Add cross-repo issue analysis agentic workflow#670
Conversation
Adds an agentic workflow that analyzes issues filed in copilot-sdk to determine if the root cause is in copilot-agent-runtime. When a runtime fix is needed, it automatically creates a linked issue and draft PR in the runtime repo. Triggers on new issues and manual workflow_dispatch. Requires a CROSS_REPO_PAT secret with access to both repos. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds a new agentic GitHub workflow to triage/copilot-sdk issues and, when appropriate, open linked tracking artifacts (issue + draft PR) in github/copilot-agent-runtime using a cross-repo PAT.
Changes:
- Introduces
cross-repo-issue-analysis.mdagent prompt/workflow definition for analyzing SDK issues vs runtime root causes. - Adds the compiled
cross-repo-issue-analysis.lock.ymlworkflow for CI execution. - Updates
.github/aw/actions-lock.jsonto pingithub/gh-aw/actions/setup@v0.50.5used by the new lock workflow.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/cross-repo-issue-analysis.md |
Defines the agent’s tasking/prompt + safe-outputs constraints for cross-repo issue/PR creation. |
.github/workflows/cross-repo-issue-analysis.lock.yml |
Compiled workflow that runs the agent and safe-outputs handler in CI. |
.github/aw/actions-lock.json |
Adds the pinned action version required by the new compiled workflow. |
| id: validate-secret | ||
| run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.com/gh-aw/reference/engines/#github-copilot-default | ||
| env: | ||
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} |
There was a problem hiding this comment.
The workflow validates COPILOT_GITHUB_TOKEN early, but never validates CROSS_REPO_PAT even though it’s required for safe-outputs and cross-repo operations. If the secret is missing/invalid the run will fail later with a less actionable error; add an early validation step for CROSS_REPO_PAT similar to the existing validate_multi_secret.sh check.
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | |
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | |
| - name: Validate CROSS_REPO_PAT secret | |
| run: /opt/gh-aw/actions/validate_multi_secret.sh CROSS_REPO_PAT 'Cross-Repo PAT' https://github.github.com/gh-aw/reference/engines/#github-copilot-default | |
| env: | |
| CROSS_REPO_PAT: ${{ secrets.CROSS_REPO_PAT }} |
| --- | ||
| description: Analyzes copilot-sdk issues to determine if a fix is needed in copilot-agent-runtime, then opens a linked issue and suggested-fix PR there | ||
| on: | ||
| issues: | ||
| types: [opened] | ||
| workflow_dispatch: | ||
| inputs: | ||
| issue_number: | ||
| description: "Issue number to analyze" | ||
| required: true | ||
| type: string | ||
| permissions: | ||
| contents: read | ||
| issues: read | ||
| pull-requests: read |
There was a problem hiding this comment.
The compiled lock workflow includes a pre-activation gate (admin/maintainer/write) because this workflow uses CROSS_REPO_PAT, but the source .md doesn’t declare any roles:. Please add an explicit roles: entry (and/or mention the restriction in the workflow description) so it’s clear who can trigger runs and why runs on externally-filed issues won’t activate.
| permissions: {} | ||
|
|
||
| concurrency: | ||
| group: "gh-aw-${{ github.workflow }}-${{ github.event.issue.number }}" |
There was a problem hiding this comment.
concurrency.group is based only on github.event.issue.number, which is empty for workflow_dispatch. That means manual runs (even for different issue numbers) will share the same concurrency group and cancel/serialize each other unexpectedly. Consider including inputs.issue_number (or github.run_id as a fallback) in the group key.
| group: "gh-aw-${{ github.workflow }}-${{ github.event.issue.number }}" | |
| group: "gh-aw-${{ github.workflow }}-${{ github.event.issue.number || inputs.issue_number || github.run_id }}" |
Adds an agentic workflow that analyzes issues filed in copilot-sdk to determine if the root cause is in copilot-agent-runtime. When a runtime fix is needed, it automatically creates a linked issue and draft PR in the runtime repo.
Triggers on new issues and manual workflow_dispatch. Requires a CROSS_REPO_PAT secret with access to both repos.