Skip to content

fix: compile issue-triage agentic workflow so it runs on new issues#211

Merged
EMaher merged 4 commits into
mainfrom
emaher-laughing-pancake
Jul 2, 2026
Merged

fix: compile issue-triage agentic workflow so it runs on new issues#211
EMaher merged 4 commits into
mainfrom
emaher-laughing-pancake

Conversation

@EMaher

@EMaher EMaher commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Newly opened issues (e.g. #210) were not being triaged — no advisory labels, no recommendation comment. Root cause: issue-triage.md was never compiled into an executable issue-triage.lock.yml, so GitHub Actions never registered or ran the workflow.

gh-aw (GitHub Agentic Workflows) sources are .md files that must be compiled into .lock.yml files; GitHub Actions only runs the .lock.yml. doc-freshness had both files, but issue-triage had only the .md source, so no "Issue Triage" workflow existed in the Actions registry at all.

What this delivers

  • Add frontmatter to issue-triage.md: permissions.copilot-requests: write, Node 22 runtime pin, and a timeout — matching the working doc-freshness workflow. This makes it use GitHub Actions token-based inference (COPILOT_GITHUB_TOKEN: ${{ github.token }}) instead of requiring a COPILOT_GITHUB_TOKEN PAT secret, which this repo does not have configured. Without this, the as-generated workflow would have failed at a mandatory secret-validation step.
  • Recompile all gh-aw workflows with the latest gh-aw (v0.81.6):
    • New issue-triage.lock.yml — the executable workflow (the actual fix)
    • Recompiled doc-freshness.lock.yml — toolchain version bumps only (firewall images 0.27.70.27.11, Copilot CLI 1.0.631.0.65, awf/mcpg bumps); no change to its triage/logic
    • New auto-generated agentics-maintenance.yml — emitted by v0.81.6 for repos using expiring safe-outputs (scheduled cleanup; can be disabled via .github/workflows/aw.json {"maintenance": false})
    • Bump github/gh-aw-actions/setup pin to v0.81.6 in .github/aw/actions-lock.json

Verification

  • Confirmed issue-triage was absent from the Actions workflow registry, while doc-freshness.lock.yml was registered and active.
  • Confirmed the recompiled issue-triage.lock.yml no longer requires a PAT (uses github.token) and pins Node 22 — matching doc-freshness.
  • Confirmed all allowed labels (type:documentation, type:question, effort:*, duplicate, etc.) exist in the repo.
  • gh aw compile → 2 workflow(s): 0 errors, 0 warnings. Lock files stored as LF per .gitattributes.

Files

  • .github/workflows/issue-triage.md (modified — frontmatter)
  • .github/workflows/issue-triage.lock.yml (new)
  • .github/workflows/doc-freshness.lock.yml (recompiled)
  • .github/workflows/agentics-maintenance.yml (new, generated)
  • .github/aw/actions-lock.json (setup action pin bump)

Notes

  • Requires org centralized Copilot billing for token-based inference (same prerequisite as the already-deployed doc-freshness).
  • Once merged to main, the workflow triggers on issues: [opened]. It won't retroactively triage Latest changes #210, which was opened before the fix.
  • After merge, a code review against .squad/identity/constitution.md is the standard ceremony; these are .github/ workflow files (no src//tests/ changes).

EMaher and others added 2 commits July 1, 2026 13:10
The issue-triage.md gh-aw source was never compiled into an
issue-triage.lock.yml, so GitHub Actions never registered or ran it.
Newly opened issues received no triage labels or recommendation comment.

- Add frontmatter to issue-triage.md (permissions: copilot-requests:
  write, Node 22 runtime pin, timeout) matching doc-freshness, so the
  workflow uses GitHub Actions token-based inference instead of a
  COPILOT_GITHUB_TOKEN PAT (which the repo does not have configured).
- Recompile all gh-aw workflows with the latest gh-aw (v0.81.6):
  - Add issue-triage.lock.yml (the executable workflow)
  - Recompile doc-freshness.lock.yml (toolchain version bumps only)
  - Add auto-generated agentics-maintenance.yml
  - Bump github/gh-aw-actions/setup pin to v0.81.6 in actions-lock.json

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Node 24 is the current Active LTS; Node 22 is now Maintenance LTS. The
repo has no native dependencies and package.json engines already allows
>=22, so moving the runtime up is low risk. Verified locally on Node
24.13.1: npm ci, lint, and all 1066 tests pass.

