Skip to content

fix: skip GitHub App-only scopes in toolset permission validation and exclude dependabot from "all"#22851

Merged
pelikhan merged 3 commits intomainfrom
copilot/fix-dependabot-permissions
Mar 25, 2026
Merged

fix: skip GitHub App-only scopes in toolset permission validation and exclude dependabot from "all"#22851
pelikhan merged 3 commits intomainfrom
copilot/fix-dependabot-permissions

Conversation

Copy link
Contributor

Copilot AI commented Mar 25, 2026
edited
Loading

collectRequiredPermissions was including vulnerability-alerts in the required workflow permissions for the dependabot toolset. Since vulnerability-alerts is a GitHub App-only scope—not a valid GITHUB_TOKEN permission—this caused compilation failures for any workflow using toolsets: all or dependabot, even without a GitHub App configured.

Changes

  • pkg/workflow/permissions_toolset_data.go: Filter out GitHub App-only scopes in collectRequiredPermissions. These cannot appear in a workflow permissions: block and are already validated independently by validateGitHubAppOnlyPermissions.

    // Before: all read_permissions from the toolset were collected
// After: GitHub App-only scopes are skipped
if IsGitHubAppOnlyScope(scope) {
    continue
}

  • pkg/workflow/github_toolsets.go: Added GitHubToolsetsExcludedFromAll list and updated ParseGitHubToolsets to skip dependabot when expanding all. The dependabot toolset requires GitHub App-only permissions (vulnerability-alerts) that cannot be granted via GITHUB_TOKEN, so it must be opted in to explicitly (e.g., toolsets: [default, dependabot]) alongside a configured GitHub App.

  • pkg/workflow/permissions_validator_test.go: Update dependabot toolset test to expect only security-events (not vulnerability-alerts) at the workflow permission level.

  • pkg/workflow/github_toolsets_test.go and pkg/workflow/github_tool_to_toolset_test.go: Updated tests to reflect that all no longer includes dependabot.

This unblocks recompilation of 6 workflows that were silently running on stale lock files: daily-firewall-report, deep-report, dependabot-go-checker, github-mcp-structural-analysis, github-mcp-tools-report, and security-review.

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

Copilot AI linked an issue Mar 25, 2026 that may be closed by this pull request
[cli-tools-test] 6 workflows fail to recompile: missing vulnerability-alerts: read for dependabot toolset #22833
Closed
@pelikhan
fix: skip GitHub App-only scopes in collectRequiredPermissions to fix…
273fe8d 
… dependabot toolset compilation

The compiler was incorrectly requiring `vulnerability-alerts: read` as a
workflow-level permission when using the `dependabot` toolset (directly or
via `toolsets: all`). This is a GitHub App-only scope that cannot be set at
the GITHUB_TOKEN/workflow level.

Fix: Filter out GitHub App-only permission scopes in `collectRequiredPermissions`
so they are not included in the workflow-level permission requirements.

This unblocks 6 affected workflows that were failing to compile:
- daily-firewall-report.md
- deep-report.md
- dependabot-go-checker.md
- github-mcp-structural-analysis.md
- github-mcp-tools-report.md
- security-review.md

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/44690a38-5e56-4478-8a68-6d8bf5a9b386
Copilot AI changed the title [WIP] Fix compiler issues due to missing vulnerability-alerts permission fix: skip GitHub App-only scopes in toolset permission validation Mar 25, 2026
Copilot AI requested a review from pelikhan March 25, 2026 10:57
@pelikhan
Copy link
Contributor

pelikhan commented Mar 25, 2026

@copilot remove dependabot from "all" toolset

@pelikhan pelikhan marked this pull request as ready for review March 25, 2026 11:05
Copilot AI review requested due to automatic review settings March 25, 2026 11:05
Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes workflow permission validation for GitHub toolsets by excluding GitHub App-only scopes (e.g., vulnerability-alerts) from GITHUB_TOKEN permission requirements, preventing invalid workflow permissions: expectations for toolsets: all / dependabot.

