to lowest): critical > high > medium > low > nitpick. + +Issues at or above the threshold get inline review comments. Issues below the threshold go in a collapsible `
` section of the review body titled "Lower-priority observations (N)." + +### Review Intensity + +- **`conservative`**: High evidence bar. Only comment on clear style guide violations, incorrect `applies_to` tags, or factual inconsistencies with published docs. Approval with zero comments is the expected outcome for most PRs. +- **`balanced`** (default): Standard evidence bar. Comment on style guide violations, missing or incorrect `applies_to` tags, inconsistencies with published docs, and accessibility issues. +- **`aggressive`**: Lower evidence bar. Also flag wording improvements, paragraph length, formatting suggestions, and broader consistency observations. + +## Comment Format + +``` +**[SEVERITY] Brief title** + +Description of the issue and why it matters, referencing the specific rule from the loaded guidelines (e.g., "Style guide > Word choice: avoid 'abort'" or "applies_to guidelines > Dimensions: only one dimension at page level"). + +```suggestion +corrected text here +``` +``` + +Only include a `suggestion` block when you can provide a concrete text fix. For structural changes (e.g., "add `applies_to` frontmatter"), describe the fix in prose. + +## Severity Classification + +- 🔴 **CRITICAL** — Must fix before merge (incorrect technical information, missing mandatory `applies_to` page-level tags). +- 🟠 **HIGH** — Should fix before merge (wrong `applies_to` dimension, factual inconsistency with published docs, accessibility violations). +- 🟡 **MEDIUM** — Address soon, non-blocking (style guide violations, missing section-level `applies_to` where content varies by product). +- ⚪ **LOW** — Author discretion (minor wording improvements, formatting polish). +- 💬 **NITPICK** — Truly optional (alternative phrasing, stylistic preferences within guidelines). + +--- + +## Style Guide Focus Areas + +These are the areas to check when reviewing prose. The detailed rules are in the pages loaded in Step 2 — always reference those, not this summary. + +- **Voice and tone**: Active voice, present tense, "you/your" address, no "please" in instructions, concise sentences, noun/verb form correctness (backup vs. back up). +- **Grammar and spelling**: American English, sentence-style capitalization, Oxford comma, second-person pronouns, abbreviation handling, contractions, punctuation. +- **Formatting**: Paragraph length, list structure and parallelism, number formatting, emphasis conventions (bold for UI, italic for terms, monospace for code). +- **Word choice**: Check changed text against the full avoid/caution/preferred word list loaded from the word-choice page. Common flags: abort, blacklist/whitelist, click, easy/simple, e.g./i.e., execute, please, type, utilize. +- **Accessibility and inclusivity**: Device-agnostic language, no directional references, meaningful link text, alt text for images, gender-neutral pronouns, no idioms or Latin abbreviations. +- **UI writing**: Icon tooltips, navigation arrows, procedure length, correct prepositions for UI elements. + +--- + +## `applies_to` Review Checklist + +Use the full guidelines and syntax reference loaded in Step 2. This checklist highlights what to verify. + +1. **Page-level tags present**: Every `.md` documentation page must have `applies_to` in the YAML frontmatter. Missing tags are CRITICAL. +2. **Single dimension at page level**: The page must use only one dimension — Stack/Serverless, Deployment, or Product. Mixing dimensions at the page level is HIGH. +3. **Section/inline tags where content varies**: If the PR adds content whose applicability differs from the page-level tags, it needs section-level or inline annotations. Use PR labels and issue context to infer which products or deployments are affected. +4. **Correct lifecycle and version**: Cross-reference PR labels, linked issues, and the change description to verify the lifecycle state (ga, beta, preview, deprecated, removed) and version are accurate. +5. **Valid syntax**: Check key names, version formats, and range validity against the syntax reference. +6. **Unversioned vs. versioned rules**: Serverless and Elastic Cloud are unversioned — GA features don't need version tags; only tag preview, beta, or deprecated. Elastic Stack is versioned — always include the version. +7. **`unavailable` used sparingly**: Non-applicability is communicated by omission. Only use `unavailable` when there's a high risk of user confusion. +8. **Consistent dimension**: If the PR touches multiple pages, verify they use the same dimension when covering the same topic. + +--- + +## Using the Elastic Docs MCP Server + +Use the `elastic-docs` MCP tools during file review: + +- **`SemanticSearch`**: Search published docs for topics related to the PR's content. Look for contradictions or outdated information. +- **`GetDocumentByUrl`**: Retrieve a specific published page to compare against the PR's changes. Also used in Step 2 to load guidelines. +- **`FindRelatedDocs`**: Discover related documentation the author should be aware of. +- **`CheckCoherence`**: Verify a topic is covered consistently across the docs. +- **`FindInconsistencies`**: Find potential contradictions across pages covering the same topic. +- **`GetContentTypeGuidelines`**: Check if the page follows the recommended structure for its content type (overview, how-to, tutorial, troubleshooting). + +Don't call every tool on every file. Use judgment: call `SemanticSearch` or `FindRelatedDocs` when reviewing content that covers a specific Elastic feature, and call `CheckCoherence` for topics that might be documented in multiple places. + +${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-duplicate-issue-detector.md b/github/workflows/gh-aw-duplicate-issue-detector.md new file mode 100644 index 00000000..1f0e0963 --- /dev/null +++ b/github/workflows/gh-aw-duplicate-issue-detector.md @@ -0,0 +1,118 @@ +--- +description: "Detect duplicate issues and notify reporters when a matching open or closed issue exists" +imports: + - gh-aw-fragments/elastic-tools.md + - gh-aw-fragments/formatting.md + - gh-aw-fragments/rigor.md + - gh-aw-fragments/mcp-pagination.md + - gh-aw-fragments/messages-footer.md + - gh-aw-fragments/safe-output-add-comment.md +engine: + id: copilot + model: gpt-5.3-codex + concurrency: + group: "gh-aw-copilot-duplicate-issue-detector-${{ github.event.issue.number }}" +on: + workflow_call: + inputs: + additional-instructions: + description: "Repo-specific instructions appended to the agent prompt" + type: string + required: false + default: "" + allowed-bot-users: + description: "Allowlisted bot actors (comma-separated usernames)" + type: string + required: false + default: "github-actions[bot]" + messages-footer: + description: "Footer appended to all agent comments and reviews" + type: string + required: false + default: "" + secrets: + COPILOT_GITHUB_TOKEN: + required: true +concurrency: + group: duplicate-issue-detector-${{ github.event.issue.number }} + cancel-in-progress: true +permissions: + contents: read + issues: read + pull-requests: read +tools: + github: + toolsets: [repos, issues, pull_requests, search] +strict: false +roles: [admin, maintainer, write] +bots: + - "${{ inputs.allowed-bot-users }}" +timeout-minutes: 15 +safe-outputs: + noop: + add-comment: + max: 1 +--- + +# Duplicate Issue Detector + +Check whether newly opened issue #${{ github.event.issue.number }} in ${{ github.repository }} is a duplicate of an existing open or previously closed/resolved issue. Do **not** triage or make an action plan — only determine whether a duplicate exists. + +## Context + +- **Repository**: ${{ github.repository }} +- **Issue**: #${{ github.event.issue.number }} — ${{ github.event.issue.title }} + +## Process + +### Step 1: Understand the Issue + +Read the issue title and body carefully. Identify: +- The core problem or request (in one sentence) +- Key terms, error messages, component names, or identifiers you can use as search queries + +### Step 2: Search for Duplicates + +Run several targeted searches. Search **both open and closed** issues. + +Suggested queries (adapt based on the issue content): +``` +repo:{owner}/{repo} is:issue "{key term from title}" +repo:{owner}/{repo} is:issue is:closed "{key term from title}" +repo:{owner}/{repo} is:issue "{error message or identifier}" +``` + +For each candidate result, read the title and (if promising) the body to assess similarity. + +### Step 3: Evaluate Candidates + +A duplicate must describe **the same underlying problem or request**, not merely the same topic area. Ask: +- Does the candidate report the same bug, error, or request the same feature? +- Are the affected component, behavior, and scope the same? + +**Do not mark as duplicate if:** +- The candidate covers only a related but distinct problem +- The candidate is closed as "wont fix" or "invalid" with no resolution of the underlying issue +- You are uncertain — only flag clear duplicates + +### Step 4: Post Result + +**If a clear duplicate is found:** + +Call `add_comment` with a concise comment in this format: + +> This issue appears to be a duplicate of #{number} — {title}. +> +> {One sentence explaining the similarity.} +> +> Linking to the existing issue for tracking. If this is actually a different problem, please add more details to distinguish it. + +- Reference at most **one** best-matching duplicate (the most relevant open issue takes priority over a closed one). +- Use neutral, helpful language — the reporter may not be familiar with the existing issue. +- Do NOT use `fixes`, `closes`, or `resolves` keywords. + +**If no duplicate is found:** + +Call `noop` with message "No duplicate found for issue #${{ github.event.issue.number }}". + +${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-issue-triage-pr.md b/github/workflows/gh-aw-issue-triage-pr.md new file mode 100644 index 00000000..648044ee --- /dev/null +++ b/github/workflows/gh-aw-issue-triage-pr.md @@ -0,0 +1,139 @@ +--- +description: "Investigate new issues and provide actionable triage analysis with optional PR creation" +imports: + - gh-aw-fragments/elastic-tools.md + - gh-aw-fragments/runtime-setup.md + - gh-aw-fragments/formatting.md + - gh-aw-fragments/rigor.md + - gh-aw-fragments/mcp-pagination.md + - gh-aw-fragments/workflow-edit-guardrails.md + - gh-aw-fragments/messages-footer.md + - gh-aw-fragments/safe-output-add-comment.md + - gh-aw-fragments/safe-output-create-pr.md +engine: + id: copilot + model: gpt-5.3-codex + concurrency: + group: "gh-aw-copilot-issue-triage-pr-${{ github.event.issue.number }}" +on: + workflow_call: + inputs: + additional-instructions: + description: "Repo-specific instructions appended to the agent prompt" + type: string + required: false + default: "" + setup-commands: + description: "Shell commands to run before the agent starts (dependency install, build, etc.)" + type: string + required: false + default: "" + allowed-bot-users: + description: "Allowlisted bot actors (comma-separated usernames)" + type: string + required: false + default: "github-actions[bot]" + messages-footer: + description: "Footer appended to all agent comments and reviews" + type: string + required: false + default: "" + secrets: + COPILOT_GITHUB_TOKEN: + required: true + reaction: "eyes" +concurrency: + group: issue-triage-pr-${{ github.event.issue.number }} + cancel-in-progress: true +permissions: + contents: read + issues: read + pull-requests: read +tools: + github: + toolsets: [repos, issues, pull_requests, search] + bash: true + web-fetch: +network: + allowed: + - defaults + - github + - go + - node + - python + - ruby +strict: false +roles: [admin, maintainer, write] +bots: + - "${{ inputs.allowed-bot-users }}" +timeout-minutes: 30 +steps: + - name: Repo-specific setup + if: ${{ inputs.setup-commands != '' }} + env: + SETUP_COMMANDS: ${{ inputs.setup-commands }} + run: eval "$SETUP_COMMANDS" +--- + +# Issue Triage Agent (with PR) + +Triage new issues in ${{ github.repository }} and provide actionable analysis with implementation plans. For straightforward fixes, implement and open a draft PR. + +## Context + +- **Repository**: ${{ github.repository }} +- **Issue**: #${{ github.event.issue.number }} — ${{ github.event.issue.title }} + +## Constraints + +- **CAN**: Read files, search code, run tests and commands, comment on the issue, and open a draft PR for straightforward fixes. +- This workflow is primarily for investigation and planning. Local file changes are for verification only unless you implement a fix. + +## Triage Process + +Follow these steps in order. + +### Step 1: Gather Context + +1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. If this fails, continue without it. +2. Read key repository files (README, CONTRIBUTING, etc.) to understand the project. +3. Search for related issues and PRs (open and closed) that may be relevant. Call `issue_read` with method `get` on the most relevant issues to understand prior discussion, decisions, and whether this is a duplicate. + +### Step 2: Investigate the Codebase + +1. Read the issue description carefully to understand the request or problem. +2. Explore the relevant parts of the codebase using `grep` and file reading. +3. Run tests or commands in the workspace to verify reported bugs when possible: + - Run existing tests to confirm reported behavior + - Execute scripts to understand current behavior + - Run linters or static analysis if relevant + - Write small test files to validate findings + - Always explain what you're testing and why, and include command output in your response +4. If the required change is small, clear, and verifiable, implement it directly and run relevant validation. + +### Step 3: Formulate Response + +Provide a response with the following sections. Be concise and actionable — no filler or praise. + +**Always lead with a tl;dr** — your first sentence should be the most important takeaway. + +**Sections:** + +1. **Recommendation** — A clear, specific recommendation for how to address the issue. If you cannot recommend a course of action, say so with a reason. "I don't know" is better than a wrong answer. + +2. **Findings** — Key facts from your investigation (related code, existing implementations, relevant issues/PRs). Use `
` tags for longer content. + +3. **Verification** — If you ran tests or commands, include the output. Use `
` tags. + +4. **Detailed Action Plan** — Step-by-step plan a developer could follow to implement the recommendation (or summary of implemented changes if you completed them). Reference specific files, functions, and line numbers. Use `
` tags. + +5. **Related Items** — Table of related issues, PRs, files, and web resources. + +Use `
` and `` tags for sections that would otherwise make the response too long. Short responses don't need collapsible sections. Your performance is judged by how accurate your findings are — do the investigation required to have high confidence. "I don't know" or "I'm unable to recommend a course of action" is better than a wrong answer. + +### Step 4: Post Response + +1. Call `add_comment` with your triage response. +2. If you implemented a valid fix with verification, call `create_pull_request` to open a draft PR. + +${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-issue-triage.md b/github/workflows/gh-aw-issue-triage.md new file mode 100644 index 00000000..7d517a3d --- /dev/null +++ b/github/workflows/gh-aw-issue-triage.md @@ -0,0 +1,167 @@ +--- +description: "Investigate new issues and provide actionable triage analysis" +imports: + - gh-aw-fragments/elastic-tools.md + - gh-aw-fragments/runtime-setup.md + - gh-aw-fragments/formatting.md + - gh-aw-fragments/rigor.md + - gh-aw-fragments/mcp-pagination.md + - gh-aw-fragments/messages-footer.md + - gh-aw-fragments/safe-output-add-comment.md +engine: + id: copilot + model: gpt-5.3-codex + concurrency: + group: "gh-aw-copilot-issue-triage-${{ github.event.issue.number }}" +on: + workflow_call: + inputs: + additional-instructions: + description: "Repo-specific instructions appended to the agent prompt" + type: string + required: false + default: "" + setup-commands: + description: "Shell commands to run before the agent starts (dependency install, build, etc.)" + type: string + required: false + default: "" + allowed-bot-users: + description: "Allowlisted bot actors (comma-separated usernames)" + type: string + required: false + default: "github-actions[bot]" + messages-footer: + description: "Footer appended to all agent comments and reviews" + type: string + required: false + default: "" + secrets: + COPILOT_GITHUB_TOKEN: + required: true + reaction: "eyes" +concurrency: + group: issue-triage-${{ github.event.issue.number }} + cancel-in-progress: true +permissions: + contents: read + issues: read + pull-requests: read +tools: + github: + toolsets: [repos, issues, pull_requests, search] + bash: true + web-fetch: +network: + allowed: + - defaults + - github + - go + - node + - python + - ruby +strict: false +roles: [admin, maintainer, write] +bots: + - "${{ inputs.allowed-bot-users }}" +timeout-minutes: 30 +steps: + - name: Repo-specific setup + if: ${{ inputs.setup-commands != '' }} + env: + SETUP_COMMANDS: ${{ inputs.setup-commands }} + run: eval "$SETUP_COMMANDS" +--- + +# Issue Triage Agent + +Triage new issues in ${{ github.repository }} and provide actionable analysis with implementation plans. + +## Context + +- **Repository**: ${{ github.repository }} +- **Issue**: #${{ github.event.issue.number }} — ${{ github.event.issue.title }} + +## Constraints + +This workflow is for investigation and planning only. You can read files, search code, run tests and commands, and write temporary files locally — but your only output is a comment on the issue. Local file changes are for verification only and will not be persisted. + +## Triage Process + +Follow these steps in order. + +### Step 1: Gather Context + +1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. If this fails, continue without it. +2. Read key repository files (README, CONTRIBUTING, etc.) to understand the project. +3. Search for related issues and PRs (open and closed) that may be relevant. Call `issue_read` with method `get` on the most relevant issues to understand prior discussion, decisions, and whether this is a duplicate. + +### Step 2: Investigate the Codebase + +1. Read the issue description carefully to understand the request or problem. +2. Explore the relevant parts of the codebase using `grep` and file reading. +3. Run tests or commands in the workspace to verify reported bugs when possible: + - Run existing tests to confirm reported behavior + - Execute scripts to understand current behavior + - Run linters or static analysis if relevant + - Write small test files to validate findings + - Always explain what you're testing and why, and include command output in your response + +### Step 3: Formulate Response + +Provide a response with the following sections. Be concise and actionable — no filler or praise. + +**Always lead with a tl;dr** — your first sentence should be the most important takeaway. + +**Sections:** + +1. **Recommendation** — A clear, specific recommendation for how to address the issue. If you cannot recommend a course of action, say so with a reason. "I don't know" is better than a wrong answer. + +2. **Findings** — Key facts from your investigation (related code, existing implementations, relevant issues/PRs). Use `
` tags for longer content. + +3. **Verification** — If you ran tests or commands, include the output. Use `
` tags. + +4. **Detailed Action Plan** — Step-by-step plan a developer could follow to implement the recommendation. Reference specific files, functions, and line numbers. Use `
` tags. + +5. **Related Items** — Table of related issues, PRs, files, and web resources. + +Use `
` and `` tags for sections that would otherwise make the response too long. Short responses don't need collapsible sections. Your performance is judged by how accurate your findings are — do the investigation required to have high confidence. "I don't know" or "I'm unable to recommend a course of action" is better than a wrong answer. + +**Example response structure:** + +> PR #654 already implements the requested feature but is incomplete. The remaining work is: 1) update Calculator.divide to use the new DivisionByZeroError, and 2) update the tests. +> +>
+> Findings +> ...code analysis details... +>
+> +>
+> Verification +> +> I ran the existing tests and confirmed the current behavior: +> ``` +> $ pytest test_calculator.py::test_divide_by_zero +> FAILED - raises ValueError instead of DivisionByZeroError +> ``` +>
+> +>
+> Detailed Action Plan +> ...step-by-step implementation plan referencing specific files and line numbers... +>
+> +>
+> Related Items +> +> | Type | Link | Relevance | +> | --- | --- | --- | +> | PR | #654 | Implements the feature but is incomplete | +> | File | `src/calculator.py:42` | Method that needs updating | +>
+ +### Step 4: Post Response + +1. Call `add_comment` with your triage response. + +${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-pr-review.md b/github/workflows/gh-aw-pr-review.md new file mode 100644 index 00000000..15399364 --- /dev/null +++ b/github/workflows/gh-aw-pr-review.md @@ -0,0 +1,138 @@ +--- +description: "AI code review with inline comments on pull requests" +imports: + - gh-aw-fragments/elastic-tools.md + - gh-aw-fragments/runtime-setup.md + - gh-aw-fragments/formatting.md + - gh-aw-fragments/rigor.md + - gh-aw-fragments/mcp-pagination.md + - gh-aw-fragments/review-process.md + - gh-aw-fragments/review-examples.md + - gh-aw-fragments/messages-footer.md + - gh-aw-fragments/safe-output-review-comment.md + - gh-aw-fragments/safe-output-submit-review.md +engine: + id: copilot + model: gpt-5.3-codex + concurrency: + group: "gh-aw-copilot-pr-review-${{ github.event.pull_request.number }}" +on: + workflow_call: + inputs: + additional-instructions: + description: "Repo-specific instructions appended to the agent prompt" + type: string + required: false + default: "" + setup-commands: + description: "Shell commands to run before the agent starts (dependency install, build, etc.)" + type: string + required: false + default: "" + allowed-bot-users: + description: "Allowlisted bot actors (comma-separated usernames)" + type: string + required: false + default: "github-actions[bot]" + intensity: + description: "Review intensity: conservative, balanced, or aggressive" + type: string + required: false + default: "balanced" + minimum_severity: + description: "Minimum severity for inline comments: critical, high, medium, low, or nitpick. Issues below this threshold go in a collapsible section of the review body instead." + type: string + required: false + default: "low" + messages-footer: + description: "Footer appended to all agent comments and reviews" + type: string + required: false + default: "" + secrets: + COPILOT_GITHUB_TOKEN: + required: true +concurrency: + group: pr-review-${{ github.event.pull_request.number }} + cancel-in-progress: true +permissions: + contents: read + pull-requests: read + issues: read +tools: + github: + toolsets: [repos, issues, pull_requests, search] + bash: true + web-fetch: +network: + allowed: + - defaults + - github + - go + - node + - python + - ruby +strict: false +roles: [admin, maintainer, write] +bots: + - "${{ inputs.allowed-bot-users }}" +timeout-minutes: 30 +steps: + - name: Repo-specific setup + if: ${{ inputs.setup-commands != '' }} + env: + SETUP_COMMANDS: ${{ inputs.setup-commands }} + run: eval "$SETUP_COMMANDS" +--- + +# PR Review Agent + +Review pull requests in ${{ github.repository }} and provide actionable feedback via inline review comments on specific code lines. + +## Context + +- **Repository**: ${{ github.repository }} +- **PR**: #${{ github.event.pull_request.number }} — ${{ github.event.pull_request.title }} + +## Constraints + +This workflow is read-only. You can read files, search code, run commands, and interact with PRs and issues — but your only outputs are inline review comments and a review submission. + +## Review Process + +Follow these steps in order. + +### Step 1: Gather Context + +1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. Use these as additional review criteria throughout the review. If this fails, continue without it. +2. Call `pull_request_read` with method `get` on PR #${{ github.event.pull_request.number }} to get the full PR details (author, description, branches). +3. If the PR description references issues (e.g., "Fixes #123", "Closes #456"), call `issue_read` with method `get` on each linked issue to understand the motivation and acceptance criteria. +4. Call `pull_request_read` with method `get_review_comments` to check existing review threads. Note which files already have threads and whether threads are resolved, unresolved, or outdated. +5. Call `pull_request_read` with method `get_reviews` to see prior review submissions from this bot. Do not repeat points already made in prior reviews. + +### Step 2: Review Each File + +Follow the **Code Review Reference** below — review each changed file one at a time, leaving inline comments before moving to the next file. + +### Step 3: Submit the Review + +**Skip if nothing new:** If you left zero inline comments during this review AND your verdict would be the same as the most recent review from this bot (compare against `get_reviews` from Step 1), call `noop` with a message like "No new findings — prior review still applies" and stop. Do not submit a redundant review. + +After reviewing ALL files and leaving inline comments, step back and consider the PR as a whole. Call **`submit_pull_request_review`** with: +- The review type (REQUEST_CHANGES, COMMENT, or APPROVE) +- A review body that is **only the verdict and only if the verdict is not APPROVE**. If you have cross-cutting feedback that spans multiple files or cannot be expressed as inline comments, include it here. Otherwise, leave the review body empty — your inline comments already contain the detail. + +**Bot-authored PRs:** If the PR author is `github-actions[bot]`, you can only submit a `COMMENT` review — `APPROVE` and `REQUEST_CHANGES` will fail because GitHub does not allow bot accounts to approve or request changes on their own PRs. Use `COMMENT` and state your verdict in the review body instead. + +**Do NOT** describe what the PR does, list the files you reviewed, summarize inline comments, or restate prior review feedback. The PR author already knows what their PR does. Your inline comments already contain all the detail. The review body exists solely to communicate the approve/request-changes decision and important/critical feedback that cannot be covered in inline comments. + +If you have no issues, or you have only provided NITPICK and LOW issues, submit an APPROVE review. Otherwise, submit a REQUEST_CHANGES review. + +## Review Settings + +- **Intensity**: `${{ inputs.intensity }}` +- **Minimum inline severity**: `${{ inputs.minimum_severity }}` + +These override the defaults defined in the Code Review Reference below. + +${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-update-pr-body.md b/github/workflows/gh-aw-update-pr-body.md new file mode 100644 index 00000000..bf77d0a7 --- /dev/null +++ b/github/workflows/gh-aw-update-pr-body.md @@ -0,0 +1,136 @@ +--- +description: "Update PR body when code changes cause it to drift from the current state" +imports: + - gh-aw-fragments/elastic-tools.md + - gh-aw-fragments/runtime-setup.md + - gh-aw-fragments/formatting.md + - gh-aw-fragments/rigor.md + - gh-aw-fragments/mcp-pagination.md + - gh-aw-fragments/messages-footer.md + - gh-aw-fragments/safe-output-update-pr.md +engine: + id: copilot + model: gpt-5.3-codex + concurrency: + group: "gh-aw-copilot-update-pr-body-${{ github.event.pull_request.number }}" +on: + workflow_call: + inputs: + additional-instructions: + description: "Repo-specific instructions appended to the agent prompt" + type: string + required: false + default: "" + setup-commands: + description: "Shell commands to run before the agent starts (dependency install, build, etc.)" + type: string + required: false + default: "" + allowed-bot-users: + description: "Allowlisted bot actors (comma-separated usernames)" + type: string + required: false + default: "github-actions[bot]" + messages-footer: + description: "Footer appended to all agent comments and reviews" + type: string + required: false + default: "" + secrets: + COPILOT_GITHUB_TOKEN: + required: true +concurrency: + group: update-pr-body-${{ github.event.pull_request.number }} + cancel-in-progress: true +permissions: + contents: read + issues: read + pull-requests: read +tools: + github: + toolsets: [repos, issues, pull_requests, search] + bash: true + web-fetch: +network: + allowed: + - defaults + - github + - go + - node + - python + - ruby +strict: false +roles: [admin, maintainer, write] +bots: + - "${{ inputs.allowed-bot-users }}" +timeout-minutes: 15 +steps: + - name: Repo-specific setup + if: ${{ inputs.setup-commands != '' }} + env: + SETUP_COMMANDS: ${{ inputs.setup-commands }} + run: eval "$SETUP_COMMANDS" +--- + +# PR Body Update Agent + +Keep the pull request body in sync with the actual state of the code changes in ${{ github.repository }}. + +## Context + +- **Repository**: ${{ github.repository }} +- **PR**: #${{ github.event.pull_request.number }} — ${{ github.event.pull_request.title }} + +## Objective + +Determine whether the current PR body accurately reflects the code changes in this PR. If the body is significantly out of date or missing key information about the current diff, update it. Minor wording differences are not significant — only update when the body would meaningfully mislead a reviewer. + +## Instructions + +### Step 1: Gather Context + +1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. If this fails, continue without it. +2. Call `pull_request_read` with method `get` on PR #${{ github.event.pull_request.number }} to get the full PR details — current body, commits, and file list. +3. Call `pull_request_read` with method `get_files` to get the list of changed files. +4. If the PR description references issues (e.g., "Fixes #123", "Closes #456"), call `issue_read` with method `get` on each linked issue to understand the original motivation. + +### Step 2: Analyze the Diff + +Run `git log --oneline ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}` to see the commit history, then read the actual diff: + +```bash +git diff --stat ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} +``` + +For key changed files, read relevant sections to understand the scope and nature of the changes. + +### Step 3: Evaluate Drift + +Compare the current PR body to what the diff actually contains. The body has **significant drift** if: + +1. **Missing major features or changes** — a new public API, endpoint, configuration option, or workflow was added/removed/renamed that the body doesn't mention +2. **Incorrect description** — the body describes behavior that the code no longer implements, or describes files/functions that were subsequently renamed or removed +3. **Empty or placeholder body** — the PR body is blank, a template stub, or says something like "TODO" or "add description" +4. **Scope mismatch** — the body describes a narrow fix but the diff shows broad refactoring (or vice versa), leaving reviewers without an accurate picture + +Do **not** update when: +- The body is a reasonable high-level summary even if some details differ +- Only minor wording could be improved +- The change is purely cosmetic or test-only and the body already captures the intent +- An update would erase useful context (motivation, design decisions, issue links) that the author provided + +### Step 4: Update or Noop + +**If there is significant drift:** + +Call `update_pull_request` with a `replace` operation to write a body that: +- Preserves the original motivation and context (including issue links like `Fixes #N`) +- Accurately describes what was actually changed in the diff +- Follows the style and format conventions of the original body (if any) +- Is concise — one clear paragraph per major concern, no padding + +**If the body is accurate enough:** + +Call `noop` with a brief message like "PR body accurately reflects the current diff — no update needed." + +${{ inputs.additional-instructions }} From 9546b494e8e6d1ada33b566eff86acec15436887 Mon Sep 17 00:00:00 2001 From: William Easton Date: Fri, 20 Feb 2026 17:18:08 -0600 Subject: [PATCH 2/4] Move agent output from github/ to .github/ --- .github/workflows/gh-aw-docs-pr-review.md | 7 +- .../gh-aw-duplicate-issue-detector.md | 7 +- .github/workflows/gh-aw-issue-triage-pr.md | 7 +- .github/workflows/gh-aw-issue-triage.md | 7 +- .github/workflows/gh-aw-pr-review.md | 7 +- .github/workflows/gh-aw-update-pr-body.md | 7 +- gh-agent-workflows/docs-pr-review/README.md | 2 +- .../duplicate-issue-detector/README.md | 2 +- gh-agent-workflows/issue-triage-pr/README.md | 2 +- gh-agent-workflows/issue-triage/README.md | 2 +- gh-agent-workflows/pr-review/README.md | 2 +- gh-agent-workflows/update-pr-body/README.md | 2 +- github/workflows/gh-aw-docs-pr-review.md | 274 ------------------ .../gh-aw-duplicate-issue-detector.md | 118 -------- github/workflows/gh-aw-issue-triage-pr.md | 139 --------- github/workflows/gh-aw-issue-triage.md | 167 ----------- github/workflows/gh-aw-pr-review.md | 138 --------- github/workflows/gh-aw-update-pr-body.md | 136 --------- 18 files changed, 42 insertions(+), 984 deletions(-) delete mode 100644 github/workflows/gh-aw-docs-pr-review.md delete mode 100644 github/workflows/gh-aw-duplicate-issue-detector.md delete mode 100644 github/workflows/gh-aw-issue-triage-pr.md delete mode 100644 github/workflows/gh-aw-issue-triage.md delete mode 100644 github/workflows/gh-aw-pr-review.md delete mode 100644 github/workflows/gh-aw-update-pr-body.md diff --git a/.github/workflows/gh-aw-docs-pr-review.md b/.github/workflows/gh-aw-docs-pr-review.md index 6ca3f4cc..a769f0e0 100644 --- a/.github/workflows/gh-aw-docs-pr-review.md +++ b/.github/workflows/gh-aw-docs-pr-review.md @@ -27,6 +27,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" intensity: description: "Review intensity: conservative, balanced, or aggressive" type: string @@ -47,7 +52,7 @@ on: required: true roles: [admin, maintainer, write] bots: - - "github-actions[bot]" + - "${{ inputs.allowed-bot-users }}" concurrency: group: docs-pr-review-${{ github.event.pull_request.number }} cancel-in-progress: true diff --git a/.github/workflows/gh-aw-duplicate-issue-detector.md b/.github/workflows/gh-aw-duplicate-issue-detector.md index 9f4c2033..1846f3cb 100644 --- a/.github/workflows/gh-aw-duplicate-issue-detector.md +++ b/.github/workflows/gh-aw-duplicate-issue-detector.md @@ -20,6 +20,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -30,7 +35,7 @@ on: required: true roles: [admin, maintainer, write] bots: - - "github-actions[bot]" + - "${{ inputs.allowed-bot-users }}" concurrency: group: duplicate-issue-detector-${{ github.event.issue.number }} cancel-in-progress: true diff --git a/.github/workflows/gh-aw-issue-triage-pr.md b/.github/workflows/gh-aw-issue-triage-pr.md index 25eb2d1e..b62741bd 100644 --- a/.github/workflows/gh-aw-issue-triage-pr.md +++ b/.github/workflows/gh-aw-issue-triage-pr.md @@ -28,6 +28,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -39,7 +44,7 @@ on: reaction: "eyes" roles: [admin, maintainer, write] bots: - - "github-actions[bot]" + - "${{ inputs.allowed-bot-users }}" concurrency: group: issue-triage-pr-${{ github.event.issue.number }} cancel-in-progress: true diff --git a/.github/workflows/gh-aw-issue-triage.md b/.github/workflows/gh-aw-issue-triage.md index ed52fa40..df4f1947 100644 --- a/.github/workflows/gh-aw-issue-triage.md +++ b/.github/workflows/gh-aw-issue-triage.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -37,7 +42,7 @@ on: reaction: "eyes" roles: [admin, maintainer, write] bots: - - "github-actions[bot]" + - "${{ inputs.allowed-bot-users }}" concurrency: group: issue-triage-${{ github.event.issue.number }} cancel-in-progress: true diff --git a/.github/workflows/gh-aw-pr-review.md b/.github/workflows/gh-aw-pr-review.md index e49f5c39..e10140ff 100644 --- a/.github/workflows/gh-aw-pr-review.md +++ b/.github/workflows/gh-aw-pr-review.md @@ -29,6 +29,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" intensity: description: "Review intensity: conservative, balanced, or aggressive" type: string @@ -49,7 +54,7 @@ on: required: true roles: [admin, maintainer, write] bots: - - "github-actions[bot]" + - "${{ inputs.allowed-bot-users }}" concurrency: group: pr-review-${{ github.event.pull_request.number }} cancel-in-progress: true diff --git a/.github/workflows/gh-aw-update-pr-body.md b/.github/workflows/gh-aw-update-pr-body.md index 630c9bfe..30b9a48d 100644 --- a/.github/workflows/gh-aw-update-pr-body.md +++ b/.github/workflows/gh-aw-update-pr-body.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -36,7 +41,7 @@ on: required: true roles: [admin, maintainer, write] bots: - - "github-actions[bot]" + - "${{ inputs.allowed-bot-users }}" concurrency: group: update-pr-body-${{ github.event.pull_request.number }} cancel-in-progress: true diff --git a/gh-agent-workflows/docs-pr-review/README.md b/gh-agent-workflows/docs-pr-review/README.md index 5a59bbcc..ba08b249 100644 --- a/gh-agent-workflows/docs-pr-review/README.md +++ b/gh-agent-workflows/docs-pr-review/README.md @@ -33,7 +33,7 @@ Invoke by commenting `/docs-review` on any pull request. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt. | No | `""` | | `setup-commands` | Shell commands run before the agent starts. | No | `""` | -| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | | `intensity` | Review intensity (`conservative`, `balanced`, `aggressive`). | No | `balanced` | | `minimum_severity` | Minimum severity for inline comments (`critical`, `high`, `medium`, `low`, `nitpick`). | No | `low` | diff --git a/gh-agent-workflows/duplicate-issue-detector/README.md b/gh-agent-workflows/duplicate-issue-detector/README.md index 815c5b0a..ba95fa03 100644 --- a/gh-agent-workflows/duplicate-issue-detector/README.md +++ b/gh-agent-workflows/duplicate-issue-detector/README.md @@ -27,7 +27,7 @@ See [example.yml](example.yml) for the full workflow file. | Input | Description | Required | Default | | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | -| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/issue-triage-pr/README.md b/gh-agent-workflows/issue-triage-pr/README.md index 80dacbde..a9dd4f74 100644 --- a/gh-agent-workflows/issue-triage-pr/README.md +++ b/gh-agent-workflows/issue-triage-pr/README.md @@ -28,7 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | -| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/issue-triage/README.md b/gh-agent-workflows/issue-triage/README.md index 4004d735..c95b2a1f 100644 --- a/gh-agent-workflows/issue-triage/README.md +++ b/gh-agent-workflows/issue-triage/README.md @@ -28,7 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | -| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/pr-review/README.md b/gh-agent-workflows/pr-review/README.md index f141ea96..4121f88e 100644 --- a/gh-agent-workflows/pr-review/README.md +++ b/gh-agent-workflows/pr-review/README.md @@ -28,7 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | -| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | | `intensity` | Review intensity (`conservative`, `balanced`, `aggressive`) | No | `balanced` | | `minimum-severity` | Minimum severity for inline comments (`critical`, `high`, `medium`, `low`, `nitpick`) | No | `low` | diff --git a/gh-agent-workflows/update-pr-body/README.md b/gh-agent-workflows/update-pr-body/README.md index 5e258f40..76ec02ff 100644 --- a/gh-agent-workflows/update-pr-body/README.md +++ b/gh-agent-workflows/update-pr-body/README.md @@ -24,7 +24,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | -| `allowed-bot-users` | Allowlisted bot actors (comma-separated usernames) | No | `github-actions[bot]` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/github/workflows/gh-aw-docs-pr-review.md b/github/workflows/gh-aw-docs-pr-review.md deleted file mode 100644 index be73db95..00000000 --- a/github/workflows/gh-aw-docs-pr-review.md +++ /dev/null @@ -1,274 +0,0 @@ ---- -description: "Docs PR review from an Elastic technical writer perspective" -imports: - - gh-aw-fragments/elastic-tools.md - - gh-aw-fragments/runtime-setup.md - - gh-aw-fragments/formatting.md - - gh-aw-fragments/rigor.md - - gh-aw-fragments/mcp-pagination.md - - gh-aw-fragments/messages-footer.md - - gh-aw-fragments/safe-output-review-comment.md - - gh-aw-fragments/safe-output-submit-review.md -engine: - id: copilot - model: gpt-5.3-codex - concurrency: - group: "gh-aw-copilot-docs-pr-review-${{ github.event.pull_request.number }}" -on: - workflow_call: - inputs: - additional-instructions: - description: "Repo-specific instructions appended to the agent prompt" - type: string - required: false - default: "" - setup-commands: - description: "Shell commands to run before the agent starts (dependency install, build, etc.)" - type: string - required: false - default: "" - allowed-bot-users: - description: "Allowlisted bot actors (comma-separated usernames)" - type: string - required: false - default: "github-actions[bot]" - intensity: - description: "Review intensity: conservative, balanced, or aggressive" - type: string - required: false - default: "balanced" - minimum_severity: - description: "Minimum severity for inline comments: critical, high, medium, low, or nitpick. Issues below this threshold go in a collapsible section of the review body instead." - type: string - required: false - default: "low" - messages-footer: - description: "Footer appended to all agent comments and reviews" - type: string - required: false - default: "" - secrets: - COPILOT_GITHUB_TOKEN: - required: true -concurrency: - group: docs-pr-review-${{ github.event.pull_request.number }} - cancel-in-progress: true -permissions: - contents: read - pull-requests: read - issues: read - checks: read - actions: read -tools: - github: - toolsets: [repos, issues, pull_requests, search] - bash: true - web-fetch: -mcp-servers: - elastic-docs: - url: "https://www.elastic.co/docs/_mcp/" - allowed: - - "SemanticSearch" - - "GetDocumentByUrl" - - "FindRelatedDocs" - - "CheckCoherence" - - "FindInconsistencies" - - "GetContentTypeGuidelines" - - "AnalyzeDocumentStructure" -network: - allowed: - - defaults - - github - - go - - node - - python - - ruby - - "www.elastic.co" - - "docs-v3-preview.elastic.dev" -strict: false -roles: [admin, maintainer, write] -bots: - - "${{ inputs.allowed-bot-users }}" -timeout-minutes: 30 -steps: - - name: Repo-specific setup - if: ${{ inputs.setup-commands != '' }} - env: - SETUP_COMMANDS: ${{ inputs.setup-commands }} - run: eval "$SETUP_COMMANDS" ---- - -# Docs PR Review Agent - -You are an expert Elastic technical writer reviewing documentation pull requests in ${{ github.repository }}. Provide actionable feedback via inline review comments on specific lines of changed documentation files. - -## Context - -- **Repository**: ${{ github.repository }} -- **PR**: #${{ github.event.pull_request.number }} — ${{ github.event.pull_request.title }} - -## Constraints - -This workflow is read-only. You can read files, search code, run commands, and interact with PRs and issues — but your only outputs are inline review comments and a review submission. - -## Review Process - -Follow these steps in order. - -### Step 1: Gather Context - -1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. Use these as additional review criteria throughout the review. If this fails, continue without it. -2. Call `pull_request_read` with method `get` on PR #${{ github.event.pull_request.number }} to get the full PR details (author, description, branches, **labels**). -3. If the PR description references issues (e.g., "Fixes #123", "Closes #456"), call `issue_read` with method `get` on each linked issue to understand the motivation and acceptance criteria. Note any product, deployment, or version context mentioned. -4. Call `pull_request_read` with method `get_review_comments` to check existing review threads. Note which files already have threads and whether threads are resolved, unresolved, or outdated. -5. Call `pull_request_read` with method `get_reviews` to see prior review submissions from this bot. Do not repeat points already made in prior reviews. - -### Step 2: Load Review Guidelines - -Load the authoritative Elastic documentation guidelines **before** reviewing any files. These are your primary review criteria — do not rely on memory or assumptions about the rules. - -**Style guide** — Load these pages using `GetDocumentByUrl` with `includeBody: true` from the `elastic-docs` MCP server: - -1. `https://www.elastic.co/docs/contribute-docs/style-guide` — overview and quick reference. -2. `https://www.elastic.co/docs/contribute-docs/style-guide/voice-tone` — voice, tone, sentence structure, active voice, "please" rule, noun/verb forms. -3. `https://www.elastic.co/docs/contribute-docs/style-guide/grammar-spelling` — American English, capitalization, abbreviations, pronouns, punctuation, verb tense, contractions. -4. `https://www.elastic.co/docs/contribute-docs/style-guide/formatting` — emphasis, lists, tables, numbers, code samples, line spacing. -5. `https://www.elastic.co/docs/contribute-docs/style-guide/word-choice` — the complete avoid/caution/preferred word list. -6. `https://www.elastic.co/docs/contribute-docs/style-guide/accessibility` — device-agnostic language, directional terms, alt text, link text, inclusivity, gender-neutral language. -7. `https://www.elastic.co/docs/contribute-docs/style-guide/ui-writing` — UI elements, screenshots, navigation, prepositions. - -**`applies_to` and cumulative docs** — Load these pages: - -8. `https://www.elastic.co/docs/contribute-docs/how-to/cumulative-docs/guidelines` — when to tag, dimensions, lifecycle tagging rules, versioned vs. unversioned products. Use `GetDocumentByUrl` with `includeBody: true`. -9. `https://www.elastic.co/docs/contribute-docs/how-to/cumulative-docs/reference` — complete key reference, lifecycle states, version formats. Use `GetDocumentByUrl` with `includeBody: true`. -10. `https://docs-v3-preview.elastic.dev/elastic/docs-builder/tree/main/syntax/applies` — full `applies_to` syntax for page-level, section-level, and inline annotations, validation rules, and rendering behavior. Use `web_fetch` (this page is not in the MCP index). - -Retain the content of all loaded pages in your working context for the duration of the review. When you flag an issue in a later step, cite the specific rule from the loaded guidelines. - -### Step 3: Check Vale CI Output - -Vale is a prose linter used by Elastic documentation repositories. If Vale runs as a CI check on this repo, its output contains style violations you should incorporate into your review. - -1. Run `gh api repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.sha }}/check-runs --paginate -q '.check_runs[] | select(.name | test("vale|Vale|lint|Lint"; "i")) | {name, status, conclusion, html_url}'` to find Vale-related check runs. -2. If check runs are found, retrieve their output using `gh api repos/${{ github.repository }}/check-runs/{id} -q '.output'` for annotation details. -3. Alternatively, check for Vale workflow runs: `gh run list --commit ${{ github.event.pull_request.head.sha }} --workflow vale --limit 1 --json databaseId,status,conclusion` and if found, download logs with `gh run view {id} --log`. -4. If no Vale output is found, skip this step entirely and continue. - -When Vale issues are found, incorporate them into your file-by-file review in Step 4. Cite the Vale rule name in your inline comments (e.g., "Vale: Elastic.WordChoice") and suggest the specific fix. - -### Step 4: Review Each File - -Fetch changed files with `pull_request_read` method `get_files` using `per_page: 5, page: 1`. Focus on documentation files (`.md`). Skip non-documentation files unless they contain user-facing prose (e.g., README files). - -**For each changed documentation file:** - -1. **Read the patch** to understand what changed. -2. **Read the full file from the workspace.** The PR branch is checked out locally — open the file directly to get complete contents with line numbers. -3. **Check style guide compliance** against the guidelines loaded in Step 2, covering all focus areas listed below. -4. **Check `applies_to` tags** against the guidelines loaded in Step 2, using PR labels and issue context to determine expected applicability. See the `applies_to` review checklist below. -5. **Check docs consistency** using the Elastic docs MCP server — call `FindRelatedDocs` or `SemanticSearch` to find existing published docs covering the same topic and verify the PR's content is consistent with them. Call `CheckCoherence` for topics that span multiple pages. -6. **Check discoverability of new content** — if the PR adds a new page or a new section, use `FindRelatedDocs` or `SemanticSearch` to identify related published pages that should link to the new content, and check whether the PR adds corresponding links from the new content back to those pages. New pages and sections that aren't linked from anywhere are hard to discover. -7. **Verify each issue** before commenting: - 1. What specific text or pattern triggers this concern? - 2. Read the surrounding context — is this addressed elsewhere in the file or PR? - 3. Is this a genuine violation of the loaded guidelines or a consistency requirement? - 4. Would an Elastic technical writer agree this is a real issue? -8. **Leave inline comments NOW** — call `create_pull_request_review_comment` for every verified issue in this file before moving on. - -**Repeat for the next file.** After all files in the page, fetch `page: 2` and continue until all changed files are reviewed. - -### Step 5: Submit the Review - -**Skip if nothing new:** If you left zero inline comments during this review AND your verdict would be the same as the most recent review from this bot (compare against `get_reviews` from Step 1), call `noop` with a message like "No new findings — prior review still applies" and stop. - -After reviewing ALL files and leaving inline comments, submit the review using `submit_pull_request_review` with: -- The review type (REQUEST_CHANGES, COMMENT, or APPROVE) -- A review body that is **only the verdict and only if the verdict is not APPROVE**. If you have cross-cutting feedback that spans multiple files (e.g., inconsistent terminology, missing `applies_to` dimension across pages), include it here. - -**Bot-authored PRs:** If the PR author is `github-actions[bot]`, submit a `COMMENT` review only. - -**Do NOT** describe what the PR does, list the files you reviewed, summarize inline comments, or restate prior review feedback. - -If you have no issues, or you have only provided NITPICK and LOW issues, submit an APPROVE review. Otherwise, submit a REQUEST_CHANGES review. - -## Review Settings - -- **Intensity**: `${{ inputs.intensity }}` -- **Minimum inline severity**: `${{ inputs.minimum_severity }}` - -Severity order (highest to lowest): critical > high > medium > low > nitpick. - -Issues at or above the threshold get inline review comments. Issues below the threshold go in a collapsible `
