Harden integration data updater#796
Conversation
There was a problem hiding this comment.
Pull request overview
This PR hardens the integration-data updater automation and improves NuGet icon resolution for Aspire integrations, adding unit coverage and GitHub Agentic Workflows/Copilot setup scaffolding.
Changes:
- Update
update-integrationsto prefer package-specific NuGet icon URLs (with warnings instead of hard failures) and make it more testable. - Add unit tests for icon URL resolution and default-icon reporting; wire them into the structured-data test script.
- Harden the
update-integration-dataworkflow instructions/lockfile and add Copilot/MCP setup/config files.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/frontend/tests/unit/update-integrations.vitest.test.ts | Adds unit coverage for icon URL resolution and default-icon detection. |
| src/frontend/scripts/update-integrations.ts | Improves icon resolution behavior, exposes helpers for testing, and adds warnings for default-icon fallbacks. |
| src/frontend/package.json | Runs the new icon-handling unit test as part of structured-data unit tests. |
| .github/workflows/update-integration-data.md | Updates workflow agent instructions (allowed files, PR superseding, icon warning handling). |
| .github/workflows/update-integration-data.lock.yml | Compiled workflow updates for gh-aw version/tooling changes and safe-outputs constraints. |
| .github/workflows/copilot-setup-steps.yml | Adds a Copilot setup workflow for gh-aw MCP server usage. |
| .github/skills/doc-writer/SKILL.md | Updates component examples to use packageName. |
| .github/mcp.json | Adds MCP server configuration for gh aw mcp-server. |
| .github/aw/actions-lock.json | Updates gh-aw actions lock entries for newer action versions. |
| .github/agents/agentic-workflows.agent.md | Adds a dispatcher agent definition for gh-aw workflows. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v6 |
There was a problem hiding this comment.
actions/checkout is referenced by the mutable tag v6. This repo pins third-party actions by full commit SHA (with a version comment) to avoid supply-chain risk and ensure reproducible builds. Please pin actions/checkout to the same SHA used elsewhere in the repo (and add the version comment).
| uses: actions/checkout@v6 | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.2.2 |
| uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 | ||
| with: | ||
| app-id: ${{ secrets.ASPIRE_BOT_APP_ID }} | ||
| client-id: ${{ secrets.ASPIRE_BOT_APP_ID }} |
There was a problem hiding this comment.
The actions/create-github-app-token step uses the input name client-id. In other workflows in this repo this action is configured with app-id, and ASPIRE_BOT_APP_ID suggests it holds the numeric App ID. If client-id is not a valid input for this action version, the workflow will fail to mint the token; please verify the expected input name for v3.1.1 and align the field/secret naming accordingly.
| client-id: ${{ secrets.ASPIRE_BOT_APP_ID }} | |
| app-id: ${{ secrets.ASPIRE_BOT_APP_ID }} |
| needs.activation.outputs.stale_lock_file_failed == 'true') | ||
| runs-on: ubuntu-slim | ||
| permissions: | ||
| contents: write |
There was a problem hiding this comment.
The conclusion job no longer requests issues: write, but this workflow still appears to be configured to create issues in some paths (e.g., no-op/missing tool reporting). If issue creation is still intended, this job needs issues: write (and the App token needs the matching permission). Otherwise, disable the issue-reporting paths so the workflow doesn’t fail with 403s.
| contents: write | |
| contents: write | |
| issues: write |
| GH_AW_WORKFLOW_NAME: "Integration Data Updater" | ||
| GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | ||
| GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} | ||
| GH_AW_NOOP_REPORT_AS_ISSUE: 'true' | ||
| GH_AW_NOOP_REPORT_AS_ISSUE: "true" | ||
| with: |
There was a problem hiding this comment.
GH_AW_NOOP_REPORT_AS_ISSUE is set to "true", which implies the no-op handler will try to open an issue. With the current reduced permissions/App token permissions, this is likely to fail at runtime. Either grant the required issues permission(s) or set this to false if no-op should not create issues.
IEvangelist
force-pushed
the
dapine/gh-aw-integrations-daily-update
branch
from
802ddb0 to
44ab882
Compare
Improve the integration data workflow so it handles existing generated PRs via safe outputs and narrows generated file changes. Harden NuGet icon resolution to prefer package-specific Aspire icons while reporting fallback icon cases without failing the updater. Add gh-aw agent setup files and fix doc-writer package component examples. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
IEvangelist
force-pushed
the
dapine/gh-aw-integrations-daily-update
branch
from
44ab882 to
7d2bbe8
Compare
alistairmatthews
left a comment
alistairmatthews
left a comment
There was a problem hiding this comment.
Looks good. Ready to merge.
Summary
update-integration-dataso generated PRs are limited to expected data/sample files and supersede prior workflow-created PRs through safe outputs.packageName.Validation
gh aw compile update-integration-datapnpm --dir .\src\frontend run test:unit:structured-data