Skip to content

Update agentic workflows and dependencies#1666

Merged
aaronpowell merged 1 commit into
stagedfrom
aw-update
May 11, 2026
Merged

Update agentic workflows and dependencies#1666
aaronpowell merged 1 commit into
stagedfrom
aw-update

Conversation

@aaronpowell
Copy link
Copy Markdown
Contributor

@aaronpowell aaronpowell commented May 11, 2026

Enhance agentic workflows by updating dependencies to their latest versions and adjusting the workflow instructions to specify the use of the staged branch for all related work. This ensures better compatibility and clarity in the workflow processes.

Copilot AI review requested due to automatic review settings May 11, 2026 01:01
@github-actions github-actions Bot added the workflow PR touches workflow automation label May 11, 2026
Copilot AI reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s agentic workflow infrastructure by upgrading pinned gh-aw/AWF/MCP dependencies and refreshing generated workflow lock files, while clarifying that related automation should base PRs on the staged branch.

Changes:

  • Regenerates multiple .lock.yml workflows with gh-aw v0.71.5 (updated actions SHAs, pinned container digests, updated runtime/bootstrap steps).
  • Updates shared action pinning in .github/aw/actions-lock.json and bumps the gh-aw CLI setup action version used by the Copilot setup workflow.
  • Updates the “CLI for Beginners Content Sync” workflow instructions/config to use staged as the PR base branch.
Show a summary per file
File Description
.github/workflows/resource-staleness-report.lock.yml Regenerated lock workflow with updated gh-aw/AWF/MCP versions and refreshed execution/bootstrap steps.
.github/workflows/pr-duplicate-check.lock.yml Regenerated lock workflow with updated gh-aw/AWF/MCP versions and refreshed execution/bootstrap steps.
.github/workflows/learning-hub-updater.lock.yml Regenerated lock workflow with updated gh-aw/AWF/MCP versions and updated safe-outputs constraints.
.github/workflows/duplicate-resource-detector.lock.yml Regenerated lock workflow with updated gh-aw/AWF/MCP versions and refreshed execution/bootstrap steps.
.github/workflows/copilot-setup-steps.yml Bumps gh-aw CLI setup action/version used for Copilot agent environment setup.
.github/workflows/cli-for-beginners-sync.md Sets base-branch: staged and updates instructions to avoid branching from main.
.github/aw/actions-lock.json Updates pinned action entries (e.g., github-script v9.0.0, upload-artifact v7.0.1, gh-aw setup v0.71.5).
.github/agents/agentic-workflows.agent.md Updates gh-aw documentation links and adds CLI command reference routing guidance.

Copilot's findings

Comments suppressed due to low confidence (4)

.github/workflows/resource-staleness-report.lock.yml:396

  • This step pins actions/github-script to SHA 3a2844… but the inline version comment says # v9 while other steps (and the actions lock) refer to v9.0.0. Align the comment/version annotation to a single canonical value to avoid ambiguity during audits.
      - name: Determine automatic lockdown mode for GitHub MCP Server
        id: determine-automatic-lockdown
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9

.github/workflows/pr-duplicate-check.lock.yml:412

  • This step pins actions/github-script to SHA 3a2844… but the inline version comment says # v9 while other steps (and the actions lock) refer to v9.0.0. Align the comment/version annotation to a single canonical value to avoid ambiguity during audits.
      - name: Determine automatic lockdown mode for GitHub MCP Server
        id: determine-automatic-lockdown
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9

.github/workflows/learning-hub-updater.lock.yml:400

  • This step pins actions/github-script to SHA 3a2844… but the inline version comment says # v9 while other steps (and the actions lock) refer to v9.0.0. Align the comment/version annotation to a single canonical value to avoid ambiguity during audits.
      - name: Determine automatic lockdown mode for GitHub MCP Server
        id: determine-automatic-lockdown
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9

.github/workflows/duplicate-resource-detector.lock.yml:397

  • This step pins actions/github-script to SHA 3a2844… but the inline version comment says # v9 while other steps (and the actions lock) refer to v9.0.0. Align the comment/version annotation to a single canonical value to avoid ambiguity during audits.
      - name: Determine automatic lockdown mode for GitHub MCP Server
        id: determine-automatic-lockdown
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
  • Files reviewed: 10/10 changed files
  • Comments generated: 5

Comment thread .github/workflows/resource-staleness-report.lock.yml
# - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
# - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
Comment thread .github/workflows/pr-duplicate-check.lock.yml
# - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
# - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
Comment thread .github/workflows/learning-hub-updater.lock.yml
# - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
# - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
Comment thread .github/workflows/duplicate-resource-detector.lock.yml
# - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
# - actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
Comment thread .github/workflows/copilot-setup-steps.yml
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install gh-aw extension
uses: github/gh-aw/actions/setup-cli@32b3a711a9ee97d38e3989c90af0385aff0066a7 # v0.57.2
uses: github/gh-aw-actions/setup-cli@b8068426813005612b960b5ab0b8bd2c27142323 # v0.71.5
@aaronpowell aaronpowell merged commit 0d9792b into staged May 11, 2026
15 checks passed
@aaronpowell aaronpowell deleted the aw-update branch May 11, 2026 01:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

workflow PR touches workflow automation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aaronpowell