Enable built-in issue intent safe outputs on issue-triage#1880
Conversation
Recompile issue-triage.lock.yml with gh-aw v0.82.1 to wire
GH_AW_RUNTIME_FEATURES=${{ vars.GH_AW_RUNTIME_FEATURES }}, enabling native
issue intents (rationale/confidence) for the workflow's add-labels safe
output. No behavior change: the trigger, permissions, prompt, and safe
outputs are unchanged, and the source .md is untouched.
The actions-lock.json pin bump (github/gh-aw-actions/setup v0.82.1) is
required by the recompiled lock.
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
|
cc @friggeri for review. Requesting you as reviewer via the API failed (we lack write access on this repo, so reviewer assignment on a fork PR is blocked), so flagging you here directly. This is a minimal issue-intents onboarding change. See the |
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s agentic workflow lock material for the Issue Triage Agent, primarily by recompiling .github/workflows/issue-triage.lock.yml with a newer gh-aw version and updating the corresponding action pin entry in .github/aw/actions-lock.json.
Changes:
- Recompiled
issue-triage.lock.ymlusinggh-awv0.82.1 (new metadata, container images, and additional generated steps/outputs). - Updated
.github/aw/actions-lock.jsonto include thegithub/gh-aw-actions/setupv0.82.1 pin.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/issue-triage.lock.yml | Recompiled workflow lock with updated gh-aw runtime wiring and generated job/step structure. |
| .github/aw/actions-lock.json | Updates pinned github/gh-aw-actions/setup version used by agentic workflows. |
Review details
- Files reviewed: 2/2 changed files
- Comments generated: 5
- Review effort level: Low
| env: | ||
| GH_AW_MAX_DAILY_AI_CREDITS: ${{ vars.GH_AW_DEFAULT_MAX_DAILY_AI_CREDITS || '5000' }} | ||
| GH_AW_RUNTIME_FEATURES: ${{ vars.GH_AW_RUNTIME_FEATURES }} |
| env: | ||
| GH_AW_WORKFLOW_NAME: "Issue Triage Agent" | ||
| GH_AW_WORKFLOW_ID: "issue-triage" | ||
| GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | ||
| GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }} | ||
| GH_AW_HAS_SLASH_COMMAND: "false" | ||
| GH_AW_HAS_LABEL_COMMAND: "false" | ||
| GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GH_AW_MAX_DAILY_AI_CREDITS: ${{ vars.GH_AW_DEFAULT_MAX_DAILY_AI_CREDITS || '5000' }} |
| GH_AW_TOOL_CACHE_MOUNT="" | ||
| GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:-/opt/hostedtoolcache}" | ||
| GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:?RUNNER_TOOL_CACHE must be set}" | ||
| if [ -d "$GH_AW_TOOL_CACHE" ]; then | ||
| if [[ "$GH_AW_TOOL_CACHE" != /opt/* ]]; then | ||
| GH_AW_TOOL_CACHE_MOUNT="$GH_AW_TOOL_CACHE:$GH_AW_TOOL_CACHE:ro" |
| -- /bin/bash -c 'set +o histexpand; export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:-/opt/hostedtoolcache}"; export PATH="$(find "$GH_AW_TOOL_CACHE" /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log | ||
| # shellcheck disable=SC1003,SC2016,SC2086 | ||
| awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" ${GH_AW_TOOL_CACHE_MOUNT:+--mount "$GH_AW_TOOL_CACHE_MOUNT"} ${GH_AW_DOCKER_HOST:+--docker-host "$GH_AW_DOCKER_HOST"} ${GH_AW_DOCKER_HOST_PATH_PREFIX_ARGS} --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --skip-pull \ | ||
| -- /bin/bash -c 'set +o histexpand; export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && : "${RUNNER_TOOL_CACHE:?RUNNER_TOOL_CACHE must be set}"; GH_AW_TOOL_CACHE="$RUNNER_TOOL_CACHE"; export PATH="$(find "$GH_AW_TOOL_CACHE" -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; GH_AW_NPM_GLOBAL_ROOT="$(npm root -g 2>/dev/null || true)"; if [ -n "$GH_AW_NPM_GLOBAL_ROOT" ]; then export NODE_PATH="${GH_AW_NPM_GLOBAL_ROOT}${NODE_PATH:+:${NODE_PATH}}"; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log |
| "github/gh-aw-actions/setup@v0.82.1": { | ||
| "repo": "github/gh-aw-actions/setup", | ||
| "version": "v0.77.5", | ||
| "sha": "3ea13c02d765410340d533515cb31a7eef2baaf0" | ||
| "version": "v0.82.1", | ||
| "sha": "dadd6a0a0f4d1087fbd3e115776f28471388d6db" | ||
| }, |
The verify-compiled workflow pinned gh-aw v0.77.5 while issue-triage.lock.yml was compiled with v0.82.1, so CI recompiled at v0.77.5 and the byte diff failed the check. Bump the pin to v0.82.1 to match, and recompile all lock files at v0.82.1 so they are consistent with the pinned compiler. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
What & why
This enables issue intents on the
issue-triageworkflow. Issue intents let the triage agent attach its reasoning to each action it takes (labels, issue type, issue fields, with state and assignees support coming soon) and surface a confidence level, so maintainers can see why a change was made and approve or reject low-confidence suggestions instead of having them applied silently. A key goal is also to minimise the noise of agent-generated comments since rationale and confidence travel with the action itself rather than as separate comments on the issue. Learn more: Review and approve Copilot agent actions on issues.Changes
This change is minimal, with no behavior change. The workflow already uses the native
add-labelssafe output (the valid intents target), so onboarding is just a gh-aw upgrade + lock recompile.issue-triage.lock.ymlwith gh-aw v0.82.1 (wiresGH_AW_RUNTIME_FEATURES).github/gh-aw-actions/setuppin in.github/aw/actions-lock.jsonto v0.82.1.issue-triage.mdis untouched (native safe outputs, no custom rationale/confidence jobs to remove).This upgrade is inert until a repo admin sets the repository variable:
We opened this via a fork PR because we lack push/admin on this repo, so we cannot set the variable ourselves. Until it is set, the recompiled lock behaves exactly as before (no intents).
Closes github/plan-track-agentic-toolkit#516.