refactor(update-copilot-skills)!: drop skills-lock, use gh skill update --all#207
Merged
botantler[bot] merged 1 commit intomainfrom Apr 19, 2026
Merged
Conversation
…te --all The reusable workflow now wraps `devantler-tech/actions/update-copilot-skills@v2` which delegates to `gh skill update --all`. The installed SKILL.md files' own `metadata.github-*` frontmatter carries the upstream pointers, so: - Drop the `skills-lock`, `agent`, and `scope` inputs. - Drop the separate `setup-copilot-skills` re-install step — `gh skill update` edits installed SKILL.md files in place. - Add `dir` (default `.`) and `unpin` inputs; bump the pinned action SHA. - Only open a PR when the action reports `changed=true`; embed the `updated-skills` output in the PR body. - Refresh the README section to match (new usage snippet + inputs table). BREAKING CHANGE: The `skills-lock`, `agent`, and `scope` inputs are removed. Consumers should delete their skills-lock.json, install each skill via `gh skill install` (or `devantler-tech/actions/setup-copilot-skills@v2`), commit the resulting SKILL.md files, and pass `dir:` pointing at the directory those files live under. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![botantler[bot]](https://avatars.githubusercontent.com/in/1025824?s=60&v=4){kind=small}
Contributor
|
🎉 This PR is included in version 3.0.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
devantler
added a commit
to devantler-tech/ksail
that referenced
this pull request
Apr 19, 2026
Re-install each agent skill from its original upstream repo via `gh skill install`, so every installed SKILL.md now carries `metadata.github-*` frontmatter pointing at the true origin instead of `devantler-tech/skills`. `gh skill update --all` reads that metadata directly, making the sidecar `skills-lock.json` redundant. - Delete `skills-lock.json` + remove its mega-linter exclusions. - Reinstall 15 skills from upstream via `gh skill install <owner/repo> <path> --agent github-copilot --scope project --dir .agents/skills`. - Bump `update-skills.yaml` to pin the refreshed reusable workflow and swap `skills-lock` for the new `dir` input. BREAKING CHANGE: `skills-lock.json` is removed. Tooling that reads it must now discover skills under `.agents/skills/` instead. Refs: devantler-tech/skills#16, devantler-tech/actions#95, devantler-tech/reusable-workflows#207 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
Refactors the update-copilot-skills reusable workflow to rely on gh skill update --all (via devantler-tech/actions/update-copilot-skills@v2) so the committed SKILL.md files’ metadata.github-* frontmatter becomes the source of truth (no skills-lock.json).
Changes:
- Remove
skills-lock,agent, andscopeinputs; introducedirandunpininputs. - Drop the separate “install skills” step and only create a PR when
changed=true, includingupdated-skillsin the PR body. - Update README documentation to match the new workflow contract and usage.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| README.md | Updates workflow docs/usage to align with the new “installed SKILL.md is source of truth” approach. |
| .github/workflows/update-copilot-skills.yaml | Switches the workflow to updating installed skills in-place and conditionally opening a PR based on action output. |
Comments suppressed due to low confidence (1)
.github/workflows/update-copilot-skills.yaml:75
- The
step-security/create-pull-requeststep is configured withlabels: ${{ inputs.pr-labels }}. Applying labels to a PR requires theissues: writepermission on the token; with onlycontents: writeandpull-requests: writethis step can fail (or silently skip labeling). Addissues: writeto the job permissions when labels are used (or omit labels / make them conditional).
- name: 📦 Create pull request
if: steps.update.outputs.changed == 'true'
uses: step-security/create-pull-request@e604d57b37b404d8bb34d152fa905e45d003a895 # v8.1.0
with:
commit-message: ${{ inputs.commit-message }}
title: ${{ inputs.pr-title }}
| | `pr-labels` | Input (string) | `dependencies,automation` | No | Comma-separated labels for the update PR | | ||
| | `commit-message` | Input (string) | `chore(deps): update copilot skills` | No | Commit message for the update PR | | ||
|
|
||
| > **Note:** The calling workflow must grant `contents: write` and `pull-requests: write` permissions. |
There was a problem hiding this comment.
The README note says callers must grant contents: write and pull-requests: write, but this workflow also applies PR labels (pr-labels), which typically requires issues: write. Update the note (and/or the permissions example) to include issues: write so consumers don’t hit permission errors.
