GitHub Copilot CLI Action 🤖

A GitHub Action wrapper for the GitHub Copilot CLI that enables AI-powered automation in your workflow files.

Installation

Token Setup

Warning

The default GITHUB_TOKEN does NOT have Copilot permissions!

You need a Personal Access Token (PAT) with Copilot access.

🚀 Quick Setup: Create Copilot CLI Token (Pre-configured)

At minimum, you need: Copilot Requests = Read-only

Tip

Save your token as a repository secret named COPILOT_TOKEN

Basic Setup

Add the following workflow to your .github/workflows folder:

name: 'Copilot Automation'
on: [pull_request]

jobs:
  copilot:
    permissions:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v5

      - name: 'Run Copilot CLI'
        uses: austenstone/copilot-cli@v2
        with:
          copilot-token: ${{ secrets.COPILOT_TOKEN }}
          prompt: |
            Review this pull request for:
            1. Code quality and best practices
            2. Security vulnerabilities
            3. Performance implications
            4. Documentation completeness

Advanced Setup with MCP Servers

          prompt: 'What time is it?'
          mcp-config: |
            {
              "mcpServers": {
                "time": {
                  "type": "local",
                  "command": "uvx",
                  "args": ["mcp-server-time", "--local-timezone", "America/New_York"],
                  "tools": ["*"]
                }
              }
            }

Configuration

Input Parameters

Parameter	Description	Required	Default
copilot-token	PAT with "Copilot Requests" permission. The default github.token does NOT work — you must provide a PAT.	✅	-
prompt	Natural language prompt to send to GitHub Copilot	✅	-
repo-token	Token for standard GitHub repo operations (push, PRs). Falls back to copilot-token if not set. Can use default GITHUB_TOKEN here.	❌	github.token
mcp-config	MCP server configuration in JSON format	❌	-
copilot-config	GitHub Copilot CLI configuration (JSON)	❌	See below
allow-all-tools	Allow all tools without approval	❌	true
allowed-tools	Comma-separated list of tools to allow (e.g., "shell(rm),shell(git push)")	❌	-
denied-tools	Comma-separated list of tools to deny (e.g., "shell(rm),shell(git push)")	❌	-
copilot-version	Version of @github/copilot to install (e.g., "latest", "0.0.329")	❌	latest
model	AI model to use (e.g., "claude-sonnet-4.5", "gpt-5")	❌	-
agent	Specify a custom agent to use	❌	-
additional-directories	Comma-separated list of additional directories to trust (e.g., "/tmp,/var/log")	❌	-
disable-mcp-servers	Comma-separated list of MCP servers to disable (e.g., "github-mcp-server,custom-server")	❌	-
enable-all-github-mcp-tools	Enable all GitHub MCP tools	❌	false
resume-session	Resume from a previous session ID (use "latest" for most recent)	❌	-
log-level	Log level: "none", "error", "warning", "info", "debug", "all", "default"	❌	all
upload-artifact	Upload Copilot logs as workflow artifacts	❌	true

MCP Server Configuration

The action supports Model Context Protocol (MCP) servers for extending Copilot's capabilities. Configure MCP servers using JSON format with an mcpServers object where each key is the server name and the value contains its configuration.

Important

See the official MCP server configuration docs for complete details.

Examples

📋 View All Example Workflows

Workflow	Description
CI Fix	Automatically analyzes failed workflow runs and creates a pull request with fixes
Comment Trigger	Responds to issue comments starting with /copilot and executes the requested task
Dependabot Analysis	Reviews Dependabot PRs with detailed dependency analysis, breaking changes, and migration guidance
PR Review	Performs comprehensive autonomous code reviews on pull requests with severity-based feedback
Research	Conducts deep research on GitHub issues using Firecrawl to gather and synthesize information
Security Triage	Triages all security alerts (Dependabot, Secret Scanning, Code Scanning) into a single comprehensive report
Issue Triage	Automatically labels issues based on their title and content using existing repository labels
Usage Report	Generates comprehensive Copilot usage reports and analytics

Troubleshooting

Note

Most issues stem from token configuration.

Common Issues

1. "Copilot token required" / Permission Denied

   • The default GITHUB_TOKEN does NOT have Copilot access
   • You must use a PAT with the "Copilot Requests" permission
   • Make sure your token is saved as a secret and referenced correctly

2. Copilot starts but permission denied

   • The repo-token default to GITHUB_TOKEN.
   • Add permissions: write-all to your workflow file.
   • Check Settings > Actions > General > Workflow permissions.
   • Verify the token is correctly configured in your workflow.

3. Tool Access Denied

   • Check your allowed-tools and denied-tools configuration
   • If allow-all-tools: false, you must explicitly allow needed tools

4. MCP Server Connection Issues

   • Verify MCP server URLs are accessible from GitHub-hosted runners
   • Check authentication headers and tokens
   • Ensure type is set correctly (local, http, or sse)

5. Session Resume Not Working

   • Session data is stored in logs; ensure upload-artifact: true
   • Use resume-session: latest to continue the most recent session

6. Large Output Truncation

   • Set log-level: error or log-level: warning to reduce verbosity
   • Break complex prompts into smaller, focused tasks

Related Resources

• GitHub Copilot CLI Documentation
• Model Context Protocol (MCP)
• MCP Server Configuration Docs
• Search for workflow examples