Skip to content

Use GitHub MCP server with dynamic repo context in code-scanning-fixer workflow#10164

Merged
pelikhan merged 3 commits intomainfrom
copilot/update-list-code-scanning-alerts
Jan 16, 2026
Merged

Use GitHub MCP server with dynamic repo context in code-scanning-fixer workflow#10164
pelikhan merged 3 commits intomainfrom
copilot/update-list-code-scanning-alerts

Conversation

Copy link
Contributor

Copilot AI commented Jan 16, 2026
edited
Loading

The code-scanning-fixer workflow was instructing the AI to use the GitHub API directly with unspecified owner/repo parameters. Updated to use GitHub MCP server tools with dynamic context variables.

Changes:

  • MCP tool calls: Use list_code_scanning_alerts from GitHub MCP server instead of direct API references
  • Dynamic parameters: Replace hardcoded placeholders with ${{ github.repository_owner }} for owner and extraction pattern for repo from ${{ github.repository }}
  • Severity filtering: Apply severity: high parameter directly in MCP tool call instead of post-filtering results
  • Consistency: Apply same parameter pattern across list_code_scanning_alerts, get_code_scanning_alert, and get_file_contents calls

Before:

Use the GitHub API to list all open code scanning alerts:
- Use `list_code_scanning_alerts` with `state: open`
- Filter the results to only include alerts with `severity: high`

After:

Use the GitHub MCP server to list all open code scanning alerts with high severity:
- Use `list_code_scanning_alerts` with the following parameters:
  - `owner`: ${{ github.repository_owner }}
  - `repo`: The repository name (extract from `${{ github.repository }}` - it's the part after the slash)
  - `state`: open
  - `severity`: high

The workflow frontmatter already configures the GitHub MCP server via tools.github.toolsets: [code_security].

Original prompt

On code-scanning-fixer.md, In this list_code_scanning_alerts section of this workflow, you need to provide two required parameters: owner (owner of the repo) and repo (name of the repo). Don't hardcode these if possible.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@eaftan
Update code-scanning-fixer to use GitHub MCP and dynamic repo parameters
bcc21e2 
- Use GitHub MCP server's list_code_scanning_alerts with severity parameter
- Replace hardcoded owner/repo with dynamic context variables
- Use ${{ github.repository_owner }} for owner
- Extract repo name from ${{ github.repository }}
- Apply high severity filtering via MCP tool parameter instead of post-filtering

Co-authored-by: eaftan <4733401+eaftan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update list_code_scanning_alerts parameters for owner and repo Use GitHub MCP server with dynamic repo context in code-scanning-fixer workflow Jan 16, 2026
Copilot AI requested a review from eaftan January 16, 2026 00:36
@eaftan eaftan marked this pull request as ready for review January 16, 2026 00:38
@pelikhan pelikhan merged commit e21c069 into main Jan 16, 2026
@pelikhan pelikhan deleted the copilot/update-list-code-scanning-alerts branch January 16, 2026 00:42
@github-actions github-actions bot mentioned this pull request Jan 16, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan pelikhan approved these changes

+1 more reviewer

@eaftan eaftan eaftan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@eaftan eaftan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan @eaftan