From c2b46ce8ba7890bfd0cd55872c9d14e0cfacc23d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 13:16:19 +0000
Subject: [PATCH 1/5] Initial plan


From f98c291b49afaf9738b0d5b4a6c7a748d9edccbd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 13:32:33 +0000
Subject: [PATCH 2/5] Add explicit multi-checkout guidance for
 push_to_pull_request_branch

Co-authored-by: dsyme <7204669+dsyme@users.noreply.github.com>
---
 .../md/safe_outputs_push_to_pr_branch.md      |  5 +++
 pkg/workflow/unified_prompt_step_test.go      | 44 +++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/actions/setup/md/safe_outputs_push_to_pr_branch.md b/actions/setup/md/safe_outputs_push_to_pr_branch.md
index 6960d764128..3236de71cf3 100644
--- a/actions/setup/md/safe_outputs_push_to_pr_branch.md
+++ b/actions/setup/md/safe_outputs_push_to_pr_branch.md
@@ -6,6 +6,11 @@ To push changes to the branch of a pull request:
 2. Add and commit your changes to the local copy of the pull request branch. Be careful to add exactly the files you intend, and verify you haven't deleted or changed any files you didn't intend to.
 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
 
+**Multi-checkout workflows (`checkout:` with multiple repositories):**
+- `push_to_pull_request_branch` operates on the checkout for the target repository (for example `$GITHUB_WORKSPACE/github` when `path: ./github`).
+- Run all `git` commands from that checkout directory before calling the tool (for example `cd <target-checkout-path>`).
+- If needed, check out the PR branch locally from the fetched remote branch first (for example `git checkout <pr-branch>` from `origin/<pr-branch>`), then edit/add/commit, and finally call `push_to_pull_request_branch`.
+
 **Important constraints:**
 - This tool is **append-only**: it adds new commits on top of the existing PR branch. Force-push is NOT supported.
 - Do NOT use `git merge` to bring another branch (e.g., `main`) into the PR branch — merge commits cannot be signed; the action will attempt to squash them into a single linear commit before pushing, but this rewrites history. Use `git rebase` instead (e.g., `git rebase origin/main`) to avoid the rewrite.
diff --git a/pkg/workflow/unified_prompt_step_test.go b/pkg/workflow/unified_prompt_step_test.go
index 519d6260a11..77d4ee64ef2 100644
--- a/pkg/workflow/unified_prompt_step_test.go
+++ b/pkg/workflow/unified_prompt_step_test.go
@@ -523,3 +523,47 @@ func TestCollectPromptSections_CliProxy(t *testing.T) {
 		}
 	})
 }
+
+func TestCollectPromptSections_PRCommentPushToPRBranchGuidance(t *testing.T) {
+	compiler := &Compiler{}
+
+	t.Run("includes guidance when PR comment triggers and push-to-pr-branch is configured", func(t *testing.T) {
+		data := &WorkflowData{
+			On:          "issue_comment",
+			Permissions: "contents: read",
+			SafeOutputs: &SafeOutputsConfig{
+				PushToPullRequestBranch: &PushToPullRequestBranchConfig{},
+			},
+		}
+
+		sections := compiler.collectPromptSections(data)
+
+		var guidanceSection *PromptSection
+		for i := range sections {
+			if sections[i].IsFile && sections[i].Content == prContextPushToPRBranchGuidanceFile {
+				guidanceSection = &sections[i]
+				break
+			}
+		}
+
+		require.NotNil(t, guidanceSection, "Should include push-to-PR-branch guidance for PR comment workflows")
+		assert.NotEmpty(t, guidanceSection.ShellCondition, "Guidance should be conditionally injected for PR-comment events")
+		assert.Contains(t, guidanceSection.ShellCondition, "issue_comment")
+		assert.Equal(t, "${{ github.event.issue.pull_request && 'true' || '' }}", guidanceSection.EnvVars["GH_AW_IS_PR_COMMENT"])
+	})
+
+	t.Run("does not include guidance when push-to-pr-branch is not configured", func(t *testing.T) {
+		data := &WorkflowData{
+			On:          "issue_comment",
+			Permissions: "contents: read",
+			SafeOutputs: &SafeOutputsConfig{},
+		}
+
+		sections := compiler.collectPromptSections(data)
+
+		for _, section := range sections {
+			assert.NotEqual(t, prContextPushToPRBranchGuidanceFile, section.Content,
+				"Should not include push-to-PR-branch guidance unless tool is configured")
+		}
+	})
+}

