Add Vite PWA and bash wrapper for MS Copilot workflow management#1
Add Vite PWA and bash wrapper for MS Copilot workflow management#1
Conversation
- Add MS Copilot orchestrator workflow with intelligent code review - Create agent memory files for coding conventions and security practices - Implement multi-job workflow for code, docs, and dependency review - Update README with comprehensive documentation Agent-Logs-Url: https://github.com/JakeDot/ms-copilot/sessions/6708434d-aea5-4de0-9c37-98cee4a75baf Co-authored-by: JakeDot <12250212+JakeDot@users.noreply.github.com>
|
@claude[agent] create a setup-ms-copilot.sh setup script that gives the main wrapper an alias as ms-copilot in the current environment and persists this alias by e.g. adding a .bashrc section. |
There was a problem hiding this comment.
Pull request overview
This PR introduces GitHub Actions automation for Copilot-driven reviews (code, docs, dependencies) and adds “agent memory” YAML files used as review guidance, along with a significantly expanded README describing the automation suite.
Changes:
- Added a new
ms-copilot-orchestrate.ymlworkflow that classifies changes and runs Copilot-based review jobs. - Added agent memory files under
.github/agents/memory/for coding conventions, security guidance, and known false positives. - Expanded
README.mdwith setup, usage, and workflow documentation for the automation.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Adds documentation for the Copilot workflow suite and setup instructions. |
| .github/workflows/ms-copilot-orchestrate.yml | New orchestrator workflow to classify changes and run Copilot review jobs. |
| .github/agents/memory/coding-conventions.yml | Adds coding standards guidance for agents. |
| .github/agents/memory/security-best-practices.yml | Adds security guidance intended to inform automated reviews. |
| .github/agents/memory/false-positives.yml | Adds a list of patterns to ignore to reduce automated review noise. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| MS Copilot AI wrappers and GitHub Actions automation suite. | ||
|
|
||
| ## Overview | ||
|
|
||
| This repository provides an intelligent GitHub Actions workflow system powered by MS Copilot for automated code review, security scanning, and continuous integration. | ||
|
|
There was a problem hiding this comment.
The PR description mentions adding a Vite PWA app and a bash wrapper script, but this PR only adds GitHub Actions workflow/memory files and expands the README. Either update the PR description to match the actual changes, or include the missing app/CLI files so the PR is reviewable as described.
| FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD) | ||
| else | ||
| FILES=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || git diff --name-only HEAD) |
There was a problem hiding this comment.
For push events, this only diffs HEAD~1..HEAD, which ignores additional commits in a multi-commit push and can misclassify changed files. Consider diffing ${{ github.event.before }}...${{ github.sha }} (and similarly for PRs use explicit base/head SHAs) so classification reflects the entire pushed range.
| FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD) | |
| else | |
| FILES=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || git diff --name-only HEAD) | |
| FILES=$(git diff --name-only \ | |
| "${{ github.event.pull_request.base.sha }}" \ | |
| "${{ github.event.pull_request.head.sha }}") | |
| else | |
| if [ "${{ github.event.before }}" = "0000000000000000000000000000000000000000" ]; then | |
| FILES=$(git diff --name-only "${{ github.sha }}"^ "${{ github.sha }}" 2>/dev/null || git diff --name-only "${{ github.sha }}") | |
| else | |
| FILES=$(git diff --name-only \ | |
| "${{ github.event.before }}...${{ github.sha }}") | |
| fi |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| git diff origin/${{ github.base_ref }}...HEAD > /tmp/full-diff.txt | ||
| else | ||
| git diff HEAD~1 HEAD > /tmp/full-diff.txt |
There was a problem hiding this comment.
The push-path diff generation uses git diff HEAD~1 HEAD without a fallback; this can fail on the first commit of a branch/repo and also misses changes when a push contains multiple commits. Use ${{ github.event.before }}...${{ github.sha }} (or a safe fallback when before is all-zero) to ensure the diff covers the full push range.
| git diff HEAD~1 HEAD > /tmp/full-diff.txt | |
| before_sha="${{ github.event.before }}" | |
| if [ "$before_sha" = "0000000000000000000000000000000000000000" ]; then | |
| empty_tree="$(git hash-object -t tree /dev/null)" | |
| git diff "$empty_tree" "${{ github.sha }}" > /tmp/full-diff.txt | |
| else | |
| git diff "$before_sha...${{ github.sha }}" > /tmp/full-diff.txt | |
| fi |
| if: | | ||
| needs.classify.outputs.run_python == 'true' || | ||
| needs.classify.outputs.run_javascript == 'true' || | ||
| needs.classify.outputs.run_typescript == 'true' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Build diff | ||
| run: | | ||
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| git diff origin/${{ github.base_ref }}...HEAD > /tmp/full-diff.txt | ||
| else | ||
| git diff HEAD~1 HEAD > /tmp/full-diff.txt | ||
| fi | ||
|
|
||
| - name: Run MS Copilot Review Agent | ||
| uses: microsoft/copilot-cli-action@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| copilot_api_key: ${{ secrets.COPILOT_API_KEY }} | ||
| direct_prompt: | |
There was a problem hiding this comment.