` section of the review body titled "Lower-priority observations (N)." - -### Review Intensity - -- **`conservative`**: High evidence bar. Only comment on clear style guide violations, incorrect `applies_to` tags, or factual inconsistencies with published docs. Approval with zero comments is the expected outcome for most PRs. -- **`balanced`** (default): Standard evidence bar. Comment on style guide violations, missing or incorrect `applies_to` tags, inconsistencies with published docs, and accessibility issues. -- **`aggressive`**: Lower evidence bar. Also flag wording improvements, paragraph length, formatting suggestions, and broader consistency observations. - -## Comment Format - -``` -**[SEVERITY] Brief title** - -Description of the issue and why it matters, referencing the specific rule from the loaded guidelines (e.g., "Style guide > Word choice: avoid 'abort'" or "applies_to guidelines > Dimensions: only one dimension at page level"). - -```suggestion -corrected text here -``` -``` - -Only include a `suggestion` block when you can provide a concrete text fix. For structural changes (e.g., "add `applies_to` frontmatter"), describe the fix in prose. - -## Severity Classification - -- 🔴 **CRITICAL** — Must fix before merge (incorrect technical information, missing mandatory `applies_to` page-level tags). -- 🟠 **HIGH** — Should fix before merge (wrong `applies_to` dimension, factual inconsistency with published docs, accessibility violations). -- 🟡 **MEDIUM** — Address soon, non-blocking (style guide violations, missing section-level `applies_to` where content varies by product). -- ⚪ **LOW** — Author discretion (minor wording improvements, formatting polish). -- 💬 **NITPICK** — Truly optional (alternative phrasing, stylistic preferences within guidelines). - ---- - -## Style Guide Focus Areas - -These are the areas to check when reviewing prose. The detailed rules are in the pages loaded in Step 2 — always reference those, not this summary. - -- **Voice and tone**: Active voice, present tense, "you/your" address, no "please" in instructions, concise sentences, noun/verb form correctness (backup vs. back up). -- **Grammar and spelling**: American English, sentence-style capitalization, Oxford comma, second-person pronouns, abbreviation handling, contractions, punctuation. -- **Formatting**: Paragraph length, list structure and parallelism, number formatting, emphasis conventions (bold for UI, italic for terms, monospace for code). -- **Word choice**: Check changed text against the full avoid/caution/preferred word list loaded from the word-choice page. Common flags: abort, blacklist/whitelist, click, easy/simple, e.g./i.e., execute, please, type, utilize. -- **Accessibility and inclusivity**: Device-agnostic language, no directional references, meaningful link text, alt text for images, gender-neutral pronouns, no idioms or Latin abbreviations. -- **UI writing**: Icon tooltips, navigation arrows, procedure length, correct prepositions for UI elements. - ---- - -## `applies_to` Review Checklist - -Use the full guidelines and syntax reference loaded in Step 2. This checklist highlights what to verify. - -1. **Page-level tags present**: Every `.md` documentation page must have `applies_to` in the YAML frontmatter. Missing tags are CRITICAL. -2. **Single dimension at page level**: The page must use only one dimension — Stack/Serverless, Deployment, or Product. Mixing dimensions at the page level is HIGH. -3. **Section/inline tags where content varies**: If the PR adds content whose applicability differs from the page-level tags, it needs section-level or inline annotations. Use PR labels and issue context to infer which products or deployments are affected. -4. **Correct lifecycle and version**: Cross-reference PR labels, linked issues, and the change description to verify the lifecycle state (ga, beta, preview, deprecated, removed) and version are accurate. -5. **Valid syntax**: Check key names, version formats, and range validity against the syntax reference. -6. **Unversioned vs. versioned rules**: Serverless and Elastic Cloud are unversioned — GA features don't need version tags; only tag preview, beta, or deprecated. Elastic Stack is versioned — always include the version. -7. **`unavailable` used sparingly**: Non-applicability is communicated by omission. Only use `unavailable` when there's a high risk of user confusion. -8. **Consistent dimension**: If the PR touches multiple pages, verify they use the same dimension when covering the same topic. - ---- - -## Using the Elastic Docs MCP Server - -Use the `elastic-docs` MCP tools during file review: - -- **`SemanticSearch`**: Search published docs for topics related to the PR's content. Look for contradictions or outdated information. -- **`GetDocumentByUrl`**: Retrieve a specific published page to compare against the PR's changes. Also used in Step 2 to load guidelines. -- **`FindRelatedDocs`**: Discover related documentation the author should be aware of. -- **`CheckCoherence`**: Verify a topic is covered consistently across the docs. -- **`FindInconsistencies`**: Find potential contradictions across pages covering the same topic. -- **`GetContentTypeGuidelines`**: Check if the page follows the recommended structure for its content type (overview, how-to, tutorial, troubleshooting). - -Don't call every tool on every file. Use judgment: call `SemanticSearch` or `FindRelatedDocs` when reviewing content that covers a specific Elastic feature, and call `CheckCoherence` for topics that might be documented in multiple places. - -${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-duplicate-issue-detector.md b/github/workflows/gh-aw-duplicate-issue-detector.md deleted file mode 100644 index 1f0e0963..00000000 --- a/github/workflows/gh-aw-duplicate-issue-detector.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -description: "Detect duplicate issues and notify reporters when a matching open or closed issue exists" -imports: - - gh-aw-fragments/elastic-tools.md - - gh-aw-fragments/formatting.md - - gh-aw-fragments/rigor.md - - gh-aw-fragments/mcp-pagination.md - - gh-aw-fragments/messages-footer.md - - gh-aw-fragments/safe-output-add-comment.md -engine: - id: copilot - model: gpt-5.3-codex - concurrency: - group: "gh-aw-copilot-duplicate-issue-detector-${{ github.event.issue.number }}" -on: - workflow_call: - inputs: - additional-instructions: - description: "Repo-specific instructions appended to the agent prompt" - type: string - required: false - default: "" - allowed-bot-users: - description: "Allowlisted bot actors (comma-separated usernames)" - type: string - required: false - default: "github-actions[bot]" - messages-footer: - description: "Footer appended to all agent comments and reviews" - type: string - required: false - default: "" - secrets: - COPILOT_GITHUB_TOKEN: - required: true -concurrency: - group: duplicate-issue-detector-${{ github.event.issue.number }} - cancel-in-progress: true -permissions: - contents: read - issues: read - pull-requests: read -tools: - github: - toolsets: [repos, issues, pull_requests, search] -strict: false -roles: [admin, maintainer, write] -bots: - - "${{ inputs.allowed-bot-users }}" -timeout-minutes: 15 -safe-outputs: - noop: - add-comment: - max: 1 ---- - -# Duplicate Issue Detector - -Check whether newly opened issue #${{ github.event.issue.number }} in ${{ github.repository }} is a duplicate of an existing open or previously closed/resolved issue. Do **not** triage or make an action plan — only determine whether a duplicate exists. - -## Context - -- **Repository**: ${{ github.repository }} -- **Issue**: #${{ github.event.issue.number }} — ${{ github.event.issue.title }} - -## Process - -### Step 1: Understand the Issue - -Read the issue title and body carefully. Identify: -- The core problem or request (in one sentence) -- Key terms, error messages, component names, or identifiers you can use as search queries - -### Step 2: Search for Duplicates - -Run several targeted searches. Search **both open and closed** issues. - -Suggested queries (adapt based on the issue content): -``` -repo:{owner}/{repo} is:issue "{key term from title}" -repo:{owner}/{repo} is:issue is:closed "{key term from title}" -repo:{owner}/{repo} is:issue "{error message or identifier}" -``` - -For each candidate result, read the title and (if promising) the body to assess similarity. - -### Step 3: Evaluate Candidates - -A duplicate must describe **the same underlying problem or request**, not merely the same topic area. Ask: -- Does the candidate report the same bug, error, or request the same feature? -- Are the affected component, behavior, and scope the same? - -**Do not mark as duplicate if:** -- The candidate covers only a related but distinct problem -- The candidate is closed as "wont fix" or "invalid" with no resolution of the underlying issue -- You are uncertain — only flag clear duplicates - -### Step 4: Post Result - -**If a clear duplicate is found:** - -Call `add_comment` with a concise comment in this format: - -> This issue appears to be a duplicate of #{number} — {title}. -> -> {One sentence explaining the similarity.} -> -> Linking to the existing issue for tracking. If this is actually a different problem, please add more details to distinguish it. - -- Reference at most **one** best-matching duplicate (the most relevant open issue takes priority over a closed one). -- Use neutral, helpful language — the reporter may not be familiar with the existing issue. -- Do NOT use `fixes`, `closes`, or `resolves` keywords. - -**If no duplicate is found:** - -Call `noop` with message "No duplicate found for issue #${{ github.event.issue.number }}". - -${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-issue-triage-pr.md b/github/workflows/gh-aw-issue-triage-pr.md deleted file mode 100644 index 648044ee..00000000 --- a/github/workflows/gh-aw-issue-triage-pr.md +++ /dev/null @@ -1,139 +0,0 @@ ---- -description: "Investigate new issues and provide actionable triage analysis with optional PR creation" -imports: - - gh-aw-fragments/elastic-tools.md - - gh-aw-fragments/runtime-setup.md - - gh-aw-fragments/formatting.md - - gh-aw-fragments/rigor.md - - gh-aw-fragments/mcp-pagination.md - - gh-aw-fragments/workflow-edit-guardrails.md - - gh-aw-fragments/messages-footer.md - - gh-aw-fragments/safe-output-add-comment.md - - gh-aw-fragments/safe-output-create-pr.md -engine: - id: copilot - model: gpt-5.3-codex - concurrency: - group: "gh-aw-copilot-issue-triage-pr-${{ github.event.issue.number }}" -on: - workflow_call: - inputs: - additional-instructions: - description: "Repo-specific instructions appended to the agent prompt" - type: string - required: false - default: "" - setup-commands: - description: "Shell commands to run before the agent starts (dependency install, build, etc.)" - type: string - required: false - default: "" - allowed-bot-users: - description: "Allowlisted bot actors (comma-separated usernames)" - type: string - required: false - default: "github-actions[bot]" - messages-footer: - description: "Footer appended to all agent comments and reviews" - type: string - required: false - default: "" - secrets: - COPILOT_GITHUB_TOKEN: - required: true - reaction: "eyes" -concurrency: - group: issue-triage-pr-${{ github.event.issue.number }} - cancel-in-progress: true -permissions: - contents: read - issues: read - pull-requests: read -tools: - github: - toolsets: [repos, issues, pull_requests, search] - bash: true - web-fetch: -network: - allowed: - - defaults - - github - - go - - node - - python - - ruby -strict: false -roles: [admin, maintainer, write] -bots: - - "${{ inputs.allowed-bot-users }}" -timeout-minutes: 30 -steps: - - name: Repo-specific setup - if: ${{ inputs.setup-commands != '' }} - env: - SETUP_COMMANDS: ${{ inputs.setup-commands }} - run: eval "$SETUP_COMMANDS" ---- - -# Issue Triage Agent (with PR) - -Triage new issues in ${{ github.repository }} and provide actionable analysis with implementation plans. For straightforward fixes, implement and open a draft PR. - -## Context - -- **Repository**: ${{ github.repository }} -- **Issue**: #${{ github.event.issue.number }} — ${{ github.event.issue.title }} - -## Constraints - -- **CAN**: Read files, search code, run tests and commands, comment on the issue, and open a draft PR for straightforward fixes. -- This workflow is primarily for investigation and planning. Local file changes are for verification only unless you implement a fix. - -## Triage Process - -Follow these steps in order. - -### Step 1: Gather Context - -1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. If this fails, continue without it. -2. Read key repository files (README, CONTRIBUTING, etc.) to understand the project. -3. Search for related issues and PRs (open and closed) that may be relevant. Call `issue_read` with method `get` on the most relevant issues to understand prior discussion, decisions, and whether this is a duplicate. - -### Step 2: Investigate the Codebase - -1. Read the issue description carefully to understand the request or problem. -2. Explore the relevant parts of the codebase using `grep` and file reading. -3. Run tests or commands in the workspace to verify reported bugs when possible: - - Run existing tests to confirm reported behavior - - Execute scripts to understand current behavior - - Run linters or static analysis if relevant - - Write small test files to validate findings - - Always explain what you're testing and why, and include command output in your response -4. If the required change is small, clear, and verifiable, implement it directly and run relevant validation. - -### Step 3: Formulate Response - -Provide a response with the following sections. Be concise and actionable — no filler or praise. - -**Always lead with a tl;dr** — your first sentence should be the most important takeaway. - -**Sections:** - -1. **Recommendation** — A clear, specific recommendation for how to address the issue. If you cannot recommend a course of action, say so with a reason. "I don't know" is better than a wrong answer. - -2. **Findings** — Key facts from your investigation (related code, existing implementations, relevant issues/PRs). Use `
` tags for longer content. - -3. **Verification** — If you ran tests or commands, include the output. Use `
` tags. - -4. **Detailed Action Plan** — Step-by-step plan a developer could follow to implement the recommendation (or summary of implemented changes if you completed them). Reference specific files, functions, and line numbers. Use `
` tags. - -5. **Related Items** — Table of related issues, PRs, files, and web resources. - -Use `
` and `` tags for sections that would otherwise make the response too long. Short responses don't need collapsible sections. Your performance is judged by how accurate your findings are — do the investigation required to have high confidence. "I don't know" or "I'm unable to recommend a course of action" is better than a wrong answer. - -### Step 4: Post Response - -1. Call `add_comment` with your triage response. -2. If you implemented a valid fix with verification, call `create_pull_request` to open a draft PR. - -${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-issue-triage.md b/github/workflows/gh-aw-issue-triage.md deleted file mode 100644 index 7d517a3d..00000000 --- a/github/workflows/gh-aw-issue-triage.md +++ /dev/null @@ -1,167 +0,0 @@ ---- -description: "Investigate new issues and provide actionable triage analysis" -imports: - - gh-aw-fragments/elastic-tools.md - - gh-aw-fragments/runtime-setup.md - - gh-aw-fragments/formatting.md - - gh-aw-fragments/rigor.md - - gh-aw-fragments/mcp-pagination.md - - gh-aw-fragments/messages-footer.md - - gh-aw-fragments/safe-output-add-comment.md -engine: - id: copilot - model: gpt-5.3-codex - concurrency: - group: "gh-aw-copilot-issue-triage-${{ github.event.issue.number }}" -on: - workflow_call: - inputs: - additional-instructions: - description: "Repo-specific instructions appended to the agent prompt" - type: string - required: false - default: "" - setup-commands: - description: "Shell commands to run before the agent starts (dependency install, build, etc.)" - type: string - required: false - default: "" - allowed-bot-users: - description: "Allowlisted bot actors (comma-separated usernames)" - type: string - required: false - default: "github-actions[bot]" - messages-footer: - description: "Footer appended to all agent comments and reviews" - type: string - required: false - default: "" - secrets: - COPILOT_GITHUB_TOKEN: - required: true - reaction: "eyes" -concurrency: - group: issue-triage-${{ github.event.issue.number }} - cancel-in-progress: true -permissions: - contents: read - issues: read - pull-requests: read -tools: - github: - toolsets: [repos, issues, pull_requests, search] - bash: true - web-fetch: -network: - allowed: - - defaults - - github - - go - - node - - python - - ruby -strict: false -roles: [admin, maintainer, write] -bots: - - "${{ inputs.allowed-bot-users }}" -timeout-minutes: 30 -steps: - - name: Repo-specific setup - if: ${{ inputs.setup-commands != '' }} - env: - SETUP_COMMANDS: ${{ inputs.setup-commands }} - run: eval "$SETUP_COMMANDS" ---- - -# Issue Triage Agent - -Triage new issues in ${{ github.repository }} and provide actionable analysis with implementation plans. - -## Context - -- **Repository**: ${{ github.repository }} -- **Issue**: #${{ github.event.issue.number }} — ${{ github.event.issue.title }} - -## Constraints - -This workflow is for investigation and planning only. You can read files, search code, run tests and commands, and write temporary files locally — but your only output is a comment on the issue. Local file changes are for verification only and will not be persisted. - -## Triage Process - -Follow these steps in order. - -### Step 1: Gather Context - -1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. If this fails, continue without it. -2. Read key repository files (README, CONTRIBUTING, etc.) to understand the project. -3. Search for related issues and PRs (open and closed) that may be relevant. Call `issue_read` with method `get` on the most relevant issues to understand prior discussion, decisions, and whether this is a duplicate. - -### Step 2: Investigate the Codebase - -1. Read the issue description carefully to understand the request or problem. -2. Explore the relevant parts of the codebase using `grep` and file reading. -3. Run tests or commands in the workspace to verify reported bugs when possible: - - Run existing tests to confirm reported behavior - - Execute scripts to understand current behavior - - Run linters or static analysis if relevant - - Write small test files to validate findings - - Always explain what you're testing and why, and include command output in your response - -### Step 3: Formulate Response - -Provide a response with the following sections. Be concise and actionable — no filler or praise. - -**Always lead with a tl;dr** — your first sentence should be the most important takeaway. - -**Sections:** - -1. **Recommendation** — A clear, specific recommendation for how to address the issue. If you cannot recommend a course of action, say so with a reason. "I don't know" is better than a wrong answer. - -2. **Findings** — Key facts from your investigation (related code, existing implementations, relevant issues/PRs). Use `
` tags for longer content. - -3. **Verification** — If you ran tests or commands, include the output. Use `
` tags. - -4. **Detailed Action Plan** — Step-by-step plan a developer could follow to implement the recommendation. Reference specific files, functions, and line numbers. Use `
` tags. - -5. **Related Items** — Table of related issues, PRs, files, and web resources. - -Use `
` and `` tags for sections that would otherwise make the response too long. Short responses don't need collapsible sections. Your performance is judged by how accurate your findings are — do the investigation required to have high confidence. "I don't know" or "I'm unable to recommend a course of action" is better than a wrong answer. - -**Example response structure:** - -> PR #654 already implements the requested feature but is incomplete. The remaining work is: 1) update Calculator.divide to use the new DivisionByZeroError, and 2) update the tests. -> ->
-> Findings -> ...code analysis details... ->
-> ->
-> Verification -> -> I ran the existing tests and confirmed the current behavior: -> ``` -> $ pytest test_calculator.py::test_divide_by_zero -> FAILED - raises ValueError instead of DivisionByZeroError -> ``` ->
-> ->
-> Detailed Action Plan -> ...step-by-step implementation plan referencing specific files and line numbers... ->
-> ->
-> Related Items -> -> | Type | Link | Relevance | -> | --- | --- | --- | -> | PR | #654 | Implements the feature but is incomplete | -> | File | `src/calculator.py:42` | Method that needs updating | ->
- -### Step 4: Post Response - -1. Call `add_comment` with your triage response. - -${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-pr-review.md b/github/workflows/gh-aw-pr-review.md deleted file mode 100644 index 15399364..00000000 --- a/github/workflows/gh-aw-pr-review.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -description: "AI code review with inline comments on pull requests" -imports: - - gh-aw-fragments/elastic-tools.md - - gh-aw-fragments/runtime-setup.md - - gh-aw-fragments/formatting.md - - gh-aw-fragments/rigor.md - - gh-aw-fragments/mcp-pagination.md - - gh-aw-fragments/review-process.md - - gh-aw-fragments/review-examples.md - - gh-aw-fragments/messages-footer.md - - gh-aw-fragments/safe-output-review-comment.md - - gh-aw-fragments/safe-output-submit-review.md -engine: - id: copilot - model: gpt-5.3-codex - concurrency: - group: "gh-aw-copilot-pr-review-${{ github.event.pull_request.number }}" -on: - workflow_call: - inputs: - additional-instructions: - description: "Repo-specific instructions appended to the agent prompt" - type: string - required: false - default: "" - setup-commands: - description: "Shell commands to run before the agent starts (dependency install, build, etc.)" - type: string - required: false - default: "" - allowed-bot-users: - description: "Allowlisted bot actors (comma-separated usernames)" - type: string - required: false - default: "github-actions[bot]" - intensity: - description: "Review intensity: conservative, balanced, or aggressive" - type: string - required: false - default: "balanced" - minimum_severity: - description: "Minimum severity for inline comments: critical, high, medium, low, or nitpick. Issues below this threshold go in a collapsible section of the review body instead." - type: string - required: false - default: "low" - messages-footer: - description: "Footer appended to all agent comments and reviews" - type: string - required: false - default: "" - secrets: - COPILOT_GITHUB_TOKEN: - required: true -concurrency: - group: pr-review-${{ github.event.pull_request.number }} - cancel-in-progress: true -permissions: - contents: read - pull-requests: read - issues: read -tools: - github: - toolsets: [repos, issues, pull_requests, search] - bash: true - web-fetch: -network: - allowed: - - defaults - - github - - go - - node - - python - - ruby -strict: false -roles: [admin, maintainer, write] -bots: - - "${{ inputs.allowed-bot-users }}" -timeout-minutes: 30 -steps: - - name: Repo-specific setup - if: ${{ inputs.setup-commands != '' }} - env: - SETUP_COMMANDS: ${{ inputs.setup-commands }} - run: eval "$SETUP_COMMANDS" ---- - -# PR Review Agent - -Review pull requests in ${{ github.repository }} and provide actionable feedback via inline review comments on specific code lines. - -## Context - -- **Repository**: ${{ github.repository }} -- **PR**: #${{ github.event.pull_request.number }} — ${{ github.event.pull_request.title }} - -## Constraints - -This workflow is read-only. You can read files, search code, run commands, and interact with PRs and issues — but your only outputs are inline review comments and a review submission. - -## Review Process - -Follow these steps in order. - -### Step 1: Gather Context - -1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. Use these as additional review criteria throughout the review. If this fails, continue without it. -2. Call `pull_request_read` with method `get` on PR #${{ github.event.pull_request.number }} to get the full PR details (author, description, branches). -3. If the PR description references issues (e.g., "Fixes #123", "Closes #456"), call `issue_read` with method `get` on each linked issue to understand the motivation and acceptance criteria. -4. Call `pull_request_read` with method `get_review_comments` to check existing review threads. Note which files already have threads and whether threads are resolved, unresolved, or outdated. -5. Call `pull_request_read` with method `get_reviews` to see prior review submissions from this bot. Do not repeat points already made in prior reviews. - -### Step 2: Review Each File - -Follow the **Code Review Reference** below — review each changed file one at a time, leaving inline comments before moving to the next file. - -### Step 3: Submit the Review - -**Skip if nothing new:** If you left zero inline comments during this review AND your verdict would be the same as the most recent review from this bot (compare against `get_reviews` from Step 1), call `noop` with a message like "No new findings — prior review still applies" and stop. Do not submit a redundant review. - -After reviewing ALL files and leaving inline comments, step back and consider the PR as a whole. Call **`submit_pull_request_review`** with: -- The review type (REQUEST_CHANGES, COMMENT, or APPROVE) -- A review body that is **only the verdict and only if the verdict is not APPROVE**. If you have cross-cutting feedback that spans multiple files or cannot be expressed as inline comments, include it here. Otherwise, leave the review body empty — your inline comments already contain the detail. - -**Bot-authored PRs:** If the PR author is `github-actions[bot]`, you can only submit a `COMMENT` review — `APPROVE` and `REQUEST_CHANGES` will fail because GitHub does not allow bot accounts to approve or request changes on their own PRs. Use `COMMENT` and state your verdict in the review body instead. - -**Do NOT** describe what the PR does, list the files you reviewed, summarize inline comments, or restate prior review feedback. The PR author already knows what their PR does. Your inline comments already contain all the detail. The review body exists solely to communicate the approve/request-changes decision and important/critical feedback that cannot be covered in inline comments. - -If you have no issues, or you have only provided NITPICK and LOW issues, submit an APPROVE review. Otherwise, submit a REQUEST_CHANGES review. - -## Review Settings - -- **Intensity**: `${{ inputs.intensity }}` -- **Minimum inline severity**: `${{ inputs.minimum_severity }}` - -These override the defaults defined in the Code Review Reference below. - -${{ inputs.additional-instructions }} diff --git a/github/workflows/gh-aw-update-pr-body.md b/github/workflows/gh-aw-update-pr-body.md deleted file mode 100644 index bf77d0a7..00000000 --- a/github/workflows/gh-aw-update-pr-body.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -description: "Update PR body when code changes cause it to drift from the current state" -imports: - - gh-aw-fragments/elastic-tools.md - - gh-aw-fragments/runtime-setup.md - - gh-aw-fragments/formatting.md - - gh-aw-fragments/rigor.md - - gh-aw-fragments/mcp-pagination.md - - gh-aw-fragments/messages-footer.md - - gh-aw-fragments/safe-output-update-pr.md -engine: - id: copilot - model: gpt-5.3-codex - concurrency: - group: "gh-aw-copilot-update-pr-body-${{ github.event.pull_request.number }}" -on: - workflow_call: - inputs: - additional-instructions: - description: "Repo-specific instructions appended to the agent prompt" - type: string - required: false - default: "" - setup-commands: - description: "Shell commands to run before the agent starts (dependency install, build, etc.)" - type: string - required: false - default: "" - allowed-bot-users: - description: "Allowlisted bot actors (comma-separated usernames)" - type: string - required: false - default: "github-actions[bot]" - messages-footer: - description: "Footer appended to all agent comments and reviews" - type: string - required: false - default: "" - secrets: - COPILOT_GITHUB_TOKEN: - required: true -concurrency: - group: update-pr-body-${{ github.event.pull_request.number }} - cancel-in-progress: true -permissions: - contents: read - issues: read - pull-requests: read -tools: - github: - toolsets: [repos, issues, pull_requests, search] - bash: true - web-fetch: -network: - allowed: - - defaults - - github - - go - - node - - python - - ruby -strict: false -roles: [admin, maintainer, write] -bots: - - "${{ inputs.allowed-bot-users }}" -timeout-minutes: 15 -steps: - - name: Repo-specific setup - if: ${{ inputs.setup-commands != '' }} - env: - SETUP_COMMANDS: ${{ inputs.setup-commands }} - run: eval "$SETUP_COMMANDS" ---- - -# PR Body Update Agent - -Keep the pull request body in sync with the actual state of the code changes in ${{ github.repository }}. - -## Context - -- **Repository**: ${{ github.repository }} -- **PR**: #${{ github.event.pull_request.number }} — ${{ github.event.pull_request.title }} - -## Objective - -Determine whether the current PR body accurately reflects the code changes in this PR. If the body is significantly out of date or missing key information about the current diff, update it. Minor wording differences are not significant — only update when the body would meaningfully mislead a reviewer. - -## Instructions - -### Step 1: Gather Context - -1. Call `generate_agents_md` to get the repository's coding guidelines and conventions. If this fails, continue without it. -2. Call `pull_request_read` with method `get` on PR #${{ github.event.pull_request.number }} to get the full PR details — current body, commits, and file list. -3. Call `pull_request_read` with method `get_files` to get the list of changed files. -4. If the PR description references issues (e.g., "Fixes #123", "Closes #456"), call `issue_read` with method `get` on each linked issue to understand the original motivation. - -### Step 2: Analyze the Diff - -Run `git log --oneline ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}` to see the commit history, then read the actual diff: - -```bash -git diff --stat ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} -``` - -For key changed files, read relevant sections to understand the scope and nature of the changes. - -### Step 3: Evaluate Drift - -Compare the current PR body to what the diff actually contains. The body has **significant drift** if: - -1. **Missing major features or changes** — a new public API, endpoint, configuration option, or workflow was added/removed/renamed that the body doesn't mention -2. **Incorrect description** — the body describes behavior that the code no longer implements, or describes files/functions that were subsequently renamed or removed -3. **Empty or placeholder body** — the PR body is blank, a template stub, or says something like "TODO" or "add description" -4. **Scope mismatch** — the body describes a narrow fix but the diff shows broad refactoring (or vice versa), leaving reviewers without an accurate picture - -Do **not** update when: -- The body is a reasonable high-level summary even if some details differ -- Only minor wording could be improved -- The change is purely cosmetic or test-only and the body already captures the intent -- An update would erase useful context (motivation, design decisions, issue links) that the author provided - -### Step 4: Update or Noop - -**If there is significant drift:** - -Call `update_pull_request` with a `replace` operation to write a body that: -- Preserves the original motivation and context (including issue links like `Fixes #N`) -- Accurately describes what was actually changed in the diff -- Follows the style and format conventions of the original body (if any) -- Is concise — one clear paragraph per major concern, no padding - -**If the body is accurate enough:** - -Call `noop` with a brief message like "PR body accurately reflects the current diff — no update needed." - -${{ inputs.additional-instructions }} From 5f1111d1ae700d739e0c85b061bd1d3743ad7639 Mon Sep 17 00:00:00 2001 From: William Easton Date: Fri, 20 Feb 2026 17:23:50 -0600 Subject: [PATCH 3/4] Recompile lock files with allowed-bot-users input Regenerate lock files so GH_AW_ALLOWED_BOTS uses the ${{ inputs.allowed-bot-users }} expression at runtime. Co-authored-by: Cursor --- .github/workflows/gh-aw-docs-pr-review.lock.yml | 11 ++++++++--- .../workflows/gh-aw-duplicate-issue-detector.lock.yml | 11 ++++++++--- .github/workflows/gh-aw-issue-triage-pr.lock.yml | 11 ++++++++--- .github/workflows/gh-aw-issue-triage.lock.yml | 11 ++++++++--- .github/workflows/gh-aw-pr-review.lock.yml | 11 ++++++++--- .github/workflows/gh-aw-update-pr-body.lock.yml | 11 ++++++++--- 6 files changed, 48 insertions(+), 18 deletions(-) diff --git a/.github/workflows/gh-aw-docs-pr-review.lock.yml b/.github/workflows/gh-aw-docs-pr-review.lock.yml index 8280772c..a72d6e81 100644 --- a/.github/workflows/gh-aw-docs-pr-review.lock.yml +++ b/.github/workflows/gh-aw-docs-pr-review.lock.yml @@ -34,12 +34,12 @@ # - gh-aw-fragments/safe-output-review-comment.md # - gh-aw-fragments/safe-output-submit-review.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"a14cf047811bd09159340279108df8b3cae741fdbc9ea05eb6fb2c08c6600ad8"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"7e787dc844c5f1ec5d61d12bad5ca37d06bdeac7712d089fa2ba8478b76dbbbd"} name: "Docs PR Review Agent" "on": # bots: # Bots processed as bot check in pre-activation job - # - github-actions[bot] # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -51,6 +51,11 @@ name: "Docs PR Review Agent" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string intensity: default: balanced description: "Review intensity: conservative, balanced, or aggressive" @@ -1473,7 +1478,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write - GH_AW_ALLOWED_BOTS: github-actions[bot] + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-duplicate-issue-detector.lock.yml b/.github/workflows/gh-aw-duplicate-issue-detector.lock.yml index 4cdd70bf..13182b10 100644 --- a/.github/workflows/gh-aw-duplicate-issue-detector.lock.yml +++ b/.github/workflows/gh-aw-duplicate-issue-detector.lock.yml @@ -32,12 +32,12 @@ # - gh-aw-fragments/rigor.md # - gh-aw-fragments/safe-output-add-comment.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"f11a5980742945f1a89c7a3cb431ea3fe41a16474a27028d21b67303ebea473c"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"54f4c99590e6a5346f33b4bb3faf377f246229980f51c29dfa0a81a73e7143ba"} name: "Duplicate Issue Detector" "on": # bots: # Bots processed as bot check in pre-activation job - # - github-actions[bot] # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +49,11 @@ name: "Duplicate Issue Detector" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1175,7 +1180,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write - GH_AW_ALLOWED_BOTS: github-actions[bot] + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-issue-triage-pr.lock.yml b/.github/workflows/gh-aw-issue-triage-pr.lock.yml index a766c00a..46953b47 100644 --- a/.github/workflows/gh-aw-issue-triage-pr.lock.yml +++ b/.github/workflows/gh-aw-issue-triage-pr.lock.yml @@ -35,12 +35,12 @@ # - gh-aw-fragments/safe-output-create-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"06a2c1d6cc1d3e8aa63002b4b9a540b05abc70be0cba0eebe2bbe3aac1ad3ed0"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"172aabe99d27e236acb0e91fccfd49d613a9111b0ec6167e80dbe2bad5c00182"} name: "Issue Triage Agent (with PR)" "on": # bots: # Bots processed as bot check in pre-activation job - # - github-actions[bot] # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -52,6 +52,11 @@ name: "Issue Triage Agent (with PR)" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1461,7 +1466,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write - GH_AW_ALLOWED_BOTS: github-actions[bot] + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-issue-triage.lock.yml b/.github/workflows/gh-aw-issue-triage.lock.yml index 3ba367c2..ca3cccbc 100644 --- a/.github/workflows/gh-aw-issue-triage.lock.yml +++ b/.github/workflows/gh-aw-issue-triage.lock.yml @@ -33,12 +33,12 @@ # - gh-aw-fragments/runtime-setup.md # - gh-aw-fragments/safe-output-add-comment.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"8df7cbc5ebd3e1e83e2dbecae8988a5710dad07cfad7bc30f0fb658d96a2a7ae"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"16a0785fbe96159699b982e8cbb44def9409fd3f24f8c32d0e7c8ba02bf0ad26"} name: "Issue Triage Agent" "on": # bots: # Bots processed as bot check in pre-activation job - # - github-actions[bot] # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +50,11 @@ name: "Issue Triage Agent" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1283,7 +1288,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write - GH_AW_ALLOWED_BOTS: github-actions[bot] + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-pr-review.lock.yml b/.github/workflows/gh-aw-pr-review.lock.yml index 53183367..06edd734 100644 --- a/.github/workflows/gh-aw-pr-review.lock.yml +++ b/.github/workflows/gh-aw-pr-review.lock.yml @@ -36,12 +36,12 @@ # - gh-aw-fragments/safe-output-review-comment.md # - gh-aw-fragments/safe-output-submit-review.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"d73b9a1b32b1a05e3cf6157d669139209e3680c413a58f23a73aea905931cbcd"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"a0f8d7b3589513329e5ecefd79d652634639675230d174b2dfeea04473a006c4"} name: "PR Review Agent" "on": # bots: # Bots processed as bot check in pre-activation job - # - github-actions[bot] # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -53,6 +53,11 @@ name: "PR Review Agent" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string intensity: default: balanced description: "Review intensity: conservative, balanced, or aggressive" @@ -1508,7 +1513,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write - GH_AW_ALLOWED_BOTS: github-actions[bot] + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-update-pr-body.lock.yml b/.github/workflows/gh-aw-update-pr-body.lock.yml index 4aa0812e..0e0c8aa8 100644 --- a/.github/workflows/gh-aw-update-pr-body.lock.yml +++ b/.github/workflows/gh-aw-update-pr-body.lock.yml @@ -33,12 +33,12 @@ # - gh-aw-fragments/runtime-setup.md # - gh-aw-fragments/safe-output-update-pr.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"7313fb3ed0b65b00863c3af6b475356dfc256f9a5dab3af9199fac66c8ab83dc"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"56b8bdada8c5aed1fcef5c14243ea6dbc76733f3b2ea6b97332dfa5e8ccb0140"} name: "PR Body Update Agent" "on": # bots: # Bots processed as bot check in pre-activation job - # - github-actions[bot] # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +50,11 @@ name: "PR Body Update Agent" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1265,7 +1270,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write - GH_AW_ALLOWED_BOTS: github-actions[bot] + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | From b6aeb36f6dea531fbb7f60e18b65e1a276c8b456 Mon Sep 17 00:00:00 2001 From: William Easton Date: Fri, 20 Feb 2026 17:30:09 -0600 Subject: [PATCH 4/4] Add allowed-bot-users input to all workflows Extend the configurable bot allowlist to all 31 workflows (not just the original 6). Since these are all reusable workflows, callers control the trigger events and any of them could be wired to interactive events where a bot is the actor. - 30 workflow_call workflows: add `allowed-bot-users` input with default `github-actions[bot]` and wire `bots:` to the input - 1 standalone workflow (upgrade-check): add hardcoded `bots:` entry - Update all 24 READMEs with the new input documentation - Recompile all lock files Co-authored-by: Cursor --- .github/workflows/gh-aw-agent-efficiency.lock.yml | 10 +++++++++- .github/workflows/gh-aw-agent-efficiency.md | 7 +++++++ .github/workflows/gh-aw-agent-suggestions.lock.yml | 10 +++++++++- .github/workflows/gh-aw-agent-suggestions.md | 7 +++++++ .../workflows/gh-aw-breaking-change-detect.lock.yml | 10 +++++++++- .github/workflows/gh-aw-breaking-change-detect.md | 7 +++++++ .github/workflows/gh-aw-bug-exterminator.lock.yml | 10 +++++++++- .github/workflows/gh-aw-bug-exterminator.md | 7 +++++++ .github/workflows/gh-aw-bug-hunter.lock.yml | 10 +++++++++- .github/workflows/gh-aw-bug-hunter.md | 7 +++++++ .github/workflows/gh-aw-code-simplifier.lock.yml | 10 +++++++++- .github/workflows/gh-aw-code-simplifier.md | 7 +++++++ .github/workflows/gh-aw-docs-drift-external.lock.yml | 10 +++++++++- .github/workflows/gh-aw-docs-drift-external.md | 7 +++++++ .github/workflows/gh-aw-docs-drift.lock.yml | 10 +++++++++- .github/workflows/gh-aw-docs-drift.md | 7 +++++++ ...gh-aw-docs-new-contributor-review-external.lock.yml | 10 +++++++++- .../gh-aw-docs-new-contributor-review-external.md | 7 +++++++ .../gh-aw-docs-new-contributor-review.lock.yml | 10 +++++++++- .github/workflows/gh-aw-docs-new-contributor-review.md | 7 +++++++ .github/workflows/gh-aw-downstream-health.lock.yml | 10 +++++++++- .github/workflows/gh-aw-downstream-health.md | 7 +++++++ .github/workflows/gh-aw-downstream-users.lock.yml | 10 +++++++++- .github/workflows/gh-aw-downstream-users.md | 7 +++++++ .github/workflows/gh-aw-flaky-test-triage.lock.yml | 10 +++++++++- .github/workflows/gh-aw-flaky-test-triage.md | 7 +++++++ .github/workflows/gh-aw-mention-in-issue.lock.yml | 10 +++++++++- .github/workflows/gh-aw-mention-in-issue.md | 7 +++++++ .github/workflows/gh-aw-mention-in-pr.lock.yml | 10 +++++++++- .github/workflows/gh-aw-mention-in-pr.md | 7 +++++++ .github/workflows/gh-aw-performance-profiler.lock.yml | 10 +++++++++- .github/workflows/gh-aw-performance-profiler.md | 7 +++++++ .github/workflows/gh-aw-pr-checks-fix.lock.yml | 10 +++++++++- .github/workflows/gh-aw-pr-checks-fix.md | 7 +++++++ .github/workflows/gh-aw-pr-ci-detective.lock.yml | 10 +++++++++- .github/workflows/gh-aw-pr-ci-detective.md | 7 +++++++ .github/workflows/gh-aw-pr-ci-fixer.lock.yml | 10 +++++++++- .github/workflows/gh-aw-pr-ci-fixer.md | 7 +++++++ .github/workflows/gh-aw-project-summary.lock.yml | 10 +++++++++- .github/workflows/gh-aw-project-summary.md | 7 +++++++ .../gh-aw-semantic-function-clustering.lock.yml | 10 +++++++++- .../workflows/gh-aw-semantic-function-clustering.md | 7 +++++++ .github/workflows/gh-aw-small-problem-fixer.lock.yml | 10 +++++++++- .github/workflows/gh-aw-small-problem-fixer.md | 7 +++++++ .github/workflows/gh-aw-stale-issues.lock.yml | 10 +++++++++- .github/workflows/gh-aw-stale-issues.md | 7 +++++++ .github/workflows/gh-aw-test-improvement.lock.yml | 10 +++++++++- .github/workflows/gh-aw-test-improvement.md | 7 +++++++ .github/workflows/gh-aw-upgrade-check.lock.yml | 4 +++- .github/workflows/gh-aw-upgrade-check.md | 2 ++ gh-agent-workflows/agent-efficiency/README.md | 1 + gh-agent-workflows/agent-suggestions/README.md | 1 + gh-agent-workflows/breaking-change-detect/README.md | 1 + gh-agent-workflows/bug-exterminator/README.md | 1 + gh-agent-workflows/bug-hunter/README.md | 1 + gh-agent-workflows/code-simplifier/README.md | 1 + gh-agent-workflows/docs-drift-external/README.md | 1 + gh-agent-workflows/docs-drift/README.md | 1 + .../docs-new-contributor-review-external/README.md | 1 + .../docs-new-contributor-review/README.md | 1 + gh-agent-workflows/downstream-health/README.md | 1 + gh-agent-workflows/flaky-test-triage/README.md | 1 + gh-agent-workflows/mention-in-issue/README.md | 1 + gh-agent-workflows/mention-in-pr/README.md | 1 + gh-agent-workflows/performance-profiler/README.md | 1 + gh-agent-workflows/pr-checks-fix/README.md | 1 + gh-agent-workflows/pr-ci-detective/README.md | 1 + gh-agent-workflows/pr-ci-fixer/README.md | 1 + gh-agent-workflows/project-summary/README.md | 1 + gh-agent-workflows/release-update/README.md | 1 + .../semantic-function-clustering/README.md | 1 + gh-agent-workflows/small-problem-fixer/README.md | 1 + gh-agent-workflows/stale-issues/README.md | 1 + gh-agent-workflows/test-improvement/README.md | 1 + 74 files changed, 413 insertions(+), 25 deletions(-) diff --git a/.github/workflows/gh-aw-agent-efficiency.lock.yml b/.github/workflows/gh-aw-agent-efficiency.lock.yml index 229d8b83..34d09105 100644 --- a/.github/workflows/gh-aw-agent-efficiency.lock.yml +++ b/.github/workflows/gh-aw-agent-efficiency.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"9ef6b3525b1f8370b6c89d8c1c2600b619e80d4335568b18bbb76fa17711ec0f"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"5cb613c9cb5e8ba1d3f4f1030a5e8647523620dfb3d9748ce0c7251e1511d4ec"} name: "Gh Aw Agent Efficiency" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Gh Aw Agent Efficiency" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1410,6 +1417,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-agent-efficiency.md b/.github/workflows/gh-aw-agent-efficiency.md index 95de967b..b7eb0084 100644 --- a/.github/workflows/gh-aw-agent-efficiency.md +++ b/.github/workflows/gh-aw-agent-efficiency.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: agent-efficiency cancel-in-progress: true diff --git a/.github/workflows/gh-aw-agent-suggestions.lock.yml b/.github/workflows/gh-aw-agent-suggestions.lock.yml index 53330c74..e8e7fb8e 100644 --- a/.github/workflows/gh-aw-agent-suggestions.lock.yml +++ b/.github/workflows/gh-aw-agent-suggestions.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"6b49cd4131ccab4521f9a1ae4c057fdcef049d25b786f3e43b4694e31326c78c"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"870a261fb788ab39a368901c98eb61774bbd85078cff9e137168ab6408c1d27f"} name: "Gh Aw Agent Suggestions" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Gh Aw Agent Suggestions" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1341,6 +1348,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-agent-suggestions.md b/.github/workflows/gh-aw-agent-suggestions.md index e3ab7eb2..b5c50d7c 100644 --- a/.github/workflows/gh-aw-agent-suggestions.md +++ b/.github/workflows/gh-aw-agent-suggestions.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: agent-suggestions cancel-in-progress: true diff --git a/.github/workflows/gh-aw-breaking-change-detect.lock.yml b/.github/workflows/gh-aw-breaking-change-detect.lock.yml index 40bb2179..9cbe1a81 100644 --- a/.github/workflows/gh-aw-breaking-change-detect.lock.yml +++ b/.github/workflows/gh-aw-breaking-change-detect.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"0405731b9939fce5cff67eb6d34cc157b1af045c58b504e6a196db8e28604505"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"64897f7b3befd7a76f26c9760fac8d3150041791d28cc0459469fe2d9f57162a"} name: "Gh Aw Breaking Change Detect" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "Gh Aw Breaking Change Detect" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1354,6 +1361,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-breaking-change-detect.md b/.github/workflows/gh-aw-breaking-change-detect.md index ee62c24d..9870a1af 100644 --- a/.github/workflows/gh-aw-breaking-change-detect.md +++ b/.github/workflows/gh-aw-breaking-change-detect.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -35,6 +40,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: breaking-change-detect cancel-in-progress: true diff --git a/.github/workflows/gh-aw-bug-exterminator.lock.yml b/.github/workflows/gh-aw-bug-exterminator.lock.yml index e9e023bd..5d4258bf 100644 --- a/.github/workflows/gh-aw-bug-exterminator.lock.yml +++ b/.github/workflows/gh-aw-bug-exterminator.