Fix Copilot artifact cleanup failing with HTTP 403

[Copilot]

The "Copilot code review" dynamic workflow's built-in "Cleanup artifacts" job fails with HTTP 403 because it uses the scoped GITHUB_COPILOT_API_TOKEN for gh api calls, which lacks artifact deletion permissions.

Changes

• New workflow .github/workflows/cleanup-copilot-artifacts.yml that supersedes the broken built-in cleanup:
  • Triggers via workflow_run on completion of "Copilot code review" — runs in the base-branch context where GITHUB_TOKEN has full repo permissions
  • Declares permissions: actions: write explicitly so GITHUB_TOKEN can delete artifacts
  • Checks for artifact existence before looping; emits a warning (rather than hard-failing) if an individual delete fails, e.g. when the Copilot job's partial cleanup already removed it

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[BUG] Fix "cleanup copilot artifacts"</issue_title>
<issue_description>e.g., see here:
https://github.com/facebookresearch/balance/actions/runs/22593224319/job/65457058441

Run echo "Deleting artifacts for run ID: 22593224319"
  echo "Deleting artifacts for run ID: 22593224319"
  while read -r artifact_id; do
    gh api \
      --silent \
      -X DELETE \
      -H "Accept: application/vnd.github+json" \
      /repos/facebookresearch/balance/actions/artifacts/"$artifact_id"
  done < artifact_ids.txt
  echo "Artifact cleanup completed"
  shell: /usr/bin/bash -e {0}
  env:
    GITHUB_COPILOT_API_TOKEN: ***
    GH_TOKEN: ***
    GITHUB_TOKEN: ***
    GH_HOST: github.com
Deleting artifacts for run ID: 22593224319
gh: Resource not accessible by integration (HTTP 403)
Error: Process completed with exit code 1.

</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [BUG] Fix "cleanup copilot artifacts" #354

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Adds a repository-owned GitHub Actions workflow to clean up artifacts produced by the “Copilot code review” workflow run, avoiding the existing cleanup failure caused by insufficient permissions (HTTP 403) when using the scoped Copilot token.

Changes:

• Introduces a new workflow_run-triggered cleanup workflow targeting “Copilot code review” completions.
• Grants actions: write so GITHUB_TOKEN can delete artifacts in the base-branch context.
• Implements best-effort deletion behavior (warn on per-artifact delete failures).

[meta-codesync]

@talgalili has imported this pull request. If you are a Meta employee, you can view this in D95045275.

[facebook-github-bot]

@Copilot has updated the pull request. You must reimport the pull request before landing.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

[facebook-github-bot]

@Copilot has updated the pull request. You must reimport the pull request before landing.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

[meta-codesync]

@talgalili merged this pull request in b5f2497.