fix(ci-cd-gaps-assessment): resolve AI credits rate limit with DataOps refactor#5165
Conversation
- Change schedule from daily to weekly on Monday (7× fewer runs) - Switch GitHub tools from MCP server to gh-proxy mode - Remove agentic-workflows tool and its MCP imports - Add DataOps steps to pre-fetch all workflow/run data via gh CLI - Add bash tool so agent reads pre-fetched files instead of calling APIs - Add max-ai-credits: 500 guardrail to prevent future rate limit hits - Add close-older-discussions: true to avoid stale discussion accumulation - Tighten prompt body to use pre-fetched data (lower input tokens) - Recompile lock file
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
There was a problem hiding this comment.
Pull request overview
This PR adjusts the ci-cd-gaps-assessment agentic workflow to reduce Copilot AI credits consumption by running less frequently and by pre-materializing GitHub Actions data on the runner before the agent starts, shifting the agent toward local file reads instead of API exploration.
Changes:
- Switched schedule from daily to weekly (Monday) and added a per-run
max-ai-credits: 500cap. - Added a runner-side prefetch step that writes workflow/run data and aggregated stats into
/tmp/gh-aw/ci-assessment/, and updated the prompt to direct the agent to read those files. - Switched GitHub tooling to
mode: gh-proxy, enabledbash: true, and updated the compiled lock workflow accordingly (including CLI proxy startup).
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/ci-cd-gaps-assessment.md | Updates schedule/budget, adds CI data prefetch step, and rewrites agent instructions to consume pre-fetched files. |
| .github/workflows/ci-cd-gaps-assessment.lock.yml | Regenerates the compiled workflow to reflect gh-proxy/CLI-proxy usage, the new schedule, and the prefetch step. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 9
| - name: Setup Scripts | ||
| id: setup | ||
| uses: github/gh-aw-actions/setup@5c2fe865bb4dc46e1450f6ee0d0541d759aea73a # v0.79.6 | ||
| uses: github/gh-aw-actions/setup@v0.79.8 | ||
| with: | ||
| destination: ${{ runner.temp }}/gh-aw/actions |
| - name: Setup Scripts | ||
| id: setup | ||
| uses: github/gh-aw-actions/setup@5c2fe865bb4dc46e1450f6ee0d0541d759aea73a # v0.79.6 | ||
| uses: github/gh-aw-actions/setup@v0.79.8 | ||
| with: | ||
| destination: ${{ runner.temp }}/gh-aw/actions |
| env: | ||
| GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | ||
| GITHUB_SERVER_URL: ${{ github.server_url }} | ||
| CLI_PROXY_POLICY: '{"allow-only":{"repos":"all","min-integrity":"none"}}' |
| echo "::error::Failed to find gh-aw binary for MCP server" | ||
| exit 1 | ||
| fi | ||
| run: bash "${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh" ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6 ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4 ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2@sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0 ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591 ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c |
| gh workflow list --repo "$GITHUB_REPOSITORY" \ | ||
| --json name,state,path \ | ||
| > /tmp/gh-aw/ci-assessment/workflows.json \ | ||
| || echo '[]' > /tmp/gh-aw/ci-assessment/workflows.json |
| gh run list --repo "$GITHUB_REPOSITORY" \ | ||
| --limit 50 \ | ||
| --json name,status,conclusion,createdAt,event,workflowName \ | ||
| > /tmp/gh-aw/ci-assessment/recent-runs.json \ | ||
| || echo '[]' > /tmp/gh-aw/ci-assessment/recent-runs.json |
| gh run list --repo "$GITHUB_REPOSITORY" \ | ||
| --event pull_request \ | ||
| --limit 30 \ | ||
| --json name,status,conclusion,createdAt,workflowName \ | ||
| > /tmp/gh-aw/ci-assessment/pr-runs.json \ | ||
| || echo '[]' > /tmp/gh-aw/ci-assessment/pr-runs.json |
| - name: Setup Scripts | ||
| id: setup | ||
| uses: github/gh-aw-actions/setup@5c2fe865bb4dc46e1450f6ee0d0541d759aea73a # v0.79.6 | ||
| uses: github/gh-aw-actions/setup@v0.79.8 |
| - name: Setup Scripts | ||
| id: setup | ||
| uses: github/gh-aw-actions/setup@5c2fe865bb4dc46e1450f6ee0d0541d759aea73a # v0.79.6 | ||
| uses: github/gh-aw-actions/setup@v0.79.8 |
|
@copilot address review feedback |
|
⏳ Copilot review left inline comments. @copilot To proceed:
|
|
❌ Smoke Copilot BYOK AOAI (Entra) reports failed. AOAI BYOK (Entra) mode investigation needed... |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
✅ Build Test Suite completed successfully! |
|
❌ Contribution Check failed. Please review the logs for details. |
|
🔌 Smoke Services — All services reachable! ✅ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
✅ Smoke Gemini completed. All facets verified. 💎 |
|
Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded. |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
|
❌ Smoke Claude failed |
|
❌ Smoke Copilot BYOK reports failed. BYOK mode investigation needed... |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
🚀 Security Guard has started processing this pull request |
|
Merged PRs: Reduce Pelis Advisor AI credit burn with fixed low-cost model + turn cap; fix(ci-cd-gaps-assessment): resolve AI credits rate limit with DataOps refactor
|
🔬 Smoke Test Results — PR #5165"fix(ci-cd-gaps-assessment): resolve AI credits rate limit with DataOps refactor"
Overall:
|
🔬 Smoke Test: Copilot PAT Auth — PASS
PR: fix(ci-cd-gaps-assessment): resolve AI credits rate limit with DataOps refactor Overall: PASS ✅
|
|
PR: fix(ci-cd-gaps-assessment): resolve AI credits rate limit with DataOps refactor Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
Smoke Test: API Proxy OpenTelemetry Tracing
All scenarios pass ✅
|
Chroot Version Comparison
Result: Not all tests passed — Python and Node.js versions differ between host and chroot.
|
Smoke Test Results — FAIL
Overall: FAIL — service containers are not reachable from this runner.
|
Smoke Test Results
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
The
ci-cd-gaps-assessmentworkflow hit the Copilot AI credits rate limit (HTTP 429) due to daily scheduling, agent-driven GitHub data fetching via the full MCP server stack, and no per-run budget cap.Changes
daily→weekly on Monday— 7× fewer runs for a slow-changing gap assessmentgh workflow list,gh run list, aggregated stats) is now materialized to/tmp/gh-aw/ci-assessment/before the agent starts — zero AI tokens for data collectionagentic-workflowstool + imports: Eliminated theshared/mcp-pagination.md/shared/mcp/gh-aw.mdMCP server stack and associated tool-schema overheadgh-proxymode: Switchedgithub:tools from full MCP server tomode: gh-proxywithtoolsets: [default]; addedbash: trueso the agent reads pre-fetched filesmax-ai-credits: 500: Hard per-run budget cap to prevent future rate-limit eventsclose-older-discussions: true: Prevents stale discussion accumulation on the weekly cadencecatpre-fetched files rather than explore via API calls; prompt body reduced ~40%