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"def0d715f26d3e9829f2b33482d208d17a7a903cc36c3a22988618e234f92e7c"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"4b9e80a5b81775e2536d8793d048668260dfd2998a38dc9c8e48da022a8c3253"} name: "Bug Exterminator" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Bug Exterminator" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1386,6 +1393,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-bug-exterminator.md b/.github/workflows/gh-aw-bug-exterminator.md index 9c2a06d1..aa1d0640 100644 --- a/.github/workflows/gh-aw-bug-exterminator.md +++ b/.github/workflows/gh-aw-bug-exterminator.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: bug-exterminator cancel-in-progress: true diff --git a/.github/workflows/gh-aw-bug-hunter.lock.yml b/.github/workflows/gh-aw-bug-hunter.lock.yml index d65ad265..3deebbc6 100644 --- a/.github/workflows/gh-aw-bug-hunter.lock.yml +++ b/.github/workflows/gh-aw-bug-hunter.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"b3a845533b9b698a8346e5576d958eadc1fe3dba897a65d09334dcf9e9a7e5d1"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"73f59fe519844f9e66e2fc7f408c3f25dfd8aa4d95b1988f7c4d54d5670c875b"} name: "Gh Aw Bug Hunter" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "Gh Aw Bug Hunter" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1352,6 +1359,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-bug-hunter.md b/.github/workflows/gh-aw-bug-hunter.md index 35bab865..c5bd3ba9 100644 --- a/.github/workflows/gh-aw-bug-hunter.md +++ b/.github/workflows/gh-aw-bug-hunter.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -35,6 +40,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: bug-hunter cancel-in-progress: true diff --git a/.github/workflows/gh-aw-code-simplifier.lock.yml b/.github/workflows/gh-aw-code-simplifier.lock.yml index 8741847b..4c0a1a78 100644 --- a/.github/workflows/gh-aw-code-simplifier.lock.yml +++ b/.github/workflows/gh-aw-code-simplifier.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"1dc76566a26a5b2694b814b3310f304da259420102a763e68e2c23b48a631b65"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"a9f72d8af5640635b65d08b098cab7ea14e1aae19053efbcfb114ceae962a41f"} name: "Code Simplifier" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Code Simplifier" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1391,6 +1398,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-code-simplifier.md b/.github/workflows/gh-aw-code-simplifier.md index 74ecadbd..4de1c716 100644 --- a/.github/workflows/gh-aw-code-simplifier.md +++ b/.github/workflows/gh-aw-code-simplifier.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: code-simplifier cancel-in-progress: true diff --git a/.github/workflows/gh-aw-docs-drift-external.lock.yml b/.github/workflows/gh-aw-docs-drift-external.lock.yml index 259ec9a3..7bd5cbe9 100644 --- a/.github/workflows/gh-aw-docs-drift-external.lock.yml +++ b/.github/workflows/gh-aw-docs-drift-external.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"8d9301773da190ee2c824fd3d756ccb6788c2b32a6942120c7eebde7244cbd20"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"4769fe2a96c4b1021c1d2ecf48ceb1f9007f3f8b5001a43acab883a77d8305e5"} name: "Gh Aw Docs Drift External" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "Gh Aw Docs Drift External" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string lookback-window: default: 7 days ago description: Git lookback window for detecting recent commits (e.g. '7 days ago', '14 days ago') @@ -1395,6 +1402,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-docs-drift-external.md b/.github/workflows/gh-aw-docs-drift-external.md index 352cc834..a8b546b1 100644 --- a/.github/workflows/gh-aw-docs-drift-external.md +++ b/.github/workflows/gh-aw-docs-drift-external.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -40,6 +45,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: docs-drift-external cancel-in-progress: true diff --git a/.github/workflows/gh-aw-docs-drift.lock.yml b/.github/workflows/gh-aw-docs-drift.lock.yml index c6ab19f4..67cb8464 100644 --- a/.github/workflows/gh-aw-docs-drift.lock.yml +++ b/.github/workflows/gh-aw-docs-drift.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"deea3775ea53350805dc7d72417b625f19d7518268735b0c99f2b3f10ecb35e1"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"2b538fb63ae49fb937b28ff9818dc818cbd50b9a951dd31badcf89a3d8591643"} name: "Gh Aw Docs Drift" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "Gh Aw Docs Drift" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string lookback-window: default: 7 days ago description: Git lookback window for detecting recent commits (e.g. '7 days ago', '14 days ago') @@ -1360,6 +1367,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-docs-drift.md b/.github/workflows/gh-aw-docs-drift.md index be749047..d3abaa3d 100644 --- a/.github/workflows/gh-aw-docs-drift.md +++ b/.github/workflows/gh-aw-docs-drift.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -40,6 +45,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: docs-drift cancel-in-progress: true diff --git a/.github/workflows/gh-aw-docs-new-contributor-review-external.lock.yml b/.github/workflows/gh-aw-docs-new-contributor-review-external.lock.yml index 0b1ac0a5..42de2089 100644 --- a/.github/workflows/gh-aw-docs-new-contributor-review-external.lock.yml +++ b/.github/workflows/gh-aw-docs-new-contributor-review-external.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"fcaf8155c1c8a9ecaec3457adbb2625537fa4c0795ce75257a77835fc9c8fec6"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"877e7fa68e3fdf1b3446d06c0fdd8c2f5a9ceacf729619c36796679b8b89870d"} name: "Gh Aw Docs New Contributor Review External" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Gh Aw Docs New Contributor Review External" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1337,6 +1344,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-docs-new-contributor-review-external.md b/.github/workflows/gh-aw-docs-new-contributor-review-external.md index bda4a6e3..f9e080f4 100644 --- a/.github/workflows/gh-aw-docs-new-contributor-review-external.md +++ b/.github/workflows/gh-aw-docs-new-contributor-review-external.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: docs-new-contributor-review-external cancel-in-progress: true diff --git a/.github/workflows/gh-aw-docs-new-contributor-review.lock.yml b/.github/workflows/gh-aw-docs-new-contributor-review.lock.yml index c8ec0837..56724711 100644 --- a/.github/workflows/gh-aw-docs-new-contributor-review.lock.yml +++ b/.github/workflows/gh-aw-docs-new-contributor-review.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"2cb696fd48ea0e90763c97c8aa0a67a5dc983f59effde481dbbe5544d1c8ed7b"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"3a2db0b6e8e928fb9d4c7d9c4c56e188c4a7ec86704d1da949913e6a8891486a"} name: "Gh Aw Docs New Contributor Review" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Gh Aw Docs New Contributor Review" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1320,6 +1327,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-docs-new-contributor-review.md b/.github/workflows/gh-aw-docs-new-contributor-review.md index f8ff6906..976dc936 100644 --- a/.github/workflows/gh-aw-docs-new-contributor-review.md +++ b/.github/workflows/gh-aw-docs-new-contributor-review.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: docs-new-contributor-review cancel-in-progress: true diff --git a/.github/workflows/gh-aw-downstream-health.lock.yml b/.github/workflows/gh-aw-downstream-health.lock.yml index fbb636d2..de860576 100644 --- a/.github/workflows/gh-aw-downstream-health.lock.yml +++ b/.github/workflows/gh-aw-downstream-health.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"fe8eb7d74e2345e03cfb1a0b2b70b16ce65d82f97e59494fb26d28c0e54cfae6"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"aa303b2070c5600fb3f07d7f014159b8a05a0e7fabf3e71884831cddd14dc3eb"} name: "Gh Aw Downstream Health" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Gh Aw Downstream Health" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1387,6 +1394,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-downstream-health.md b/.github/workflows/gh-aw-downstream-health.md index 35be197a..9b4b27a8 100644 --- a/.github/workflows/gh-aw-downstream-health.md +++ b/.github/workflows/gh-aw-downstream-health.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: downstream-health cancel-in-progress: true diff --git a/.github/workflows/gh-aw-downstream-users.lock.yml b/.github/workflows/gh-aw-downstream-users.lock.yml index d2e345ae..65199e5e 100644 --- a/.github/workflows/gh-aw-downstream-users.lock.yml +++ b/.github/workflows/gh-aw-downstream-users.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"353547d8d23a5b5eaca71e46743ad7edf9eecb226acbd25e427efabb56e59197"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"5a7b6b4d8300486f9fdee23335eb1e78b4c6b23f9e415186616bab4fce693d08"} name: "Downstream Users Tracking" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Downstream Users Tracking" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1398,6 +1405,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-downstream-users.md b/.github/workflows/gh-aw-downstream-users.md index c82b3c6e..dc262548 100644 --- a/.github/workflows/gh-aw-downstream-users.md +++ b/.github/workflows/gh-aw-downstream-users.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: downstream-users cancel-in-progress: true diff --git a/.github/workflows/gh-aw-flaky-test-triage.lock.yml b/.github/workflows/gh-aw-flaky-test-triage.lock.yml index 7019073a..a64d8f7f 100644 --- a/.github/workflows/gh-aw-flaky-test-triage.lock.yml +++ b/.github/workflows/gh-aw-flaky-test-triage.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/scheduled-report.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"89da49e053bcde32bd6901aa179c29924d2b3fbcf919f00719599d3ec89d8258"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"89622b26a4734509d21d64e7df1c09e06061d6270dba75c9bf3b40ba9a2124e3"} name: "Gh Aw Flaky Test Triage" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "Gh Aw Flaky Test Triage" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1347,6 +1354,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-flaky-test-triage.md b/.github/workflows/gh-aw-flaky-test-triage.md index c51cd7b0..4c79a255 100644 --- a/.github/workflows/gh-aw-flaky-test-triage.md +++ b/.github/workflows/gh-aw-flaky-test-triage.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -35,6 +40,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: flaky-test-triage cancel-in-progress: true diff --git a/.github/workflows/gh-aw-mention-in-issue.lock.yml b/.github/workflows/gh-aw-mention-in-issue.lock.yml index 14d27975..839e82b8 100644 --- a/.github/workflows/gh-aw-mention-in-issue.lock.yml +++ b/.github/workflows/gh-aw-mention-in-issue.lock.yml @@ -36,10 +36,12 @@ # - gh-aw-fragments/safe-output-create-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"f0e78cd3d265d245decd50102fa167e63a16b5bba0af92389525416108aa9001"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"f9be34e092153458bc90890f599f372f3ada78eb522d6a248d9e32a38aeb4ea5"} name: "Issue Assistant" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -51,6 +53,11 @@ name: "Issue Assistant" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string draft-prs: default: "true" description: "Create PRs as draft (default: true)" @@ -1540,6 +1547,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-mention-in-issue.md b/.github/workflows/gh-aw-mention-in-issue.md index 6418d5ce..6789a0e3 100644 --- a/.github/workflows/gh-aw-mention-in-issue.md +++ b/.github/workflows/gh-aw-mention-in-issue.md @@ -29,6 +29,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -44,6 +49,8 @@ on: required: true reaction: "eyes" roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: mention-issue-${{ github.event.issue.number }} cancel-in-progress: true diff --git a/.github/workflows/gh-aw-mention-in-pr.lock.yml b/.github/workflows/gh-aw-mention-in-pr.lock.yml index 72f5b262..1dab7fba 100644 --- a/.github/workflows/gh-aw-mention-in-pr.lock.yml +++ b/.github/workflows/gh-aw-mention-in-pr.lock.yml @@ -39,10 +39,12 @@ # - gh-aw-fragments/safe-output-submit-review.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"1c2736f84323d7d0f2926ed48c1ea9115fbd92ea894bb692413231d2c1763886"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"05ba397f0e9acff923f1733045de5c311bf94cc52654b57f45f910d6fc0aedab"} name: "PR Assistant" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -54,6 +56,11 @@ name: "PR Assistant" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1729,6 +1736,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-mention-in-pr.md b/.github/workflows/gh-aw-mention-in-pr.md index 370f1dcc..a2c8c9b4 100644 --- a/.github/workflows/gh-aw-mention-in-pr.md +++ b/.github/workflows/gh-aw-mention-in-pr.md @@ -32,6 +32,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -42,6 +47,8 @@ on: required: true reaction: "eyes" roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: mention-pr-${{ github.event.issue.number }} cancel-in-progress: true diff --git a/.github/workflows/gh-aw-performance-profiler.lock.yml b/.github/workflows/gh-aw-performance-profiler.lock.yml index cc9af9f4..e7e05161 100644 --- a/.github/workflows/gh-aw-performance-profiler.lock.yml +++ b/.github/workflows/gh-aw-performance-profiler.lock.yml @@ -36,10 +36,12 @@ # - gh-aw-fragments/scheduled-report.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"905126a88d4d48a4ee2639c9a9d5b2346d082532104c6d559d623372759d988f"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"40694a540f4b6af634d4e7d226a0938b95d825f379fbf8a1350698214b407cc5"} name: "Gh Aw Performance Profiler" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -51,6 +53,11 @@ name: "Gh Aw Performance Profiler" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1404,6 +1411,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-performance-profiler.md b/.github/workflows/gh-aw-performance-profiler.md index d3e409e9..e85ce015 100644 --- a/.github/workflows/gh-aw-performance-profiler.md +++ b/.github/workflows/gh-aw-performance-profiler.md @@ -27,6 +27,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -36,6 +41,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: performance-profiler cancel-in-progress: true diff --git a/.github/workflows/gh-aw-pr-checks-fix.lock.yml b/.github/workflows/gh-aw-pr-checks-fix.lock.yml index b0b1f995..77fb1f6f 100644 --- a/.github/workflows/gh-aw-pr-checks-fix.lock.yml +++ b/.github/workflows/gh-aw-pr-checks-fix.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/safe-output-push-to-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"86dc6b9b9e4311e6d7cc7c76c09fe9cb6ae6ed24e83728d3629346ed4bf83699"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"c32907d675ac96915f1eb5ddb6b411a6410d5c2f85f8e13c3b36f0d517eb6e72"} name: "PR Checks Fixer" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "PR Checks Fixer" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1413,6 +1420,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-pr-checks-fix.md b/.github/workflows/gh-aw-pr-checks-fix.md index 9980926f..db5372ed 100644 --- a/.github/workflows/gh-aw-pr-checks-fix.md +++ b/.github/workflows/gh-aw-pr-checks-fix.md @@ -28,6 +28,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -37,6 +42,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: pr-checks-fix-${{ github.event.workflow_run.id }} cancel-in-progress: false diff --git a/.github/workflows/gh-aw-pr-ci-detective.lock.yml b/.github/workflows/gh-aw-pr-ci-detective.lock.yml index 21c967c0..bdecf375 100644 --- a/.github/workflows/gh-aw-pr-ci-detective.lock.yml +++ b/.github/workflows/gh-aw-pr-ci-detective.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-add-comment.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"3f59e639c8d9079c20f8c903eeed5f9136de8812a61f6df882dd178a3e5cd96b"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"710ca9af0aff04005624870e71fae849b574c3ddc54eb9db5e4ee87ca1e948e2"} name: "PR CI Detective" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "PR CI Detective" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1232,6 +1239,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-pr-ci-detective.md b/.github/workflows/gh-aw-pr-ci-detective.md index 10f4e970..5bd8de5b 100644 --- a/.github/workflows/gh-aw-pr-ci-detective.md +++ b/.github/workflows/gh-aw-pr-ci-detective.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: pr-ci-detective-${{ github.event.workflow_run.id }} cancel-in-progress: false diff --git a/.github/workflows/gh-aw-pr-ci-fixer.lock.yml b/.github/workflows/gh-aw-pr-ci-fixer.lock.yml index 0f0ca970..3ef356dd 100644 --- a/.github/workflows/gh-aw-pr-ci-fixer.lock.yml +++ b/.github/workflows/gh-aw-pr-ci-fixer.