Skip to content

ci: add Copilot auto-review on new PRs #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
imran-siddique merged 2 commits into from
Mar 7, 2026
Merged

ci: add Copilot auto-review on new PRs #70

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4e16d7e
ci: add Copilot auto-review on new PRs
imran-siddique Mar 7, 2026
f7d6730
fix: use REST API to request Copilot review
imran-siddique Mar 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/copilot-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Copilot Auto-Review

on:
pull_request:
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the pull_request event means this job will run with a read-only GITHUB_TOKEN for PRs opened from forks, so the reviewer request will fail for external contributors. If the intent is “every new PR”, consider switching to pull_request_target (no checkout in this workflow, so the usual security concern is minimal) or add an explicit guard to only run for same-repo PRs (e.g., compare head.repo.full_name to github.repository) and document that limitation.

Suggested change
pull_request:
pull_request_target:

Copilot uses AI. Check for mistakes.
types: [opened, ready_for_review]

permissions:
pull-requests: write

jobs:
copilot-review:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- name: Request Copilot Review
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \
-f "reviewers[]=copilot"
Comment on lines +19 to +24
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This gh api call will exit non-zero if the reviewer is already requested (GitHub returns a 422 validation error), which can make the workflow flaky if the PR is toggled draft/ready multiple times or the reviewer is added manually. Consider making the step idempotent (check existing requested reviewers first) or handle the “already requested” response without failing the job.

Suggested change
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \
-f "reviewers[]=copilot"
PR_NUMBER=${{ github.event.pull_request.number }}
REPO=${{ github.repository }}
# Check if "copilot" is already a requested reviewer for this PR.
if ! gh pr view "$PR_NUMBER" --repo "$REPO" --json reviewRequests --jq '.reviewRequests[].login' 2>/dev/null | grep -qx "copilot"; then
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/$REPO/pulls/$PR_NUMBER/requested_reviewers" \
-f "reviewers[]=copilot"
fi

Copilot uses AI. Check for mistakes.
Loading