Suggested change
| > **Note:** The calling workflow must grant `contents: write` and `pull-requests: write` permissions. | |
| > **Note:** The calling workflow must grant `contents: write`, `pull-requests: write`, and `issues: write` permissions. |
devantler
added a commit
to devantler-tech/platform
that referenced
this pull request
Apr 19, 2026
Re-install each agent skill from its original upstream repo via `gh skill install`, so every installed SKILL.md now carries `metadata.github-*` frontmatter pointing at the true origin instead of `devantler-tech/skills`. `gh skill update --all` reads that metadata directly, making the sidecar `skills-lock.json` redundant. - Delete `skills-lock.json`. - Reinstall 11 of 12 skills from upstream via `gh skill install <owner/repo> <path> --agent github-copilot --scope project --dir .agents/skills`. - `siderolabs/docs` is not re-installed: the upstream ships `public/skill.md` (lowercase) which `gh skill install` rejects (it only recognises `SKILL.md`). Tracking upstream for a fix — until then, manage that skill out-of-band or drop it. - Bump `update-skills.yaml` to pin the refreshed reusable workflow and swap `skills-lock` for the new `dir` input. BREAKING CHANGE: `skills-lock.json` is removed. The `siderolabs` skill is temporarily unavailable pending an upstream rename to `SKILL.md`. Refs: devantler-tech/skills#16, devantler-tech/actions#95, devantler-tech/reusable-workflows#207 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Merged
1 task
github-merge-queue Bot
pushed a commit
to devantler-tech/platform
that referenced
this pull request
Apr 19, 2026
) * refactor(skills)!: reinstall from upstreams, drop skills-lock.json Re-install each agent skill from its original upstream repo via `gh skill install`, so every installed SKILL.md now carries `metadata.github-*` frontmatter pointing at the true origin instead of `devantler-tech/skills`. `gh skill update --all` reads that metadata directly, making the sidecar `skills-lock.json` redundant. - Delete `skills-lock.json`. - Reinstall 11 of 12 skills from upstream via `gh skill install <owner/repo> <path> --agent github-copilot --scope project --dir .agents/skills`. - `siderolabs/docs` is not re-installed: the upstream ships `public/skill.md` (lowercase) which `gh skill install` rejects (it only recognises `SKILL.md`). Tracking upstream for a fix — until then, manage that skill out-of-band or drop it. - Bump `update-skills.yaml` to pin the refreshed reusable workflow and swap `skills-lock` for the new `dir` input. BREAKING CHANGE: `skills-lock.json` is removed. The `siderolabs` skill is temporarily unavailable pending an upstream rename to `SKILL.md`. Refs: devantler-tech/skills#16, devantler-tech/actions#95, devantler-tech/reusable-workflows#207 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(update-skills): pin to merged reusable-workflows commit on main The previous PR-head SHA was unreachable from the default branch after reusable-workflows#207 squash-merged, triggering zizmor's "commit with no history in referenced repository" alert. Repoint at the merge commit on `main`. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-merge-queue Bot
pushed a commit
to devantler-tech/ksail
that referenced
this pull request
Apr 19, 2026
) * refactor(skills)!: reinstall from upstreams, drop skills-lock.json Re-install each agent skill from its original upstream repo via `gh skill install`, so every installed SKILL.md now carries `metadata.github-*` frontmatter pointing at the true origin instead of `devantler-tech/skills`. `gh skill update --all` reads that metadata directly, making the sidecar `skills-lock.json` redundant. - Delete `skills-lock.json` + remove its mega-linter exclusions. - Reinstall 15 skills from upstream via `gh skill install <owner/repo> <path> --agent github-copilot --scope project --dir .agents/skills`. - Bump `update-skills.yaml` to pin the refreshed reusable workflow and swap `skills-lock` for the new `dir` input. BREAKING CHANGE: `skills-lock.json` is removed. Tooling that reads it must now discover skills under `.agents/skills/` instead. Refs: devantler-tech/skills#16, devantler-tech/actions#95, devantler-tech/reusable-workflows#207 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(update-skills): pin to merged reusable-workflows commit on main The previous PR-head SHA was unreachable from the default branch after reusable-workflows#207 squash-merged, triggering zizmor's "commit with no history in referenced repository" alert. Repoint at the merge commit on `main`. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-merge-queue Bot
pushed a commit
to devantler-tech/ksail
that referenced
this pull request
Apr 19, 2026