- ci.yml: run the PR test job as a matrix over Node ['22', '24'] so the
  engines floor (22) stays covered while adding Active LTS (24). The
  gated, cost-protected integration-* and squad-release workflows are
  intentionally left on a single Node version (not matrixed) to avoid
  doubling approvals/cost.
- issue-triage.md / doc-freshness.md: remove the runtimes.node "22" pin
  so the agent jobs run on gh-aw's default Node 24, matching CI. Both
  lock files recompiled accordingly.

engines is intentionally left at >=22.0.0 (no change to consumer support).

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@EMaher

EMaher commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

@copilot - update the integration workflows (not CI) to use node version 24

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@copilot - update the integration workflows (not CI) to use node version 24

Done. Updated node-version from '22' to '24' in both integration-test.yml and integration-redact-secrets.yml in commit fix: update integration workflows to use Node 24.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes GitHub Agentic Workflow registration for issue triage by adding the missing compiled workflow (.lock.yml) and updating gh-aw-generated artifacts/pins so the workflow can actually run on newly opened issues.

Changes:

  • Adds missing executable workflow: compiles .github/workflows/issue-triage.md into .github/workflows/issue-triage.lock.yml.
  • Recompiles existing gh-aw workflow lock output and introduces the generated agentics-maintenance.yml.
  • Updates Node versions used in CI/integration workflows and bumps .github/aw/actions-lock.json to gh-aw v0.81.6.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
.github/workflows/issue-triage.md Adds frontmatter (permissions/timeout) for gh-aw issue triage source workflow.
.github/workflows/issue-triage.lock.yml New compiled gh-aw workflow that GitHub Actions can execute on issues: opened.
.github/workflows/doc-freshness.md Updates doc-freshness source (removes Node runtime pin block).
.github/workflows/doc-freshness.lock.yml Recompiled output with updated gh-aw/tooling versions and runtime details.
.github/workflows/agentics-maintenance.yml New generated maintenance workflow for gh-aw safe-outputs cleanup/ops.
.github/aw/actions-lock.json Updates gh-aw action pins to v0.81.6 (adds setup-cli entry).
.github/workflows/ci.yml Runs tests on a Node version matrix (22 and 24).
.github/workflows/integration-test.yml Updates Node version used during integration roundtrip job to 24.
.github/workflows/integration-redact-secrets.yml Updates Node version used during redaction integration job to 24.

Comment thread .github/workflows/issue-triage.md
Comment thread .github/workflows/doc-freshness.md
Comment thread .github/workflows/issue-triage.lock.yml
petehauge
petehauge previously approved these changes Jul 2, 2026
Integrate latest main, which renamed the integration workflows and added
new gh-aw issue workflows. Conflicts resolved:

- integration-test.yml -> test-round-trip.yml (rename/modify): kept the
  rename and applied this branch's Node 24 change to the renamed file.
- integration-redact-secrets.yml -> test-redact-secrets.yml
  (rename/modify): same — Node 24 applied to the renamed file.
- ci.yml (modify/modify): kept both main's workflow_call trigger and
  this branch's Node [22, 24] test matrix.
- .github/aw/actions-lock.json (modify/modify): regenerated by
  recompiling all gh-aw workflows with gh-aw v0.81.6, producing a single
  consistent pin set (setup@v0.81.6, setup-cli@v0.81.6, github-script@v8).

Recompiled all four gh-aw workflows (doc-freshness, issue-triage,
issue-assign, issue-clarify) so every workflow and the shared
actions-lock.json target gh-aw v0.81.6. This also corrects a latent skew
on main where issue-assign/issue-clarify were compiled with v0.81.6 but
still pinned the setup action at v0.80.9.

Verified on Node 24.13.1: npm run lint and all 1066 tests pass; gh aw
compile reports 0 errors / 0 warnings.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.

Comment thread .github/workflows/issue-triage.md
Comment thread .github/workflows/issue-triage.md
Comment thread .github/workflows/doc-freshness.md
Comment thread .github/workflows/ci.yml
@EMaher EMaher requested a review from petehauge July 2, 2026 02:29
@EMaher EMaher merged commit 926f2f1 into main Jul 2, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants