Skip to content

Commit 33a4c7d

Browse files
Copilotxirzec
andauthored
Updating permissions for agentic workflows (#39071)
## Updating permissions for agentic workflows Adds the `copilot-requests: write` permission to the GitHub Agentic Workflow definitions and recompiles their generated lock files. ### What changed - Added `copilot-requests: write` under `permissions:` in each agentic workflow `.md` source file. - Recompiled every corresponding `.lock.yml` via `gh aw compile` so the generated output matches the source. As a result of recompiling, the workflows now rely on the `copilot-requests: write` permission instead of the `COPILOT_GITHUB_TOKEN` secret, so the lock files drop the `COPILOT_GITHUB_TOKEN` secret reference and its validation step. ### Affected workflows - agent-observability - archie - dash - dexter - docs-consistency-check - fix-test-failures - issue-triage - mgmt-guidance - mgmt-review - scribe - sentinel - tester - upgrade-agentic-workflows ### Checklist - [x] Add `copilot-requests: write` permission to workflow `.md` sources - [x] Recompile `.lock.yml` files from their `.md` counterparts - [x] Add PR description Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: xirzec <639216+xirzec@users.noreply.github.com>
1 parent a5cdd18 commit 33a4c7d

26 files changed

Lines changed: 291 additions & 343 deletions

.github/workflows/agent-observability.lock.yml

Lines changed: 21 additions & 26 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/agent-observability.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ permissions:
2828
actions: read
2929
pull-requests: read
3030
issues: read
31+
copilot-requests: write
3132
# DataOps: collect every metric in a deterministic, authenticated shell
3233
# step (GH_TOKEN → 5000 req/hr, runs outside the agent sandbox). The
3334
# agent never makes API calls; it only reads /tmp/gh-aw/agent/*.json.

0 commit comments

Comments
 (0)