Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-06-25 17:00:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0eb6062f94f92cd389f8d080500ccf25c33d9cfa
awesome-copilot/.github/workflows/validate-agentic-workflows-pr.yml
T
Aaron Powell 0eb6062f94 chore(phase2): retarget all automation and contributor guidance from staged to main (#2122) 
* chore(phase2): retarget all automation from staged to main

- publish.yml: trigger on main, publish only to marketplace
- check-pr-target.yml: invert — now blocks PRs targeting staged, welcomes main
- 10 PR validation workflows: branches [staged] → [main]
- external-plugin-command-router.yml: --base staged → main (3×), message text
- external-plugin-rereview-command.yml: --base staged → main (2×), message text
- external-plugin-rereview.yml: staged reference in review comment text
- external-plugin-intake.yml: ref: staged checkout → main
- external-plugin-pr-quality-gates.yml: ref: staged checkout → main
- external-plugin-quality-gates.yml: ref: staged checkout → main
- check-plugin-structure.yml: error messages updated for new branch model
- contributors.yml: ref and base target → main
- setup-labels.yml: targets-main label description updated
- cli-for-beginners-sync.md + .lock.yml: base-branch staged → main
- codeowner-update.md + .lock.yml: base-branch staged → main
- learning-hub-updater.md + .lock.yml: base-branch staged → main

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs(phase2): update contributor guidance from staged to main

- CONTRIBUTING.md: branch from main, PR targets main; remove Phase 2 gate note
- AGENTS.md: PR target + external plugin PR automation references
- .github/pull_request_template.md: PR checklist targets main
- website/src/content/docs/learning-hub/agentic-workflows.md: PR target

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* aw updates

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-25 14:36:53 +10:00

130 lines
4.4 KiB
YAML
Raw Blame History

name: Validate Agentic Workflow Contributions
on:
pull_request:
branches: [main]
types: [opened, synchronize, reopened]
paths:
- "workflows/**"
permissions:
contents: read
pull-requests: write
jobs:
check-forbidden-files:
name: Block forbidden files
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
fetch-depth: 0
- name: Check for forbidden files
id: check
run: |
# Check for YAML/lock files in workflows/ and any .github/ modifications
# Allow .github/aw/actions-lock.json which is needed for workflow compilation
forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \
'workflows/**/*.yml' \
'workflows/**/*.yaml' \
'workflows/**/*.lock.yml' \
'.github/*' \
'.github/**' \
| grep -v '^\.github/aw/actions-lock\.json$' \
| grep -v '^\.github/workflows/validate-agentic-workflows-pr\.yml$' \
|| true)
if [ -n "$forbidden" ]; then
echo "❌ Forbidden files detected:"
echo "$forbidden"
echo "files<<EOF" >> "$GITHUB_OUTPUT"
echo "$forbidden" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
exit 1
else
echo "✅ No forbidden files found"
fi
- name: Comment on PR
if: failure()
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
with:
header: workflow-forbidden-files
message: |
## 🚫 Forbidden files in `workflows/`
Only `.md` markdown files are accepted in the `workflows/` directory. The following are **not allowed**:
- Compiled workflow files (`.yml`, `.yaml`, `.lock.yml`) — could contain untrusted Actions code
- `.github/` modifications — workflow contributions must not modify repository configuration
**Files that must be removed:**
```
${{ steps.check.outputs.files }}
```
Contributors provide the workflow **source** (`.md`) only. Compilation happens downstream via `gh aw compile`.
Please remove these files and push again.
compile-workflows:
name: Compile and validate
needs: check-forbidden-files
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Install gh-aw CLI
uses: github/gh-aw/actions/setup-cli@f7437f4f94c2bc86e7e6eca0f374e303e98bd66c # v0.61.1
- name: Compile workflow files
id: compile
run: |
exit_code=0
found=0
# Find all .md files directly in workflows/
for workflow_file in workflows/*.md; do
[ -f "$workflow_file" ] || continue
found=$((found + 1))
echo "::group::Compiling $workflow_file"
if gh aw compile --validate "$workflow_file"; then
echo "✅ $workflow_file compiled successfully"
else
echo "❌ $workflow_file failed to compile"
exit_code=1
fi
echo "::endgroup::"
done
if [ "$found" -eq 0 ]; then
echo "No workflow .md files found to validate."
else
echo "Validated $found workflow file(s)."
fi
echo "status=$( [ $exit_code -eq 0 ] && echo success || echo failure )" >> "$GITHUB_OUTPUT"
exit $exit_code
- name: Comment on PR if compilation failed
if: failure()
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
with:
header: workflow-validation
message: |
## ❌ Agentic Workflow compilation failed
One or more workflow files in `workflows/` failed to compile with `gh aw compile --validate`.
Please fix the errors and push again. You can test locally with:
```bash
gh extension install github/gh-aw
gh aw compile --validate <your-workflow-file>.md
```
See the [Agentic Workflows documentation](https://github.github.com/gh-aw) for help.
Reference in New Issue View Git Blame Copy Permalink