ci: add Copilot auto-review on new PRs#70
Conversation
Automatically requests GitHub Copilot as a reviewer when PRs are opened or marked ready for review. Skips draft PRs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
The gh CLI --add-reviewer flag treats 'copilot' as a regular user. Use the REST API /requested_reviewers endpoint instead, which properly handles the Copilot reviewer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow to automatically request a Copilot review when pull requests are opened or marked ready for review (skipping drafts).
Changes:
- Introduces
.github/workflows/copilot-review.ymlto request a reviewer viagh apionpull_requestevents. - Skips running the job for draft PRs via a job-level
ifcondition.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| name: Copilot Auto-Review | ||
|
|
||
| on: | ||
| pull_request: |
There was a problem hiding this comment.
Using the pull_request event means this job will run with a read-only GITHUB_TOKEN for PRs opened from forks, so the reviewer request will fail for external contributors. If the intent is “every new PR”, consider switching to pull_request_target (no checkout in this workflow, so the usual security concern is minimal) or add an explicit guard to only run for same-repo PRs (e.g., compare head.repo.full_name to github.repository) and document that limitation.
| pull_request: | |
| pull_request_target: |
| gh api \ | ||
| --method POST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "X-GitHub-Api-Version: 2022-11-28" \ | ||
| /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \ | ||
| -f "reviewers[]=copilot" |
There was a problem hiding this comment.
This gh api call will exit non-zero if the reviewer is already requested (GitHub returns a 422 validation error), which can make the workflow flaky if the PR is toggled draft/ready multiple times or the reviewer is added manually. Consider making the step idempotent (check existing requested reviewers first) or handle the “already requested” response without failing the job.
| gh api \ | |
| --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \ | |
| -f "reviewers[]=copilot" | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| REPO=${{ github.repository }} | |
| # Check if "copilot" is already a requested reviewer for this PR. | |
| if ! gh pr view "$PR_NUMBER" --repo "$REPO" --json reviewRequests --jq '.reviewRequests[].login' 2>/dev/null | grep -qx "copilot"; then | |
| gh api \ | |
| --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "/repos/$REPO/pulls/$PR_NUMBER/requested_reviewers" \ | |
| -f "reviewers[]=copilot" | |
| fi |
Adds a GitHub Actions workflow that automatically requests Copilot as a reviewer when PRs are opened or marked ready for review. Draft PRs are skipped.
Once merged, every new PR will get an automatic Copilot code review.