Add agentic workflow issue-triage#5409
Add agentic workflow issue-triage#5409andyleejordan merged 1 commit intomainPowerShell/vscode-powershell:mainfrom add-workflow-issue-triage-8205PowerShell/vscode-powershell:add-workflow-issue-triage-8205Copy head branch name to clipboard
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a GitHub agentic workflow to automatically triage newly opened/reopened issues using the gh-aw compiled workflow plus a Markdown prompt source.
Changes:
- Added an agentic issue-triage prompt definition (
.md) and its compiled workflow lockfile (.lock.yml). - Marked generated lock workflows as linguist-generated (and configured a merge driver) via
.gitattributes.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| .github/workflows/issue-triage.md | Defines the issue triage agent instructions and frontmatter configuration. |
| .github/workflows/issue-triage.lock.yml | Adds the compiled GitHub Actions workflow that runs the agent, safe-outputs handler, and threat detection. |
| .gitattributes | Marks *.lock.yml as generated and configures merge behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - Use the `update_issue` tool to apply the labels to the issue | ||
| - DO NOT communicate directly with users | ||
| - If no labels are clearly applicable, do not apply any labels |
There was a problem hiding this comment.
Step 7 instructs using the update_issue tool to apply labels, but this workflow’s allowed write tools are the safe-outputs tools (notably add_labels). With the GitHub MCP server running in read-only mode, an update_issue call will fail and labels won’t get applied. Update the instructions to use add_labels (and ensure the label application step aligns with the safe-outputs tool names).
| - Use the `update_issue` tool to apply the labels to the issue | |
| - DO NOT communicate directly with users | |
| - If no labels are clearly applicable, do not apply any labels | |
| - Use the `add-labels` safe output to specify which labels should be applied to the issue; do not call write-capable GitHub tools such as `update_issue` in this workflow | |
| - DO NOT communicate directly with users | |
| - If no labels are clearly applicable, leave the `add-labels` safe output empty so that no labels are applied |
| discussions: write | ||
| issues: write | ||
| pull-requests: write | ||
| outputs: | ||
| activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} | ||
| matched_command: '' | ||
| steps: |
There was a problem hiding this comment.
This workflow requests discussions: write and pull-requests: write in pre_activation, even though it only triggers on issues and the steps shown here only need to add a reaction / check membership. To follow least-privilege (and match other workflows in this repo), drop unnecessary permissions and keep only what’s required (likely issues: write for the reaction + whatever minimal read is needed for membership checks).
| discussions: write | |
| issues: write | |
| pull-requests: write | |
| outputs: | |
| activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} | |
| matched_command: '' | |
| steps: | |
| issues: write | |
| members: read | |
| outputs: | |
| activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} | |
| matched_command: '' | |
| steps: | |
| steps: |
| discussions: write | ||
| issues: write | ||
| pull-requests: write |
There was a problem hiding this comment.
safe_outputs requests discussions: write and pull-requests: write, but the safe output tools configured for this workflow are add_comment and add_labels on issues. Consider configuring safe-outputs to disable discussions support (the generated tools metadata indicates safe-outputs.add-comment.discussions: false is supported) and reduce job permissions to only what’s required (typically issues: write).
| discussions: write | |
| issues: write | |
| pull-requests: write | |
| issues: write |
| # Set svg to binary type, as SVG is unlikely to be editted by hand. Can be treated as checked in blob | ||
| *.svg binary | ||
|
|
||
| .github/workflows/*.lock.yml linguist-generated=true merge=ours No newline at end of file |
There was a problem hiding this comment.
Setting merge=ours for .github/workflows/*.lock.yml will cause future PR updates to compiled workflow lock files to be discarded when merging into the default branch (the target branch becomes "ours"). For generated workflow lock files this can leave the repo running an out-of-date workflow. Consider removing merge=ours and keeping only linguist-generated=true (or adopt a regeneration step on main if you want to avoid merge conflicts).
| .github/workflows/*.lock.yml linguist-generated=true merge=ours | |
| .github/workflows/*.lock.yml linguist-generated=true |
| # If in a public repo, setting `lockdown: false` allows | ||
| # reading issues, pull requests and comments from 3rd-parties | ||
| # If in a private repo this has no particular effect. | ||
| lockdown: false |
There was a problem hiding this comment.
Trailing whitespace after lockdown: false can create noisy diffs and fails some linters. Please remove the extra spaces.
| lockdown: false | |
| lockdown: false |
| sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.20.2 --skip-pull --enable-api-proxy \ | ||
| -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --allow-all-paths --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"}' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log |
There was a problem hiding this comment.
The agent execution is configured with awf --env-all and the Copilot CLI flags --allow-all-tools --allow-all-paths. Since this workflow can post a public issue comment via safe outputs, prompt injection could potentially lead to data exfiltration if the agent can read environment variables (including tokens) or arbitrary files/paths. Consider tightening the configuration to an explicit allowlist of tools/paths and avoid passing all env vars into the sandbox unless required (principle of least privilege).
| sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.20.2 --skip-pull --enable-api-proxy \ | |
| -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --allow-all-paths --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"}' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log | |
| sudo -E awf --container-workdir "${GITHUB_WORKSPACE}" --allow-domains "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.20.2 --skip-pull --enable-api-proxy \ | |
| -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"}' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log |
The workflows added in #5409 were broken and never customized. They couldn't see spam from non-collaborators (wrong `roles`/`min-integrity`), couldn't close issues (missing `close-issue` safe-output), and failed auth (under-scoped `COPILOT_GITHUB_TOKEN`). Fixed and expanded into three workflows: - `issue-triage.md`: Incoming issue triage on open/reopen. Closes spam and duplicates as "not planned", requests author feedback when reproduction is missing, or labels real issues with `Needs: Triage` plus area/platform/type labels and a maintainer hand-off note (includes reproducibility assessment and Copilot-fix suitability). - `issue-comment-handler.md`: Smart comment processor on `issue_comment`. When users confirm a fix is resolved, thanks them and closes the issue (less manual work for maintainers). When users respond to `Needs: Author Feedback` with substance, moves back to `Needs: Triage`. Politely educates on non-actionable bumps. Auto-labels based on keywords (Area-*, OS-*, Bug-*). Summarizes threads over 10 comments. Flags duplicate mentions. - `stale-closer.md`: Weekly intelligent backlog cleanup. Closes up to 10 issues/week using AI judgment (no reproduction after 90+ days, duplicates of closed issues, external blockers declined upstream, features out of scope). Skips anything with maintainer activity in last 6 months. Conservative: when in doubt, keeps open. Deleted `close-stale-issues.yml` (Issue Housekeeping) — it used `actions/stale` with time-based rules that didn't work well. Replaced by `stale-closer.md` using judgment. Switched all three to `permissions: copilot-requests: write` instead of PAT for centralized org billing and no secret management. Upgraded gh-aw from v0.49.5 to v0.79.8. Deleted auto-generated `agentics-maintenance.yml` (none of our workflows use `expires` so we don't need it). Expected workflow: new issues get triaged/closed within minutes, users confirming fixes auto-close their issues, and maintainers filter to `Needs: Triage` to see only real, actionable, pre-labeled issues. Drafted by Copilot (Claude Opus 4.8). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add agentic workflow issue-triage