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/safe-output-push-to-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"97c1a4bed329a591710c112c5f7a8c9d2347f4442c97826e0244ba66dd3738c2"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"e4aa09e4c5c852a5f2e237140f1516cd62f53ee8d33b899af4258bf2264bb7bf"} name: "PR CI Fixer" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "PR CI Fixer" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1417,6 +1424,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-pr-ci-fixer.md b/.github/workflows/gh-aw-pr-ci-fixer.md index 75d74c5b..bf973375 100644 --- a/.github/workflows/gh-aw-pr-ci-fixer.md +++ b/.github/workflows/gh-aw-pr-ci-fixer.md @@ -30,6 +30,11 @@ on: description: "Workflow run ID to analyze" type: string required: true + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -39,6 +44,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: pr-ci-fixer-${{ inputs.workflow-run-id }} cancel-in-progress: false diff --git a/.github/workflows/gh-aw-project-summary.lock.yml b/.github/workflows/gh-aw-project-summary.lock.yml index 97b09a51..53093904 100644 --- a/.github/workflows/gh-aw-project-summary.lock.yml +++ b/.github/workflows/gh-aw-project-summary.lock.yml @@ -35,10 +35,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"3ec96495273944d32da2e1a07941c68700e75372ff7109e22b731a9a1a7eae84"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"97ed2a6822fb352a4034ac66dd92eb7ccaf439880309d22e8d7875c75d32edc0"} name: "Gh Aw Project Summary" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -50,6 +52,11 @@ name: "Gh Aw Project Summary" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1342,6 +1349,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-project-summary.md b/.github/workflows/gh-aw-project-summary.md index 220bb36c..f1cf32fa 100644 --- a/.github/workflows/gh-aw-project-summary.md +++ b/.github/workflows/gh-aw-project-summary.md @@ -26,6 +26,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -35,6 +40,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: project-summary cancel-in-progress: true diff --git a/.github/workflows/gh-aw-semantic-function-clustering.lock.yml b/.github/workflows/gh-aw-semantic-function-clustering.lock.yml index 5598a1b4..fb1ec7fc 100644 --- a/.github/workflows/gh-aw-semantic-function-clustering.lock.yml +++ b/.github/workflows/gh-aw-semantic-function-clustering.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"b9c9d44fc5242688e569a8675479da9e1b57ad24bdf09e3f768423784437c72e"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"1d06add6edb5ae015ef4baf036865f9ae4878fb97aed647e35ac9412dd9c793b"} name: "Gh Aw Semantic Function Clustering" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Gh Aw Semantic Function Clustering" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string file-globs: default: "" description: Comma-separated file globs to analyze (overrides languages mapping) @@ -1397,6 +1404,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-semantic-function-clustering.md b/.github/workflows/gh-aw-semantic-function-clustering.md index ea811cc3..ff61348b 100644 --- a/.github/workflows/gh-aw-semantic-function-clustering.md +++ b/.github/workflows/gh-aw-semantic-function-clustering.md @@ -35,6 +35,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -44,6 +49,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: semantic-function-clustering cancel-in-progress: true diff --git a/.github/workflows/gh-aw-small-problem-fixer.lock.yml b/.github/workflows/gh-aw-small-problem-fixer.lock.yml index 2e72783f..0ace9d75 100644 --- a/.github/workflows/gh-aw-small-problem-fixer.lock.yml +++ b/.github/workflows/gh-aw-small-problem-fixer.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"26468e378dfc0bc3df31573c1d94995c81f5c108cd43783c36214aac4949b48e"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"07650ab8e247458a55f5475387c286587c4c21bafd778947b1234e9401aede36"} name: "Small Problem Fixer" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Small Problem Fixer" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1404,6 +1411,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-small-problem-fixer.md b/.github/workflows/gh-aw-small-problem-fixer.md index 03041ebe..3b43732f 100644 --- a/.github/workflows/gh-aw-small-problem-fixer.md +++ b/.github/workflows/gh-aw-small-problem-fixer.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: small-problem-fixer cancel-in-progress: true diff --git a/.github/workflows/gh-aw-stale-issues.lock.yml b/.github/workflows/gh-aw-stale-issues.lock.yml index 6bf37f76..b7e58f51 100644 --- a/.github/workflows/gh-aw-stale-issues.lock.yml +++ b/.github/workflows/gh-aw-stale-issues.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"a1525a1443bce5816795bbbd5ad052c9730433fe4c76f46985c586b998497e93"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"09b4c491d09525553af6fbd67d55f2cd7ce9b8411886bfe06fdc2a09a5bb9380"} name: "Gh Aw Stale Issues" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Gh Aw Stale Issues" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1371,6 +1378,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-stale-issues.md b/.github/workflows/gh-aw-stale-issues.md index 76ac56f4..45167943 100644 --- a/.github/workflows/gh-aw-stale-issues.md +++ b/.github/workflows/gh-aw-stale-issues.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: stale-issues cancel-in-progress: true diff --git a/.github/workflows/gh-aw-test-improvement.lock.yml b/.github/workflows/gh-aw-test-improvement.lock.yml index afaef4ba..74a07dbb 100644 --- a/.github/workflows/gh-aw-test-improvement.lock.yml +++ b/.github/workflows/gh-aw-test-improvement.lock.yml @@ -34,10 +34,12 @@ # - gh-aw-fragments/safe-output-create-pr.md # - gh-aw-fragments/workflow-edit-guardrails.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"e72f561f4edcec56a2059ae0647bf86089e38ce79cb1b5b464a67856b24cabbe"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"0a349769ebe781cf2a3b995a7b2fb73f74587bc2de0a413c771b200505be7c1a"} name: "Test Improvement Agent" "on": + # bots: # Bots processed as bot check in pre-activation job + # - ${{ inputs.allowed-bot-users }} # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job @@ -49,6 +51,11 @@ name: "Test Improvement Agent" description: Repo-specific instructions appended to the agent prompt required: false type: string + allowed-bot-users: + default: github-actions[bot] + description: Allowlisted bot actor usernames (comma-separated) + required: false + type: string messages-footer: default: "" description: Footer appended to all agent comments and reviews @@ -1397,6 +1404,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: ${{ inputs.allowed-bot-users }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/gh-aw-test-improvement.md b/.github/workflows/gh-aw-test-improvement.md index 91a5b83e..345c7287 100644 --- a/.github/workflows/gh-aw-test-improvement.md +++ b/.github/workflows/gh-aw-test-improvement.md @@ -25,6 +25,11 @@ on: type: string required: false default: "" + allowed-bot-users: + description: "Allowlisted bot actor usernames (comma-separated)" + type: string + required: false + default: "github-actions[bot]" messages-footer: description: "Footer appended to all agent comments and reviews" type: string @@ -34,6 +39,8 @@ on: COPILOT_GITHUB_TOKEN: required: true roles: [admin, maintainer, write] + bots: + - "${{ inputs.allowed-bot-users }}" concurrency: group: test-improvement cancel-in-progress: true diff --git a/.github/workflows/gh-aw-upgrade-check.lock.yml b/.github/workflows/gh-aw-upgrade-check.lock.yml index dbc583c8..d8fa90e8 100644 --- a/.github/workflows/gh-aw-upgrade-check.lock.yml +++ b/.github/workflows/gh-aw-upgrade-check.lock.yml @@ -33,10 +33,12 @@ # - gh-aw-fragments/safe-output-create-issue.md # - gh-aw-fragments/scheduled-report.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"fcfe2190f940b23eab10d28e181acf42fb23de42e3aae477f45fa8ae836d58df"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"032ae3809223c0bbaaa679fbfc6c5f2f1947489d82ae9407905391ed87f5c65c"} name: "Gh Aw Upgrade Check" "on": + # bots: # Bots processed as bot check in pre-activation job + # - github-actions[bot] # Bots processed as bot check in pre-activation job # roles: # Roles processed as role check in pre-activation job # - admin # Roles processed as role check in pre-activation job # - maintainer # Roles processed as role check in pre-activation job diff --git a/.github/workflows/gh-aw-upgrade-check.md b/.github/workflows/gh-aw-upgrade-check.md index f5a3edc7..ddeaf2c8 100644 --- a/.github/workflows/gh-aw-upgrade-check.md +++ b/.github/workflows/gh-aw-upgrade-check.md @@ -16,6 +16,8 @@ on: - cron: "daily around 14:00 on weekdays" workflow_dispatch: roles: [admin, maintainer, write] + bots: + - "github-actions[bot]" concurrency: group: gh-aw-upgrade-check cancel-in-progress: true diff --git a/gh-agent-workflows/agent-efficiency/README.md b/gh-agent-workflows/agent-efficiency/README.md index 9ee06c19..c8baf237 100644 --- a/gh-agent-workflows/agent-efficiency/README.md +++ b/gh-agent-workflows/agent-efficiency/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/agent-suggestions/README.md b/gh-agent-workflows/agent-suggestions/README.md index 67b6051c..e05dae84 100644 --- a/gh-agent-workflows/agent-suggestions/README.md +++ b/gh-agent-workflows/agent-suggestions/README.md @@ -27,6 +27,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/breaking-change-detect/README.md b/gh-agent-workflows/breaking-change-detect/README.md index aaf07b46..ad4469a7 100644 --- a/gh-agent-workflows/breaking-change-detect/README.md +++ b/gh-agent-workflows/breaking-change-detect/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/bug-exterminator/README.md b/gh-agent-workflows/bug-exterminator/README.md index db4c6d5b..a146c579 100644 --- a/gh-agent-workflows/bug-exterminator/README.md +++ b/gh-agent-workflows/bug-exterminator/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/bug-hunter/README.md b/gh-agent-workflows/bug-hunter/README.md index bd2eab76..b53c3ac3 100644 --- a/gh-agent-workflows/bug-hunter/README.md +++ b/gh-agent-workflows/bug-hunter/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/code-simplifier/README.md b/gh-agent-workflows/code-simplifier/README.md index 4df41530..8d9eaa7f 100644 --- a/gh-agent-workflows/code-simplifier/README.md +++ b/gh-agent-workflows/code-simplifier/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/docs-drift-external/README.md b/gh-agent-workflows/docs-drift-external/README.md index 5aa58ae2..741bf9b0 100644 --- a/gh-agent-workflows/docs-drift-external/README.md +++ b/gh-agent-workflows/docs-drift-external/README.md @@ -30,6 +30,7 @@ See [example.yml](example.yml) for the full workflow file. | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | | `lookback-window` | Git lookback window for detecting recent commits (e.g. `7 days ago`, `14 days ago`) | No | `"7 days ago"` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/docs-drift/README.md b/gh-agent-workflows/docs-drift/README.md index 10d66568..cfdbc07a 100644 --- a/gh-agent-workflows/docs-drift/README.md +++ b/gh-agent-workflows/docs-drift/README.md @@ -30,6 +30,7 @@ See [example.yml](example.yml) for the full workflow file. | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | | `lookback-window` | Git lookback window for detecting recent commits (e.g. `7 days ago`, `14 days ago`) | No | `"7 days ago"` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/docs-new-contributor-review-external/README.md b/gh-agent-workflows/docs-new-contributor-review-external/README.md index 451b452d..81e0b2a3 100644 --- a/gh-agent-workflows/docs-new-contributor-review-external/README.md +++ b/gh-agent-workflows/docs-new-contributor-review-external/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/docs-new-contributor-review/README.md b/gh-agent-workflows/docs-new-contributor-review/README.md index f79ce49a..0554874f 100644 --- a/gh-agent-workflows/docs-new-contributor-review/README.md +++ b/gh-agent-workflows/docs-new-contributor-review/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/downstream-health/README.md b/gh-agent-workflows/downstream-health/README.md index ce93d1cd..f544c141 100644 --- a/gh-agent-workflows/downstream-health/README.md +++ b/gh-agent-workflows/downstream-health/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/flaky-test-triage/README.md b/gh-agent-workflows/flaky-test-triage/README.md index be1a14d6..517f3246 100644 --- a/gh-agent-workflows/flaky-test-triage/README.md +++ b/gh-agent-workflows/flaky-test-triage/README.md @@ -30,6 +30,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/mention-in-issue/README.md b/gh-agent-workflows/mention-in-issue/README.md index 1f9b09d1..d4a24bcb 100644 --- a/gh-agent-workflows/mention-in-issue/README.md +++ b/gh-agent-workflows/mention-in-issue/README.md @@ -28,6 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/mention-in-pr/README.md b/gh-agent-workflows/mention-in-pr/README.md index 4b39420b..b4994907 100644 --- a/gh-agent-workflows/mention-in-pr/README.md +++ b/gh-agent-workflows/mention-in-pr/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/performance-profiler/README.md b/gh-agent-workflows/performance-profiler/README.md index 2b1df194..ec32b93d 100644 --- a/gh-agent-workflows/performance-profiler/README.md +++ b/gh-agent-workflows/performance-profiler/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/pr-checks-fix/README.md b/gh-agent-workflows/pr-checks-fix/README.md index 51e1231e..a32eeddc 100644 --- a/gh-agent-workflows/pr-checks-fix/README.md +++ b/gh-agent-workflows/pr-checks-fix/README.md @@ -28,6 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/pr-ci-detective/README.md b/gh-agent-workflows/pr-ci-detective/README.md index bce3cd36..5aa2e653 100644 --- a/gh-agent-workflows/pr-ci-detective/README.md +++ b/gh-agent-workflows/pr-ci-detective/README.md @@ -28,6 +28,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/pr-ci-fixer/README.md b/gh-agent-workflows/pr-ci-fixer/README.md index ef3235d1..f8001620 100644 --- a/gh-agent-workflows/pr-ci-fixer/README.md +++ b/gh-agent-workflows/pr-ci-fixer/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | `workflow-run-id` | Failed workflow run ID to analyze | Yes | — | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/project-summary/README.md b/gh-agent-workflows/project-summary/README.md index ddde0e10..a36b636e 100644 --- a/gh-agent-workflows/project-summary/README.md +++ b/gh-agent-workflows/project-summary/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/release-update/README.md b/gh-agent-workflows/release-update/README.md index 848b2573..c723ed13 100644 --- a/gh-agent-workflows/release-update/README.md +++ b/gh-agent-workflows/release-update/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/semantic-function-clustering/README.md b/gh-agent-workflows/semantic-function-clustering/README.md index de26b454..05bb860e 100644 --- a/gh-agent-workflows/semantic-function-clustering/README.md +++ b/gh-agent-workflows/semantic-function-clustering/README.md @@ -31,6 +31,7 @@ See [example.yml](example.yml) for the full workflow file. | `file-globs` | Comma-separated file globs to analyze (overrides `languages`) | No | `""` | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/small-problem-fixer/README.md b/gh-agent-workflows/small-problem-fixer/README.md index a8c113ff..43d11593 100644 --- a/gh-agent-workflows/small-problem-fixer/README.md +++ b/gh-agent-workflows/small-problem-fixer/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/stale-issues/README.md b/gh-agent-workflows/stale-issues/README.md index dc2abe27..5a85eb7e 100644 --- a/gh-agent-workflows/stale-issues/README.md +++ b/gh-agent-workflows/stale-issues/README.md @@ -39,6 +39,7 @@ mkdir -p .github/workflows && curl -sL \ | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs diff --git a/gh-agent-workflows/test-improvement/README.md b/gh-agent-workflows/test-improvement/README.md index 29622179..1b7c1ea3 100644 --- a/gh-agent-workflows/test-improvement/README.md +++ b/gh-agent-workflows/test-improvement/README.md @@ -29,6 +29,7 @@ See [example.yml](example.yml) for the full workflow file. | --- | --- | --- | --- | | `additional-instructions` | Repo-specific instructions appended to the agent prompt | No | `""` | | `setup-commands` | Shell commands run before the agent starts | No | `""` | +| `allowed-bot-users` | Allowlisted bot actor usernames (comma-separated) | No | `github-actions[bot]` | ## Safe Outputs