Skip to content

Update security-alert-burndown campaign to use project 134#11335

Merged
mnkiefer merged 4 commits intomainfrom
copilot/burn-down-security-alerts-fe6a43a0-8400-4f6b-9b86-dc6ef67fda25
Jan 22, 2026
Merged

Update security-alert-burndown campaign to use project 134#11335
mnkiefer merged 4 commits intomainfrom
copilot/burn-down-security-alerts-fe6a43a0-8400-4f6b-9b86-dc6ef67fda25

Conversation

Copy link
Contributor

Copilot AI commented Jan 22, 2026
edited
Loading

Updated the Security Alert Burndown campaign to reference the new GitHub project 134 instead of the old project 130.

Changes

  • Campaign spec: Updated project-url field in .github/workflows/security-alert-burndown.campaign.md
  • Lock file: Recompiled campaign to propagate project URL changes throughout .github/workflows/security-alert-burndown.campaign.lock.yml (10 references updated)
- project-url: https://github.com/orgs/githubnext/projects/130
+ project-url: https://github.com/orgs/githubnext/projects/134

The campaign orchestrator and worker workflows (code-scanning-fixer, security-fix-pr) will now interact with the correct project board when executed.

Original prompt

This section details on the original issue you should resolve

<issue_title>Campaign: Security Alert Burndown</issue_title>
<issue_description>Write a campaign that burns down the code security alerts backlog. Focus on file write issues first, cluster alerts if possible (up to 3), and add comments generated code for fixes. Use Claude for codegen, copilot for campaign manager.

Campaign setup status

Status: Ready for PR review

What just happened

  • Created Project: https://github.com/orgs/githubnext/projects/134 (temporary ID - will be resolved to actual URL after compilation)
  • Created standard fields: status, campaign_id, worker_workflow, repository, priority, size, start_date, end_date
  • Created views: Campaign Roadmap (roadmap), Task Tracker (table), Progress Board (board)
  • Campaign spec already exists: .github/workflows/security-alert-burndown.campaign.md
  • Selected workflows: code-scanning-fixer, security-fix-pr

What happens next

  1. Copilot Coding Agent will compile the campaign and open a pull request.
  2. You review the PR and merge it.
  3. After merge, the orchestrator workflow can be run from the Actions tab to begin the campaign.

Copilot Coding Agent handoff

Campaign ID: security-alert-burndown
Project Temporary ID: https://github.com/orgs/githubnext/projects/134
Workflows: code-scanning-fixer, security-fix-pr

Tasks for Copilot Coding Agent

Run the following commands to compile the campaign:

gh aw compile

The campaign spec already exists at .github/workflows/security-alert-burndown.campaign.md. The compilation will generate:

  • .github/workflows/security-alert-burndown.campaign.g.md (generated orchestrator workflow)
  • .github/workflows/security-alert-burndown.campaign.lock.yml (compiled lock file)

After compilation, update the project-url field in .github/workflows/security-alert-burndown.campaign.md from the old project 130 to the new project URL (resolve the temporary ID https://github.com/orgs/githubnext/projects/134 to the actual GitHub project URL).

Commit and include in the PR:

  • .github/workflows/security-alert-burndown.campaign.md (with updated project URL)
  • .github/workflows/security-alert-burndown.campaign.g.md (generated)
  • .github/workflows/security-alert-burndown.campaign.lock.yml (compiled)

Acceptance checklist

  • gh aw compile succeeds without errors
  • Orchestrator lock file updated with correct project URL
  • Campaign spec updated with new project URL
  • PR opened and linked back to this issue (Campaign: Security Alert Burndown #11308)

Documentation

  • Getting started: (redacted)
  • Flow & lifecycle: (redacted)
  • Campaign specs: (redacted)

Campaign Summary

This campaign burns down code security alerts with the following approach:

Focus Areas:

  • File write security issues (highest priority)
  • Clustering up to 3 related alerts for efficient fixes
  • Claude-powered code generation with detailed security comments
  • PR-based review process for all fixes

Worker Workflows:

  1. code-scanning-fixer (every 30 minutes): Creates PRs for high severity alerts
  2. security-fix-pr (every 4 hours): Submits autofixes via GitHub Code Scanning API

Risk Level: High (requires 2 approvals + sponsor)

Success Metrics:

  • Critical alerts: 5 → 0
  • High-severity alerts: 15 → <5
  • Timeline: 5+ weeks (phased approach)

Ahoy! This treasure was crafted by 🏴‍☠️ Agentic Campaign Generator</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@mnkiefer
Update campaign project URL from 130 to 134
9792d69 
Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
@mnkiefer mnkiefer marked this pull request as ready for review January 22, 2026 15:43
Copilot AI changed the title [WIP] Create campaign to address security alert backlog Update security-alert-burndown campaign to use project 134 Jan 22, 2026
Copilot AI requested a review from mnkiefer January 22, 2026 15:44
@mnkiefer mnkiefer merged commit a887c1c into main Jan 22, 2026
49 checks passed
@mnkiefer mnkiefer deleted the copilot/burn-down-security-alerts-fe6a43a0-8400-4f6b-9b86-dc6ef67fda25 branch January 22, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mnkiefer mnkiefer Awaiting requested review from mnkiefer

Assignees

@mnkiefer mnkiefer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Campaign: Security Alert Burndown

2 participants

@mnkiefer