) * refactor(skills)!: reinstall from upstreams, drop skills-lock.json Re-install each agent skill from its original upstream repo via `gh skill install`, so every installed SKILL.md now carries `metadata.github-*` frontmatter pointing at the true origin instead of `devantler-tech/skills`. `gh skill update --all` reads that metadata directly, making the sidecar `skills-lock.json` redundant. - Delete `skills-lock.json` + remove its mega-linter exclusions. - Reinstall 15 skills from upstream via `gh skill install <owner/repo> <path> --agent github-copilot --scope project --dir .agents/skills`. - Bump `update-skills.yaml` to pin the refreshed reusable workflow and swap `skills-lock` for the new `dir` input. BREAKING CHANGE: `skills-lock.json` is removed. Tooling that reads it must now discover skills under `.agents/skills/` instead. Refs: devantler-tech/skills#16, devantler-tech/actions#95, devantler-tech/reusable-workflows#207 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(update-skills): pin to merged reusable-workflows commit on main The previous PR-head SHA was unreachable from the default branch after reusable-workflows#207 squash-merged, triggering zizmor's "commit with no history in referenced repository" alert. Repoint at the merge commit on `main`. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-merge-queue Bot
pushed a commit
to devantler-tech/ksail
that referenced
this pull request
Apr 19, 2026
) * refactor(skills)!: reinstall from upstreams, drop skills-lock.json Re-install each agent skill from its original upstream repo via `gh skill install`, so every installed SKILL.md now carries `metadata.github-*` frontmatter pointing at the true origin instead of `devantler-tech/skills`. `gh skill update --all` reads that metadata directly, making the sidecar `skills-lock.json` redundant. - Delete `skills-lock.json` + remove its mega-linter exclusions. - Reinstall 15 skills from upstream via `gh skill install <owner/repo> <path> --agent github-copilot --scope project --dir .agents/skills`. - Bump `update-skills.yaml` to pin the refreshed reusable workflow and swap `skills-lock` for the new `dir` input. BREAKING CHANGE: `skills-lock.json` is removed. Tooling that reads it must now discover skills under `.agents/skills/` instead. Refs: devantler-tech/skills#16, devantler-tech/actions#95, devantler-tech/reusable-workflows#207 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(update-skills): pin to merged reusable-workflows commit on main The previous PR-head SHA was unreachable from the default branch after reusable-workflows#207 squash-merged, triggering zizmor's "commit with no history in referenced repository" alert. Repoint at the merge commit on `main`. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
devantler
added a commit
to devantler-tech/ksail
that referenced
this pull request
Apr 20, 2026
) * refactor(skills)!: reinstall from upstreams, drop skills-lock.json Re-install each agent skill from its original upstream repo via `gh skill install`, so every installed SKILL.md now carries `metadata.github-*` frontmatter pointing at the true origin instead of `devantler-tech/skills`. `gh skill update --all` reads that metadata directly, making the sidecar `skills-lock.json` redundant. - Delete `skills-lock.json` + remove its mega-linter exclusions. - Reinstall 15 skills from upstream via `gh skill install <owner/repo> <path> --agent github-copilot --scope project --dir .agents/skills`. - Bump `update-skills.yaml` to pin the refreshed reusable workflow and swap `skills-lock` for the new `dir` input. BREAKING CHANGE: `skills-lock.json` is removed. Tooling that reads it must now discover skills under `.agents/skills/` instead. Refs: devantler-tech/skills#16, devantler-tech/actions#95, devantler-tech/reusable-workflows#207 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(update-skills): pin to merged reusable-workflows commit on main The previous PR-head SHA was unreachable from the default branch after reusable-workflows#207 squash-merged, triggering zizmor's "commit with no history in referenced repository" alert. Repoint at the merge commit on `main`. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Wrap
devantler-tech/actions/update-copilot-skills@v2which delegates togh skill update --all. InstalledSKILL.mdfiles' ownmetadata.github-*frontmatter is the source of truth — noskills-lock.jsonrequired.Type of change
What changed
skills-lock,agent, andscopeinputs.setup-copilot-skillsre-install step —gh skill updateedits installedSKILL.mdfiles in place.dir(default.) andunpininputs; bump the pinned action SHA to the companiondevantler-tech/actions#95head.changed=true; embed theupdated-skillsoutput in the PR body.Breaking change
The
skills-lock,agent, andscopeinputs are removed. Consumers should delete theirskills-lock.json, install each skill viagh skill install(ordevantler-tech/actions/setup-copilot-skills@v2), commit the resultingSKILL.mdfiles, and passdir:pointing at the directory those files live under. Companion migration PRs:devantler-tech/skills#16,devantler-tech/actions#95, and follow-up PRs indevantler-tech/ksail+devantler-tech/platform.