Changes:

  • Update collectRequiredPermissions to skip GitHub App-only permission scopes when aggregating required workflow permissions.
  • Adjust dependabot toolset unit test expectations to require only security-events at the workflow permission level.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
pkg/workflow/permissions_toolset_data.go Filters out GitHub App-only scopes from toolset-derived workflow permission requirements.
pkg/workflow/permissions_validator_test.go Updates the dependabot toolset test case to align with the new filtering behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pkg/workflow/permissions_toolset_data.go
Comment on lines +112 to +113
// Skip GitHub App-only permission scopes; these cannot be set via GITHUB_TOKEN
// and are validated separately in validateGitHubAppOnlyPermissions.
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment here implies these GitHub App-only scopes are "validated separately in validateGitHubAppOnlyPermissions", but that validator only checks explicitly declared workflow permissions and doesn’t validate toolset-derived requirements. Consider rewording to clarify the real behavior (App-only scopes are not valid for GITHUB_TOKEN/job permissions, are filtered from rendered workflow permissions, and are only validated when explicitly declared for GitHub App token minting).

Suggested change
// Skip GitHub App-only permission scopes; these cannot be set via GITHUB_TOKEN
// and are validated separately in validateGitHubAppOnlyPermissions.
// Skip GitHub App-only permission scopes; these are not valid for GITHUB_TOKEN/job
// permissions, are excluded from toolset-derived workflow permissions, and are only
// validated when explicitly declared for GitHub App token minting.

Copilot uses AI. Check for mistakes.
@pelikhan
fix: exclude dependabot from 'all' toolset expansion
ba23156 
Dependabot toolset requires GitHub App-only permissions (vulnerability-alerts)
that cannot be granted via GITHUB_TOKEN. Workflows using `toolsets: all` should
not inadvertently pull in the dependabot toolset — users must opt in explicitly
with `toolsets: [default, dependabot]` and configure a GitHub App.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/d7e286c6-e1be-40da-852c-7a616d322b7c
Copy link
Contributor Author

Copilot AI commented Mar 25, 2026
edited
Loading

@copilot remove dependabot from "all" toolset

Done in ba23156. Added GitHubToolsetsExcludedFromAll to github_toolsets.go and updated ParseGitHubToolsets to skip dependabot when expanding all. Users who need it must opt in explicitly (e.g., toolsets: [default, dependabot]) and configure a GitHub App.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 899443/b321/vet.-c /opt/hostedtoolc&#34;prettier&#34; --write &#39;**/*.cjs&#39; &#39;**/*.ts&#39; &#39;**/*.json&#39; --ignore-path ../../../.pret.prettierignore gh api /repos/actions/github-script/git/ref/tags/v8 --jq /usr/bin/git -unreachable=falnode /tmp/go-build772/opt/hostedtoolcache/node/24.14.0/x64/bin/npx ache/node/24.14.prettier git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 899443/b061/vet./home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/pre�� /opt/hostedtoolc--write git rev-�� ath ../../../.pr**/*.json /opt/hostedtoolc--ignore-path /usr/bin/git -unreachable=falsh /tmp/go-build772-c /opt/hostedtoolc&#34;prettier&#34; --write &#39;../../../**/*.json&#39; &#39;!../../../pkg/workflow/js/**/*.json&#39; --ignore-path ../../../.prettierignore git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha rop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prgit /tmp/go-build772899443/b237/vet.cfg ache/node/24.14.0/x64/bin/node (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha tformat credential.helper ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel -tests /opt/hostedtoolcache/node/24.14.0/x64/bin/node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git llector.slice (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build772899443/b010/vet.cfg 0/x64/bin/node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha ithub/workflows/artifacts-summary.md /tmp/go-build772899443/b140/vet.cfg 899443/b308/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha .prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.prop.git x_amd64/vet /usr/bin/git matter-with-arragit ns x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 4752596/b376/parser.test /tmp/go-build772899443/b028/vet.cfg 4752596/b376/importcfg.link (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build772899443/b107/vet.cfg 899443/b306/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build772899443/b089/vet.cfg ache/node/24.14.0/x64/bin/node (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build772899443/b045/vet.cfg 899443/b303/vet.cfg (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build772899443/b043/vet.cfg 899443/b295/vet.cfg (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha get cfg 64/pkg/tool/linux_amd64/vet credential.helpegit (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json /opt/hostedtoolc--ignore-path /usr/bin/git ithub/workflows/sh /tmp/go-build772-c 899443/b329/vet.&#34;prettier&#34; --write &#39;../../../**/*.json&#39; &#39;!../../../pkg/workflow/js/**/*.json&#39; --ignore-path ../../../.prettierignore git rev-�� re --log-level=error /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -unreachable=falinfocmp /tmp/go-build772-1 /opt/hostedtoolcxterm-color git (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility /tmp/gh-aw/aw-feature-branch.patch git 0/x64/bin/node --show-toplevel -tests /usr/bin/git git ode_�� --show-toplevel git odules/npm/node_-f --show-toplevel (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha ath ../../../.pr**/*.json /opt/hostedtoolc--ignore-path /usr/bin/git -unreachable=falsh /tmp/go-build772-c /opt/hostedtoolc&#34;prettier&#34; --write &#39;../../../**/*.json&#39; &#39;!../../../pkg/workflow/js/**/*.json&#39; --ignore-path ../../../.prettierignore git er --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -unreachable=falgit /tmp/go-build772-C /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha get cfg 64/pkg/tool/linux_amd64/vet credential.userngit (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha get ndabot-permissions 64/pkg/tool/linux_amd64/vet credential.userngit (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git -unreachable=falgit /tmp/go-build772-C /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows git rev-�� js/**/*.json&#39; --ignore-path ../../../.prettierignore /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/grep -bool -buildtags /usr/bin/git grep (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title fix: skip GitHub App-only scopes in toolset permission validation fix: skip GitHub App-only scopes in toolset permission validation and exclude dependabot from "all" Mar 25, 2026
@pelikhan pelikhan merged commit 9f6a754 into main Mar 25, 2026
82 checks passed
@pelikhan pelikhan deleted the copilot/fix-dependabot-permissions branch March 25, 2026 11:25
This was referenced Mar 25, 2026
Closed
Open
github-actions bot added a commit that referenced this pull request Mar 25, 2026
@github-actions @claude
docs: document audit sections, toolsets: [all] behavior, and glob val…
59431e1 
…idation

- cli.md: expand gh aw audit description with the new report sections
  added in #22932 (engine config, prompt analysis, session & agent
  performance, MCP server health, safe output summary)
- github-tools.md: document toolsets shorthand values (default, all) and
  add a note that toolsets: [all] excludes dependabot (#22851)
- triggers.md: document compile-time glob pattern validation for push/
  pull_request/pull_request_target/workflow_run filter fields (#22873)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot mentioned this pull request Mar 25, 2026
Merged
pelikhan pushed a commit that referenced this pull request Mar 25, 2026
@github-actions @claude
docs: document audit sections, toolsets: [all] behavior, and glob val…
d2ec8e2 
…idation (#22972)

- cli.md: expand gh aw audit description with the new report sections
  added in #22932 (engine config, prompt analysis, session & agent
  performance, MCP server health, safe output summary)
- github-tools.md: document toolsets shorthand values (default, all) and
  add a note that toolsets: [all] excludes dependabot (#22851)
- triggers.md: document compile-time glob pattern validation for push/
  pull_request/pull_request_target/workflow_run filter fields (#22873)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[cli-tools-test] 6 workflows fail to recompile: missing vulnerability-alerts: read for dependabot toolset

3 participants

@pelikhan