Use GitHub MCP server with dynamic repo context in code-scanning-fixer workflow

[Copilot]

The code-scanning-fixer workflow was instructing the AI to use the GitHub API directly with unspecified owner/repo parameters. Updated to use GitHub MCP server tools with dynamic context variables.

Changes:

• MCP tool calls: Use list_code_scanning_alerts from GitHub MCP server instead of direct API references
• Dynamic parameters: Replace hardcoded placeholders with ${{ github.repository_owner }} for owner and extraction pattern for repo from ${{ github.repository }}
• Severity filtering: Apply severity: high parameter directly in MCP tool call instead of post-filtering results
• Consistency: Apply same parameter pattern across list_code_scanning_alerts, get_code_scanning_alert, and get_file_contents calls

Before:

Use the GitHub API to list all open code scanning alerts:
- Use `list_code_scanning_alerts` with `state: open`
- Filter the results to only include alerts with `severity: high`

After:

Use the GitHub MCP server to list all open code scanning alerts with high severity:
- Use `list_code_scanning_alerts` with the following parameters:
  - `owner`: ${{ github.repository_owner }}
  - `repo`: The repository name (extract from `${{ github.repository }}` - it's the part after the slash)
  - `state`: open
  - `severity`: high

The workflow frontmatter already configures the GitHub MCP server via tools.github.toolsets: [code_security].

Original prompt

On code-scanning-fixer.md, In this list_code_scanning_alerts section of this workflow, you need to provide two required parameters: owner (owner of the repo) and repo (name of the repo). Don't hardcode these if possible.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.