Skip to content

Run security-guard only when PR is marked ready for review#12438

Merged
pelikhan merged 6 commits intomainfrom
copilot/update-security-guard-trigger
Jan 29, 2026
Merged

Run security-guard only when PR is marked ready for review#12438
pelikhan merged 6 commits intomainfrom
copilot/update-security-guard-trigger

Conversation

Copy link
Contributor

Copilot AI commented Jan 29, 2026
edited
Loading

The security-guard workflow was running on all PRs including drafts, creating noise before code is ready for review.

Changes

  • Added draft: false filter to pull_request trigger in security-guard.md
  • Set trigger to only ready_for_review event (removed opened, synchronize, reopened)
  • Recompiled workflow with draft filtering conditions applied to job gates

Implementation

on:
  pull_request:
    types: [ready_for_review]
    draft: false

The compiler transforms this into job-level conditions (github.event.pull_request.draft == false) on both pre_activation and activation jobs, following the existing pattern used by other workflows in the repo.

Result

Security reviews now only run when a PR is explicitly marked as ready for review. The workflow will not run on initial PR creation, subsequent pushes, or reopened PRs - only when the author marks the PR ready for review.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

Original prompt

Update security guard to only run when the pull request is ready for review.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan pelikhan mentioned this pull request Jan 29, 2026
Closed
Copilot AI and others added 2 commits January 29, 2026 04:22
@pelikhan
Plan: Update security-guard to only run on ready PRs
56e5812 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Update security-guard to only run on ready PRs
9dcf06a 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
pelikhan
pelikhan reviewed Jan 29, 2026
View reviewed changes
@pelikhan
Use draft: false field instead of if condition for consistency
7fabb5b 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update security guard to run on pull request ready status Skip security-guard on draft PRs Jan 29, 2026
Copilot AI requested a review from pelikhan January 29, 2026 04:29
@pelikhan
Remove opened, synchronize, reopened events per review feedback
2ae39f6 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title Skip security-guard on draft PRs Run security-guard only when PR is marked ready for review Jan 29, 2026
@pelikhan pelikhan marked this pull request as ready for review January 29, 2026 04:42
@pelikhan pelikhan merged commit 882b964 into main Jan 29, 2026
49 checks passed
@pelikhan pelikhan deleted the copilot/update-security-guard-trigger branch January 29, 2026 04:42
@github-actions github-actions bot mentioned this pull request Jan 29, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan