mirror of
https://github.com/github/awesome-copilot.git
synced 2026-06-25 17:00:20 +00:00
Aaron Powell
0eb6062f94
* chore(phase2): retarget all automation from staged to main - publish.yml: trigger on main, publish only to marketplace - check-pr-target.yml: invert — now blocks PRs targeting staged, welcomes main - 10 PR validation workflows: branches [staged] → [main] - external-plugin-command-router.yml: --base staged → main (3×), message text - external-plugin-rereview-command.yml: --base staged → main (2×), message text - external-plugin-rereview.yml: staged reference in review comment text - external-plugin-intake.yml: ref: staged checkout → main - external-plugin-pr-quality-gates.yml: ref: staged checkout → main - external-plugin-quality-gates.yml: ref: staged checkout → main - check-plugin-structure.yml: error messages updated for new branch model - contributors.yml: ref and base target → main - setup-labels.yml: targets-main label description updated - cli-for-beginners-sync.md + .lock.yml: base-branch staged → main - codeowner-update.md + .lock.yml: base-branch staged → main - learning-hub-updater.md + .lock.yml: base-branch staged → main Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(phase2): update contributor guidance from staged to main - CONTRIBUTING.md: branch from main, PR targets main; remove Phase 2 gate note - AGENTS.md: PR target + external plugin PR automation references - .github/pull_request_template.md: PR checklist targets main - website/src/content/docs/learning-hub/agentic-workflows.md: PR target Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * aw updates --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
77 lines
2.2 KiB
YAML
77 lines
2.2 KiB
YAML
name: PR Risk Scan — Gate
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [main]
|
|
types: [opened, synchronize, reopened]
|
|
paths:
|
|
- "skills/**"
|
|
- "agents/**"
|
|
- "workflows/**"
|
|
- "plugins/**"
|
|
- "hooks/**"
|
|
- "instructions/**"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Collect changed files
|
|
run: |
|
|
git diff --name-only --diff-filter=ACMR "origin/${{ github.base_ref }}...HEAD" > changed-files.txt
|
|
echo "Changed files:"
|
|
cat changed-files.txt || true
|
|
|
|
- name: Run PR risk scanner
|
|
run: |
|
|
mkdir -p pr-risk-results
|
|
set +e
|
|
node ./eng/pr-risk-scan.mjs \
|
|
--files changed-files.txt \
|
|
--output-json pr-risk-results/results.json \
|
|
--output-md pr-risk-results/report.md
|
|
scan_exit_code=$?
|
|
set -e
|
|
|
|
if [ $scan_exit_code -ne 0 ]; then
|
|
cat > pr-risk-results/results.json <<EOF
|
|
{
|
|
"generated_at": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
|
|
"scanner_status": "error",
|
|
"finding_count": 0,
|
|
"severity_counts": { "high": 0, "medium": 0, "info": 0 },
|
|
"findings": [],
|
|
"error": "Scanner failed. See workflow logs."
|
|
}
|
|
EOF
|
|
cat > pr-risk-results/report.md <<'EOF'
|
|
<!-- pr-risk-scan-results -->
|
|
## 🔒 PR Risk Scan Results
|
|
|
|
Scanner execution failed for this run, so findings could not be generated.
|
|
|
|
> This is a soft-gate report. Please inspect the workflow logs for diagnostics.
|
|
EOF
|
|
fi
|
|
echo "$scan_exit_code" > pr-risk-results/scan-exit-code.txt
|
|
|
|
- name: Save metadata
|
|
run: |
|
|
echo "${{ github.event.pull_request.number }}" > pr-risk-results/pr-number.txt
|
|
|
|
- name: Upload scan artifact
|
|
if: always()
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
|
|
with:
|
|
name: pr-risk-scan-results
|
|
path: pr-risk-results/
|
|
retention-days: 1
|