f6b499a9d4
## Summary This PR sets up GitHub Agentic Workflows (GH-AW) and installs shared PR review workflows in `pulumi/pulumi-docker-build`. ### Commands Executed - `gh-aw version` → `v0.56.2` (used as entrypoint) - `gh-aw init` → ran (`.github/aw/` was not present) - `gh-aw add pulumi-labs/gh-aw-internal/.github/workflows/gh-aw-pr-review.md@main --name docker-build-pr-review --force` - `gh-aw add pulumi-labs/gh-aw-internal/.github/workflows/gh-aw-pr-rereview.md@main --name docker-build-pr-rereview --force` - `gh-aw compile` - `gh-aw validate` ### Configuration | Property | Value | |---|---| | AW entrypoint | `gh-aw` (v0.56.2) | | Target base branch | `main` | | `prefix_stem` | `docker-build` | | `gh-aw init` | Ran (was not previously initialized) | ### Changed Files - `.gitattributes` — added `merge=ours` strategy for `.github/workflows/*.lock.yml` - `.github/agents/agentic-workflows.agent.md` — created by `gh-aw init` - `.github/workflows/copilot-setup-steps.yml` — generated dependency workflow - `.github/workflows/docker-build-pr-review.md` — shared PR review workflow source - `.github/workflows/docker-build-pr-review.lock.yml` — compiled lock file - `.github/workflows/docker-build-pr-rereview.md` — shared PR re-review workflow source - `.github/workflows/docker-build-pr-rereview.lock.yml` — compiled lock file - `.github/workflows/shared/review.md` — imported shared workflow - `.github/workflows/shared/plugins/code-review/code-review.md` — imported shared plugin ### Validation Output **compile:** ```` ⚠ Compiled 2 workflow(s): 0 error(s), 2 warning(s) ``` **validate:** ``` ⚠ Compiled 2 workflow(s): 0 error(s), 2 warning(s) ``` ### Validation Warnings Both workflows produced the same non-blocking warning: ``` warning: This workflow grants id-token: write permission OIDC tokens can authenticate to cloud providers (AWS, Azure, GCP). Ensure proper audience validation and trust policies are configured. ```` These warnings are expected for the shared review workflows which use OIDC for cloud authentication and are non-blocking. --- Rollout triggered by [provider-ops#41](https://github.com/pulumi/provider-ops/issues/41). > Generated by [Generic Rollout Worker](https://github.com/pulumi/provider-ops/actions/runs/23014445857) · [◷](https://github.com/search?q=repo%3Apulumi%2Fpulumi-docker-build+%22gh-aw-workflow-id%3A+gh-aw-workflow-rollout-worker%22&type=pullrequests) <!-- gh-aw-agentic-workflow: Generic Rollout Worker, engine: claude, id: 23014445857, workflow_id: gh-aw-workflow-rollout-worker, run: https://github.com/pulumi/provider-ops/actions/runs/23014445857 --> <!-- gh-aw-workflow-id: gh-aw-workflow-rollout-worker --> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
27 lines
729 B
YAML
27 lines
729 B
YAML
name: "Copilot Setup Steps"
|
|
|
|
# This workflow configures the environment for GitHub Copilot Agent with gh-aw MCP server
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
paths:
|
|
- .github/workflows/copilot-setup-steps.yml
|
|
|
|
jobs:
|
|
# The job MUST be called 'copilot-setup-steps' to be recognized by GitHub Copilot Agent
|
|
copilot-setup-steps:
|
|
runs-on: ubuntu-latest
|
|
|
|
# Set minimal permissions for setup steps
|
|
# Copilot Agent receives its own token with appropriate permissions
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
- name: Install gh-aw extension
|
|
uses: github/gh-aw/actions/setup-cli@v0.56.2
|
|
with:
|
|
version: v0.56.2
|