Set max branch limit to 10 and enable deletion on scheduled runs

[Copilot]

The scheduled copilot branch cleanup was running in preview-only mode and capped at 1 branch. This enables actual deletion on scheduled runs and raises the limit to 10.

Changes

• max_branches default: 1 → 10 (input default + MAX_BRANCHES fallback in both steps)
• "Execute deletion commands" step: added || github.event_name == 'schedule' — deletion now runs automatically on the daily cron, not only when manually triggered with delete_branches: true
• "Preview mode notice" step: added && github.event_name != 'schedule' — suppresses the preview notice on scheduled runs where deletion is actually performed

[Copilot]

Pull request overview

Enables the scheduled Copilot branch cleanup workflow to actually delete branches (instead of preview-only) and increases the default deletion cap from 1 to 10, plus adjusts concurrency grouping in two gh-aw generated workflows.

Changes:

• Increase max_branches default from 1 → 10 and update the workflow’s MAX_BRANCHES fallback accordingly.
• Allow deletion to run automatically on schedule events, and suppress the preview-only notice for scheduled runs.
• Add input-based discriminators to conclusion job concurrency groups in two .lock.yml workflows.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/copilot-maintenance.yml	Raises default branch deletion limit and enables scheduled runs to execute deletions.
.github/workflows/stale-repo-identifier.lock.yml	Changes conclusion job concurrency group to include an input-based discriminator.
.github/workflows/slide-deck-maintainer.lock.yml	Changes conclusion job concurrency group to include an input-based discriminator.

Comments suppressed due to low confidence (1)

.github/workflows/copilot-maintenance.yml:93

• This step executes deletion commands via eval on strings derived from branch names. Git ref names can legally contain shell metacharacters (e.g., ;), so a maliciously named copilot/* branch could turn this into command injection. Avoid eval: parse the branch name and call git push origin --delete -- "$branch" (or validate with git check-ref-format) instead.

          ./scripts/delete-old-copilot-branches.sh | \
            grep "git push origin --delete copilot/" | \
            while read -r cmd; do
              echo "Executing: $cmd"
              eval "$cmd" || \
                echo "Failed to delete branch (may already be deleted)"

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The scheduled run now executes both “Run copilot branch cleanup script” and “Execute deletion commands”, which calls delete-old-copilot-branches.sh twice. Since the script makes per-branch gh pr list calls, this doubles API usage and runtime on the daily cron and increases the chance of hitting rate limits. Consider skipping the first step when github.event_name == 'schedule' (or when deletion will run), or refactor to run the script once and reuse its output for deletion.

[Copilot]

The PR title/description focuses on Copilot branch cleanup behavior, but this workflow change also modifies concurrency grouping for the stale-repo-identifier conclusion job. If this is intentional, please note it in the PR description (and ideally explain the rationale, e.g., avoiding cross-run contention between different organization inputs).

[Copilot]

The PR title/description focuses on Copilot branch cleanup behavior, but this workflow change also modifies concurrency grouping for the slide-deck-maintainer conclusion job. If this is intentional, please note it in the PR description (and ideally explain the rationale, e.g., avoiding cross-run contention between different focus values).