chore: add simple dependabot burner workflow#14833
Conversation
There was a problem hiding this comment.
Pull request overview
This PR significantly simplifies the dependabot-burner workflow by removing project management capabilities and most configuration, while also completely removing the dependabot-project-manager workflow. It updates action pins to add v0.42.17 and v0.43.1 entries for github/gh-aw/actions/setup, and updates agent configuration references from "main" to "v0.42.17".
Changes:
- Removes dependabot-project-manager workflow entirely (.md and .lock.yml files)
- Drastically simplifies dependabot-burner workflow, removing projects integration, status updates, and most safe-output tools
- Adds new action pin entries for github/gh-aw/actions/setup versions v0.42.17 and v0.43.1
- Updates agent configuration to reference v0.42.17 instead of main branch
- Introduces pre_activation job with team membership check
- Changes from explicit tool allowlist to --allow-all-tools flag
- Reduces network domains and GitHub MCP toolsets
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/dependabot-project-manager.md | Complete removal of complex project manager workflow |
| .github/workflows/dependabot-project-manager.lock.yml | Complete removal of compiled workflow |
| .github/workflows/dependabot-burner.md | Simplified to minimal configuration with only create-issue safe-output |
| .github/workflows/dependabot-burner.lock.yml | Compiled workflow with reduced capabilities, removed project tools, added membership gating |
| pkg/workflow/data/action_pins.json | Added v0.42.17 and v0.43.1 pins for github/gh-aw/actions/setup |
| .github/aw/actions-lock.json | Added v0.42.17 and v0.43.1 entries mirroring action_pins.json |
| .github/agents/agentic-workflows.agent.md | Updated documentation references from main to v0.42.17 |
Comments suppressed due to low confidence (2)
.github/workflows/dependabot-burner.lock.yml:164
- The network configuration has been changed from allowing "defaults" and "github" to only "defaults". In the agentic workflows system, network configurations control what external services the workflow can access. The "github" preset likely includes GitHub-related domains and services. Removing it while keeping only "defaults" may restrict access to necessary GitHub resources. Verify whether this aligns with the simplified workflow's requirements.
allowed_domains: ["defaults"],
.github/workflows/dependabot-burner.md:8
- The GitHub toolsets configuration is missing. The original workflow specified "toolsets: [default, dependabot, projects]" but the new version only has "github:" without any toolsets specified. This is inconsistent with the workflow's purpose and will likely result in the agent not having access to the necessary GitHub API functionality. The toolsets should be explicitly configured to match the workflow's needs.
tools:
github:
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@copilot revert |
Uh oh!
There was an error while loading. Please reload this page.