[copilot] Add /review agentic workflow and update android-reviewer skill#11149
Merged
jonathanpeppers merged 1 commit intomainfrom Apr 17, 2026
Merged
Conversation
Add a GitHub Agentic Workflow triggered by the `/review` slash command on pull requests. The workflow performs automated code review using the android-reviewer skill's review rules and posts findings as inline review comments and a review summary via safe-outputs. Changes: - Create `.github/workflows/android-reviewer.md` with slash_command trigger, read-only permissions, and safe-outputs for PR review comments (create-pull-request-review-comment, submit-pull-request-review) - Update the android-reviewer skill to remove the `submit_review.cs` script invocation and `gh api` posting; the skill now focuses on analysis and outputs findings directly - Delete `.github/skills/android-reviewer/scripts/submit_review.cs` - Update `copilot-setup-steps.yml` to install the gh-aw CLI extension and bump actions/checkout to v6 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jonathanpeppers
force-pushed
the
dev/peppers/code-reviewer-agentic-workflow
branch
from
693fc7c to
de9bc7a
Compare
Member
Author
|
/review |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an agentic /review-triggered workflow for automated PR reviews in dotnet/android, and updates the android-reviewer skill to rely on agentic workflow safe-outputs instead of a custom gh api submission script.
Changes:
- Introduces a new agentic workflow source (
android-reviewer.md) and compiled lock workflow (android-reviewer.lock.yml) to run reviews via/reviewand post results via safe-outputs. - Refactors the
android-reviewerskill docs and removes the now-unusedsubmit_review.csscript. - Updates Copilot setup workflow to install the
gh awCLI extension and bumpsactions/checkout.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/copilot-setup-steps.yml | Bumps checkout and installs gh aw CLI extension for workflow tooling. |
| .github/workflows/android-reviewer.md | Adds the /review agentic workflow source with tools + safe-outputs configuration. |
| .github/workflows/android-reviewer.lock.yml | Adds the compiled/locked GitHub Actions workflow generated by gh aw compile. |
| .github/skills/android-reviewer/scripts/submit_review.cs | Removes the custom review-submission script (no longer needed). |
| .github/skills/android-reviewer/SKILL.md | Updates skill workflow docs to “post directly” instead of generating/submitting JSON via script. |
| .github/aw/actions-lock.json | Adds action pin metadata used by agentic workflow tooling. |
| .github/agents/agentic-workflows.agent.md | Adds an agent definition/dispatcher doc for working with gh-aw workflows. |
| .gitattributes | Marks *.lock.yml workflows as generated and resolves merges via ours. |
| events: [pull_request_comment] | ||
| permissions: | ||
| contents: read | ||
| pull-requests: read |
There was a problem hiding this comment.
The workflow source declares default pull-requests: read, but this workflow is intended to post inline review comments and submit a PR review (via safe-outputs), which requires pull-requests: write in the jobs that post. Consider either removing the permissions: block (since the compiled lock file sets job-level permissions) or updating it to reflect the minimum write permissions actually required, so the source config doesn’t imply a read-only workflow.
Suggested change
| pull-requests: read | |
| pull-requests: write |
jonathanpeppers
added a commit
to jonathanpeppers/xamarin-android
that referenced
this pull request
Apr 17, 2026
…` skill (dotnet#11149) Add a GitHub Agentic Workflow triggered by the `/review` slash command on pull requests. The workflow performs automated code review using the android-reviewer skill's review rules and posts findings as inline review comments and a review summary via safe-outputs. Changes: - Create `.github/workflows/android-reviewer.md` with slash_command trigger, read-only permissions, and safe-outputs for PR review comments (create-pull-request-review-comment, submit-pull-request-review) - Update the android-reviewer skill to remove the `submit_review.cs` script invocation and `gh api` posting; the skill now focuses on analysis and outputs findings directly - Delete `.github/skills/android-reviewer/scripts/submit_review.cs` - Update `copilot-setup-steps.yml` to install the gh-aw CLI extension and bump actions/checkout to v6 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add a GitHub Agentic Workflow triggered by the
/reviewslash command on pull requests. The workflow performs automated code review using the android-reviewer skill's review rules and posts findings as inline review comments and a review summary via safe-outputs.Changes:
.github/workflows/android-reviewer.mdwith slash_command trigger, read-only permissions, and safe-outputs for PR review comments (create-pull-request-review-comment, submit-pull-request-review)submit_review.csscript invocation andgh apiposting; the skill now focuses on analysis and outputs findings directly.github/skills/android-reviewer/scripts/submit_review.cscopilot-setup-steps.ymlto install the gh-aw CLI extension and bump actions/checkout to v6