feat: add daily-geo-optimizer agentic workflow for GEO auditing

[Copilot]

Summary

Adds .github/workflows/daily-geo-optimizer.md — a daily agentic workflow that audits the GEO (Generative Engine Optimization) of the github/gh-aw README and documentation site using the geo-optimizer-skill Python tool.

How it works

Job 1 — geo_audit (runs the tool)

A separate GitHub Actions job that:

1. Installs Python 3.11 and geo-optimizer-skill via pip
2. Audits the docs site homepage (https://github.github.com/gh-aw/) with geo audit --format json
3. Audits the docs sitemap (/sitemap.xml, up to 20 pages)
4. Audits the README via the GitHub repository page
5. Writes all JSON results + a metadata file to /tmp/gh-aw/geo-optimizer/
6. Uploads the results as a geo-optimizer-results GitHub Actions artifact (retained for 3 days)

Job 2 — agent (runs the AI)

Depends on geo_audit via if: needs.geo_audit.result == 'success'. A steps: entry in the frontmatter downloads the geo-optimizer-results artifact into /tmp/gh-aw/geo-optimizer/ inside the agent job before the container starts.

The Copilot agent:

1. Reads the downloaded JSON results from /tmp/gh-aw/geo-optimizer/
2. Creates a GitHub Discussion with scores, strengths, critical gaps, and prioritized fix recommendations

Security Review

New secrets (from shared/observability-otlp.md included via shared/daily-audit-base.md):

• GH_AW_OTEL_ENDPOINT — standard OTLP endpoint for workflow observability, used by all audit workflows
• GH_AW_OTEL_HEADERS — standard OTLP auth headers, same as all other daily audit workflows

Both are existing infrastructure secrets already used by 20+ other workflows in this repository. No new network access or credential paths are introduced.

New actions:

• actions/checkout@v4 (pinned to 34e114876b)
• actions/setup-python@v5 (pinned to a26af69be9)
• actions/upload-artifact@v7.0.1 (pinned to 043fb46d1a) — already used across many workflows
• actions/download-artifact@v8.0.1 (pinned to 3e5f45b2cf) — already used across many workflows

[pelikhan]

@copilot not cache memory,m

[Copilot]

@copilot not cache memory,m

Replaced cache-memory: true with the artifact pattern used elsewhere in the repo (b0634e4):

• geo_audit job uploads results with actions/upload-artifact (geo-optimizer-results)
• steps: in the agent frontmatter downloads the artifact into /tmp/gh-aw/geo-optimizer/ before the container starts

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv 0 -j ACCEPT (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Adds a new daily agentic workflow that runs geo-optimizer-skill against the gh-aw docs site + README, uploads the audit results as an artifact, and has a Copilot agent publish a GitHub Discussion summarizing findings and recommendations.

Changes:

• Added .github/workflows/daily-geo-optimizer.md defining the GEO audit job, artifact handoff, and agent prompt for discussion reporting.
• Added compiled workflow .github/workflows/daily-geo-optimizer.lock.yml.
• Updated .github/aw/actions-lock.json with additional pinned action entries used by the new workflow.

Show a summary per file

File	Description
.github/workflows/daily-geo-optimizer.md	Defines the daily GEO audit + artifact upload and the agent instructions to produce a discussion report.
.github/workflows/daily-geo-optimizer.lock.yml	Generated compiled workflow YAML implementing the MD workflow + shared imports.
.github/aw/actions-lock.json	Adds action lock entries required by the new workflow’s action versions.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

.github/workflows/daily-geo-optimizer.md:77

• metadata.json hardcodes readme_url to https://github.com/..., which won’t match the actual repo host on GHES/GHEC. This also makes the discussion report links inconsistent with the current run.

Prefer ${{ github.server_url }}/${{ github.repository }} for readme_url (and consider doing the same for any repo links in metadata).

            "docs_url": "https://github.github.com/gh-aw/",
            "readme_url": "https://github.com/${{ github.repository }}",
            "repository": "${{ github.repository }}",

• Files reviewed: 3/3 changed files
• Comments generated: 2