From 662f9bda1227a21118231fd01a4f16b0db2cff8e Mon Sep 17 00:00:00 2001
From: Don Syme <dsyme@users.noreply.github.com>
Date: Mon, 1 Jun 2026 16:00:43 +0100
Subject: [PATCH 3/5] Update safe_outputs_push_to_pr_branch.md

---
 actions/setup/md/safe_outputs_push_to_pr_branch.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/actions/setup/md/safe_outputs_push_to_pr_branch.md b/actions/setup/md/safe_outputs_push_to_pr_branch.md
index 3236de71cf3..c9a1e5b5a0f 100644
--- a/actions/setup/md/safe_outputs_push_to_pr_branch.md
+++ b/actions/setup/md/safe_outputs_push_to_pr_branch.md
@@ -9,7 +9,6 @@ To push changes to the branch of a pull request:
 **Multi-checkout workflows (`checkout:` with multiple repositories):**
 - `push_to_pull_request_branch` operates on the checkout for the target repository (for example `$GITHUB_WORKSPACE/github` when `path: ./github`).
 - Run all `git` commands from that checkout directory before calling the tool (for example `cd <target-checkout-path>`).
-- If needed, check out the PR branch locally from the fetched remote branch first (for example `git checkout <pr-branch>` from `origin/<pr-branch>`), then edit/add/commit, and finally call `push_to_pull_request_branch`.
 
 **Important constraints:**
 - This tool is **append-only**: it adds new commits on top of the existing PR branch. Force-push is NOT supported.

From efa5914c8ba43ba218906baf07cdce5c23828de7 Mon Sep 17 00:00:00 2001
From: Don Syme <dsyme@users.noreply.github.com>
Date: Mon, 1 Jun 2026 17:13:28 +0100
Subject: [PATCH 4/5] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 actions/setup/md/safe_outputs_push_to_pr_branch.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/setup/md/safe_outputs_push_to_pr_branch.md b/actions/setup/md/safe_outputs_push_to_pr_branch.md
index c9a1e5b5a0f..8622cabdb44 100644
--- a/actions/setup/md/safe_outputs_push_to_pr_branch.md
+++ b/actions/setup/md/safe_outputs_push_to_pr_branch.md
@@ -9,7 +9,7 @@ To push changes to the branch of a pull request:
 **Multi-checkout workflows (`checkout:` with multiple repositories):**
 - `push_to_pull_request_branch` operates on the checkout for the target repository (for example `$GITHUB_WORKSPACE/github` when `path: ./github`).
 - Run all `git` commands from that checkout directory before calling the tool (for example `cd <target-checkout-path>`).
-
+- If needed, check out the PR branch locally from `origin/<pr-branch>` first.
 **Important constraints:**
 - This tool is **append-only**: it adds new commits on top of the existing PR branch. Force-push is NOT supported.
 - Do NOT use `git merge` to bring another branch (e.g., `main`) into the PR branch — merge commits cannot be signed; the action will attempt to squash them into a single linear commit before pushing, but this rewrites history. Use `git rebase` instead (e.g., `git rebase origin/main`) to avoid the rewrite.

From 437ce43f160f7faaddb224ac5c7ccc65ee010251 Mon Sep 17 00:00:00 2001
From: Don Syme <dsyme@github.com>
Date: Mon, 1 Jun 2026 17:18:06 +0100
Subject: [PATCH 5/5] Address code review comments: generic paths, subshell
 guidance, expanded test coverage

- Replace repo-specific path example with generic description
- Replace ambiguous cd instruction with subshell/pushd guidance
- Add pull_request_review_comment trigger test case
- Add SafeOutputs: nil negative test case
---
 .../md/safe_outputs_push_to_pr_branch.md      |  4 +-
 pkg/workflow/unified_prompt_step_test.go      | 39 +++++++++++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/actions/setup/md/safe_outputs_push_to_pr_branch.md b/actions/setup/md/safe_outputs_push_to_pr_branch.md
index 8622cabdb44..b554e29c520 100644
--- a/actions/setup/md/safe_outputs_push_to_pr_branch.md
+++ b/actions/setup/md/safe_outputs_push_to_pr_branch.md
@@ -7,8 +7,8 @@ To push changes to the branch of a pull request:
 3. Push the branch to the repo by using the push_to_pull_request_branch tool from safeoutputs.
 