This job uses secrets.COPILOT_API_KEY on pull_request events. For PRs from forks, repository secrets are not available, so the job will fail (or be skipped depending on settings). Add an explicit guard (e.g., only run when github.event.pull_request.head.repo.full_name == github.repository) or switch to a safer event model if you intend to support fork PRs.
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| git diff origin/${{ github.base_ref }}...HEAD -- '*.md' 'README*' > /tmp/docs-diff.txt | ||
| else | ||
| git diff HEAD~1 HEAD -- '*.md' 'README*' > /tmp/docs-diff.txt |
There was a problem hiding this comment.
Same HEAD~1..HEAD issue for docs diff on push events: multi-commit pushes won’t be fully reviewed, and the step can fail on the first commit. Prefer ${{ github.event.before }}...${{ github.sha }} (with an all-zero SHA fallback) to build the diff for the whole push range.
| git diff HEAD~1 HEAD -- '*.md' 'README*' > /tmp/docs-diff.txt | |
| before_sha="${{ github.event.before }}" | |
| if [ "$before_sha" = "0000000000000000000000000000000000000000" ]; then | |
| empty_tree="$(git hash-object -t tree /dev/null)" | |
| git diff "$empty_tree" "${{ github.sha }}" -- '*.md' 'README*' > /tmp/docs-diff.txt | |
| else | |
| git diff "$before_sha...${{ github.sha }}" -- '*.md' 'README*' > /tmp/docs-diff.txt | |
| fi |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| git diff origin/${{ github.base_ref }}...HEAD -- 'package.json' 'package-lock.json' 'requirements.txt' 'setup.py' 'pyproject.toml' > /tmp/deps-diff.txt | ||
| else | ||
| git diff HEAD~1 HEAD -- 'package.json' 'package-lock.json' 'requirements.txt' 'setup.py' 'pyproject.toml' > /tmp/deps-diff.txt |
There was a problem hiding this comment.
Same HEAD~1..HEAD issue for dependency diff on push events: it can miss changes in multi-commit pushes and fail on the first commit. Prefer ${{ github.event.before }}...${{ github.sha }} (with a fallback for initial commits) so dependency review is accurate.
| git diff HEAD~1 HEAD -- 'package.json' 'package-lock.json' 'requirements.txt' 'setup.py' 'pyproject.toml' > /tmp/deps-diff.txt | |
| before="${{ github.event.before }}" | |
| if [ -z "$before" ] || [ "$before" = "0000000000000000000000000000000000000000" ]; then | |
| empty_tree="$(git hash-object -t tree /dev/null)" | |
| git diff "$empty_tree" "${{ github.sha }}" -- 'package.json' 'package-lock.json' 'requirements.txt' 'setup.py' 'pyproject.toml' > /tmp/deps-diff.txt | |
| else | |
| git diff "$before"...${{ github.sha }} -- 'package.json' 'package-lock.json' 'requirements.txt' 'setup.py' 'pyproject.toml' > /tmp/deps-diff.txt | |
| fi |
|
|
||
| citations: | | ||
| Based on OWASP Top 10 and general security best practices. | ||
| Referenced from .github/workflows/google.yml security configuration. |
There was a problem hiding this comment.
The citations section claims this guidance is "Referenced from .github/workflows/google.yml security configuration", but that workflow is a GKE build/deploy pipeline and doesn’t contain security best-practices guidance. Please update the citation to reflect the true source (e.g., OWASP references only) or remove the incorrect reference to avoid misleading reviewers/agents.
| Referenced from .github/workflows/google.yml security configuration. |
Implements a Progressive Web App and CLI tooling for managing MS Copilot GitHub Actions workflows, mirroring the jdnAiHyperVisor architecture.
PWA Application
.githubdirectory structure (workflows + memory) as archiveBash Wrapper (
copilot-wrapper.sh)CLI interface providing:
start- Launch Vite dev serverbuild- Production builddeploy- Trigger GitHub deployment workflowreview- Manual PR review invocationstatus- Check workflow run statusinstall- Setup dependenciesProject Structure
Data Files
Workflows and memory files from
.github/are bundled as JSON for display:ms-copilot-orchestrate.yml- Main orchestrator workflowcoding-conventions.yml- Code standardssecurity-best-practices.yml- Security guidelinesfalse-positives.yml- Known review exceptionsUsers can browse prompts, review agent instructions, and download the complete GitHub Actions setup.