Enable built-in issue intent safe outputs on issue-triage#1880
Conversation
Recompile issue-triage.lock.yml with gh-aw v0.82.1 to wire
GH_AW_RUNTIME_FEATURES=${{ vars.GH_AW_RUNTIME_FEATURES }}, enabling native
issue intents (rationale/confidence) for the workflow's add-labels safe
output. No behavior change: the trigger, permissions, prompt, and safe
outputs are unchanged, and the source .md is untouched.
The actions-lock.json pin bump (github/gh-aw-actions/setup v0.82.1) is
required by the recompiled lock.
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
|
cc @friggeri for review. Requesting you as reviewer via the API failed (we lack write access on this repo, so reviewer assignment on a fork PR is blocked), so flagging you here directly. This is a minimal issue-intents onboarding change. See the |
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s agentic workflow lock material for the Issue Triage Agent, primarily by recompiling .github/workflows/issue-triage.lock.yml with a newer gh-aw version and updating the corresponding action pin entry in .github/aw/actions-lock.json.
Changes:
- Recompiled
issue-triage.lock.ymlusinggh-awv0.82.1 (new metadata, container images, and additional generated steps/outputs). - Updated
.github/aw/actions-lock.jsonto include thegithub/gh-aw-actions/setupv0.82.1 pin.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/issue-triage.lock.yml | Recompiled workflow lock with updated gh-aw runtime wiring and generated job/step structure. |
| .github/aw/actions-lock.json | Updates pinned github/gh-aw-actions/setup version used by agentic workflows. |
Review details
- Files reviewed: 2/2 changed files
- Comments generated: 5
- Review effort level: Low
| env: | ||
| GH_AW_MAX_DAILY_AI_CREDITS: ${{ vars.GH_AW_DEFAULT_MAX_DAILY_AI_CREDITS || '5000' }} | ||
| GH_AW_RUNTIME_FEATURES: ${{ vars.GH_AW_RUNTIME_FEATURES }} |
| env: | ||
| GH_AW_WORKFLOW_NAME: "Issue Triage Agent" | ||
| GH_AW_WORKFLOW_ID: "issue-triage" | ||
| GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | ||
| GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }} | ||
| GH_AW_HAS_SLASH_COMMAND: "false" | ||
| GH_AW_HAS_LABEL_COMMAND: "false" | ||
| GH_AW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GH_AW_MAX_DAILY_AI_CREDITS: ${{ vars.GH_AW_DEFAULT_MAX_DAILY_AI_CREDITS || '5000' }} |
| GH_AW_TOOL_CACHE_MOUNT="" | ||
| GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:-/opt/hostedtoolcache}" | ||
| GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:?RUNNER_TOOL_CACHE must be set}" | ||
| if [ -d "$GH_AW_TOOL_CACHE" ]; then | ||
| if [[ "$GH_AW_TOOL_CACHE" != /opt/* ]]; then | ||
| GH_AW_TOOL_CACHE_MOUNT="$GH_AW_TOOL_CACHE:$GH_AW_TOOL_CACHE:ro" |
| -- /bin/bash -c 'set +o histexpand; export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && GH_AW_TOOL_CACHE="${RUNNER_TOOL_CACHE:-/opt/hostedtoolcache}"; export PATH="$(find "$GH_AW_TOOL_CACHE" /opt/hostedtoolcache /home/runner/work/_tool -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log | ||
| # shellcheck disable=SC1003,SC2016,SC2086 | ||
| awf --config "${RUNNER_TEMP}/gh-aw/awf-config.json" --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" ${GH_AW_TOOL_CACHE_MOUNT:+--mount "$GH_AW_TOOL_CACHE_MOUNT"} ${GH_AW_DOCKER_HOST:+--docker-host "$GH_AW_DOCKER_HOST"} ${GH_AW_DOCKER_HOST_PATH_PREFIX_ARGS} --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --skip-pull \ | ||
| -- /bin/bash -c 'set +o histexpand; export PATH="${RUNNER_TEMP}/gh-aw/mcp-cli/bin:$PATH" && : "${RUNNER_TOOL_CACHE:?RUNNER_TOOL_CACHE must be set}"; GH_AW_TOOL_CACHE="$RUNNER_TOOL_CACHE"; export PATH="$(find "$GH_AW_TOOL_CACHE" -maxdepth 5 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && GH_AW_NODE_EXEC="${GH_AW_NODE_BIN:-}"; if [ -z "$GH_AW_NODE_EXEC" ] || [ ! -x "$GH_AW_NODE_EXEC" ]; then GH_AW_NODE_EXEC="$(command -v node 2>/dev/null || true)"; fi; if [ -z "$GH_AW_NODE_EXEC" ]; then echo "node runtime missing on this runner — check runtimes.node in workflow YAML" >&2; exit 127; fi; GH_AW_NPM_GLOBAL_ROOT="$(npm root -g 2>/dev/null || true)"; if [ -n "$GH_AW_NPM_GLOBAL_ROOT" ]; then export NODE_PATH="${GH_AW_NPM_GLOBAL_ROOT}${NODE_PATH:+:${NODE_PATH}}"; fi; "$GH_AW_NODE_EXEC" ${RUNNER_TEMP}/gh-aw/actions/copilot_harness.cjs /usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --no-ask-user --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt-file /tmp/gh-aw/aw-prompts/prompt.txt' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log |
| "github/gh-aw-actions/setup@v0.82.1": { | ||
| "repo": "github/gh-aw-actions/setup", | ||
| "version": "v0.77.5", | ||
| "sha": "3ea13c02d765410340d533515cb31a7eef2baaf0" | ||
| "version": "v0.82.1", | ||
| "sha": "dadd6a0a0f4d1087fbd3e115776f28471388d6db" | ||
| }, |
What & why
This enables issue intents on the
issue-triageworkflow. Issue intents let the triage agent attach its reasoning to each action it takes (labels, issue type, issue fields, with state and assignees support coming soon) and surface a confidence level, so maintainers can see why a change was made and approve or reject low-confidence suggestions instead of having them applied silently. A key goal is also to minimise the noise of agent-generated comments since rationale and confidence travel with the action itself rather than as separate comments on the issue. Learn more: Review and approve Copilot agent actions on issues.Changes
This change is minimal, with no behavior change. The workflow already uses the native
add-labelssafe output (the valid intents target), so onboarding is just a gh-aw upgrade + lock recompile.issue-triage.lock.ymlwith gh-aw v0.82.1 (wiresGH_AW_RUNTIME_FEATURES).github/gh-aw-actions/setuppin in.github/aw/actions-lock.jsonto v0.82.1.issue-triage.mdis untouched (native safe outputs, no custom rationale/confidence jobs to remove).This upgrade is inert until a repo admin sets the repository variable:
We opened this via a fork PR because we lack push/admin on this repo, so we cannot set the variable ourselves. Until it is set, the recompiled lock behaves exactly as before (no intents).
Closes github/plan-track-agentic-toolkit#516.