 **Multi-checkout workflows (`checkout:` with multiple repositories):**
-- `push_to_pull_request_branch` operates on the checkout for the target repository (for example `$GITHUB_WORKSPACE/github` when `path: ./github`).
-- Run all `git` commands from that checkout directory before calling the tool (for example `cd <target-checkout-path>`).
+- `push_to_pull_request_branch` operates on the checkout for the target repository (the directory matching the `path:` value in your workflow's checkout step).
+- Run all `git` commands from that checkout directory before calling the tool. Use a subshell (`(cd <target-checkout-path> && git ...)`) or `pushd`/`popd` to avoid changing the working directory for subsequent commands in the same step.
 - If needed, check out the PR branch locally from `origin/<pr-branch>` first.
 **Important constraints:**
 - This tool is **append-only**: it adds new commits on top of the existing PR branch. Force-push is NOT supported.
diff --git a/pkg/workflow/unified_prompt_step_test.go b/pkg/workflow/unified_prompt_step_test.go
index 77d4ee64ef2..a85c7228cf1 100644
--- a/pkg/workflow/unified_prompt_step_test.go
+++ b/pkg/workflow/unified_prompt_step_test.go
@@ -552,6 +552,30 @@ func TestCollectPromptSections_PRCommentPushToPRBranchGuidance(t *testing.T) {
 		assert.Equal(t, "${{ github.event.issue.pull_request && 'true' || '' }}", guidanceSection.EnvVars["GH_AW_IS_PR_COMMENT"])
 	})
 
+	t.Run("includes guidance when pull_request_review_comment triggers and push-to-pr-branch is configured", func(t *testing.T) {
+		data := &WorkflowData{
+			On:          "pull_request_review_comment",
+			Permissions: "contents: read",
+			SafeOutputs: &SafeOutputsConfig{
+				PushToPullRequestBranch: &PushToPullRequestBranchConfig{},
+			},
+		}
+
+		sections := compiler.collectPromptSections(data)
+
+		var guidanceSection *PromptSection
+		for i := range sections {
+			if sections[i].IsFile && sections[i].Content == prContextPushToPRBranchGuidanceFile {
+				guidanceSection = &sections[i]
+				break
+			}
+		}
+
+		require.NotNil(t, guidanceSection, "Should include push-to-PR-branch guidance for pull_request_review_comment workflows")
+		assert.NotEmpty(t, guidanceSection.ShellCondition, "Guidance should be conditionally injected for PR-comment events")
+		assert.Contains(t, guidanceSection.ShellCondition, "pull_request_review_comment")
+	})
+
 	t.Run("does not include guidance when push-to-pr-branch is not configured", func(t *testing.T) {
 		data := &WorkflowData{
 			On:          "issue_comment",
@@ -566,4 +590,19 @@ func TestCollectPromptSections_PRCommentPushToPRBranchGuidance(t *testing.T) {
 				"Should not include push-to-PR-branch guidance unless tool is configured")
 		}
 	})
+
+	t.Run("does not include guidance when SafeOutputs is nil", func(t *testing.T) {
+		data := &WorkflowData{
+			On:          "issue_comment",
+			Permissions: "contents: read",
+			SafeOutputs: nil,
+		}
+
+		sections := compiler.collectPromptSections(data)
+
+		for _, section := range sections {
+			assert.NotEqual(t, prContextPushToPRBranchGuidanceFile, section.Content,
+				"Should not include push-to-PR-branch guidance when SafeOutputs is nil")
+		}
+	})
 }