Skip to content

Set lockdown: false on daily-syntax-error-quality workflow#15811

Merged
pelikhan merged 2 commits intomainfrom
copilot/update-agentic-workflow-lockdown
Feb 15, 2026
Merged

Set lockdown: false on daily-syntax-error-quality workflow#15811
pelikhan merged 2 commits intomainfrom
copilot/update-agentic-workflow-lockdown

Conversation

Copy link
Contributor

Copilot AI commented Feb 14, 2026
edited
Loading

The daily-syntax-error-quality workflow was missing an explicit lockdown configuration, causing it to run automatic lockdown detection unnecessarily.

Changes

  • Added lockdown: false to GitHub tools configuration in workflow frontmatter
  • Recompiled workflow lock file, removing automatic lockdown detection step and GITHUB_MCP_LOCKDOWN environment variables

Context

This workflow analyzes compiler error messages by testing syntax errors in internal workflow files. It doesn't process untrusted user input, so lockdown mode (which filters public repository content to trusted contributors only) is not required.

tools:
  github:
    lockdown: false  # Explicitly disable for internal content analysis
    toolsets:
      - default

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh gh run view 22026011440 --json name,workflowName,headBranch (http block)
    • Triggering command: /usr/bin/gh gh pr list --head copilot/update-agentic-workflow-lockdown --json number,title,url (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha --local user.email x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha --local khan <4175913+pelikhan@users.noreply.github.com> x_amd64/vet (http block)
  • https://api.github.com/user
    • Triggering command: /usr/bin/gh gh api user --jq .login (http block)
    • Triggering command: /usr/bin/gh gh api user --jq .login --local user.email x_amd64/compile (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Reference: https://github.com/github/gh-aw/actions/runs/22026011440/job/63642658912#step:12:1

Set lockdown: false on this agentic workflow.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan
Set lockdown: false on daily-syntax-error-quality workflow
d7d6a4f 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update lockdown setting in agentic workflow Set lockdown: false on daily-syntax-error-quality workflow Feb 14, 2026
Copilot AI requested a review from pelikhan February 14, 2026 23:59
@pelikhan pelikhan marked this pull request as ready for review February 15, 2026 00:01
Copilot AI review requested due to automatic review settings February 15, 2026 00:01
@pelikhan pelikhan merged commit 96fe093 into main Feb 15, 2026
2 checks passed
@pelikhan pelikhan deleted the copilot/update-agentic-workflow-lockdown branch February 15, 2026 00:01
Copilot AI reviewed Feb 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR explicitly disables lockdown mode for the daily-syntax-error-quality workflow by adding lockdown: false to the GitHub tools configuration. Lockdown mode filters public repository content to trusted contributors only, which is unnecessary for this workflow since it only analyzes internal workflow files for syntax errors and doesn't process untrusted user input.

Changes:

  • Added lockdown: false configuration to the workflow frontmatter under tools.github
  • Recompiled the workflow lock file, which removed the automatic lockdown detection step and associated environment variables
  • Updated the frontmatter hash to reflect the configuration change

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/daily-syntax-error-quality.md Added lockdown: false under tools.github to explicitly disable lockdown mode
.github/workflows/daily-syntax-error-quality.lock.yml Removed automatic lockdown detection step, GITHUB_MCP_LOCKDOWN environment variable from env section, and GITHUB_LOCKDOWN_MODE from MCP server config; updated frontmatter hash

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions bot mentioned this pull request Feb 15, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan