Skip to content

ci(copilot-review): migrate from gh-dagentic to release/@v1#27

Merged
arthur-debert merged 2 commits into
mainfrom
chore/migrate-copilot-review-pointer
May 8, 2026
Merged

ci(copilot-review): migrate from gh-dagentic to release/@v1#27
arthur-debert merged 2 commits into
mainfrom
chore/migrate-copilot-review-pointer

Conversation

@arthur-debert

Copy link
Copy Markdown
Owner

Migrates .github/workflows/copilot-review.yml from arthur-debert/gh-dagentic/.github/workflows/copilot-review.yml@main to arthur-debert/release/.github/workflows/copilot-review.yml@v1.

Why

The gh-dagentic reusable workflow authenticates with GITHUB_TOKEN. GITHUB_TOKEN authenticates as github-actions[bot] (Integration actor), and Integration actors silently no-op the Copilot review-attach. So gh pr edit --add-reviewer @copilot returned the PR URL with no error, but added nothing.

release/@v1 fixes this by requiring the caller to pass a user PAT (RELEASE_TOKEN) via secrets.gh_token.

Caught by

bin/audit-smoke-test against arthur-debert/dodot, which opened a real PR and verified the Copilot reviewer did not actually get attached even though the workflow ran successfully. See arthur-debert/release#2.

Auto-generated

This PR was opened by bin/migrate-copilot-review. Same change rolling out to all other consumers.

The previous reusable workflow at arthur-debert/gh-dagentic/.github/workflows/copilot-review.yml@main
authenticates with GITHUB_TOKEN, which is github-actions[bot]
(Integration actor). Integration actors silently no-op Copilot
review-attach: 'gh pr edit --add-reviewer @copilot' returns the PR
URL with no error but adds nothing.

release/@v1 requires the caller to pass a user PAT via
secrets.gh_token. RELEASE_TOKEN already exists on this repo (or
will once propagated), so wiring it through fixes the silent
failure.

Caught by bin/audit-smoke-test on arthur-debert/dodot — this commit
sweeps the rest.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Migrates the repository’s Copilot review GitHub Actions workflow to use the arthur-debert/release reusable workflow (@v1) so Copilot reviewer attachment authenticates via a user PAT instead of GITHUB_TOKEN.

Changes:

  • Switch reusable workflow from arthur-debert/gh-dagentic/...@main to arthur-debert/release/...@v1.
  • Pass secrets.RELEASE_TOKEN through as secrets.gh_token for authentication.

with:
pr_number: ${{ github.event.pull_request.number }}
secrets:
gh_token: ${{ secrets.RELEASE_TOKEN }}
Per portfolio policy (arthur-debert/release README §Dependabot policy):
app-dependency freshness is deliberately disabled portfolio-wide;
only github-actions freshness and security updates are automated.
@arthur-debert arthur-debert merged commit e10a183 into main May 8, 2026
3 checks passed
@arthur-debert arthur-debert deleted the chore/migrate-copilot-review-pointer branch May 8, 2026 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants