Agentic workflow to backport image bumps#10298
Conversation
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
|
How do I even review this? Its a giant wall of autogenerated text that says DO NOT EDIT. I guess we're supposed to just assume that none of the weird heredocs, shell execs, or huge base64-encoded blobs are sending secrets out to our AI overlords? |
|
make copilot review it 😅 the lock file is the result of running |
There was a problem hiding this comment.
Pull request overview
Adds an Agentic Workflows-based automation to backport simple “version/image bump” PRs merged into master onto a set of release branches by dispatching a Copilot-driven backport workflow.
Changes:
- Introduces a dispatcher workflow that triggers on merged PRs to
masterand dispatches backport runs for multiple release branches. - Adds the agent prompt/spec (
.md) describing how to detect version bumps and how to construct a safe backport PR. - Adds the compiled/locked Agentic Workflows GitHub Actions workflow (
*.lock.yml) that runs the agent with Safe Outputs constraints.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
.github/workflows/version-bump-dispatch.yml |
New dispatcher workflow that fans out workflow_dispatch calls for selected release branches. |
.github/workflows/version-bump-backport.md |
Agent instructions/spec for determining whether a PR is a version bump and creating a single backport PR. |
.github/workflows/version-bump-backport.lock.yml |
Compiled gh-aw workflow implementation of the backport agent (execution + detection + safe outputs). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if: github.event.pull_request.merged == true | ||
| runs-on: ubuntu-slim | ||
| strategy: | ||
| matrix: | ||
| branch: [release-1.33, release-1.34, release-1.35] | ||
| fail-fast: false |
There was a problem hiding this comment.
This workflow will dispatch backport attempts for every PR merged into master (3 runs per merge based on the matrix), even when the PR is not a version bump (the agent will later noop, but the Actions workload is still incurred). If the intent is to only backport image/version bumps, consider adding an early filter here (e.g., require an updateCLI label / updatecli[bot] author) to avoid unnecessary dispatches.
There was a problem hiding this comment.
@copilot apply changes based on this feedback
This avoids the fork permission issue where GITHUB_TOKEN is read-only for PRs from forks, which would cause the workflow dispatch to fail. Instead, we trigger on push to master (which happens on merge) and resolve the PR number from the merge commit.
|
OMG! That's a lot of lines.... how do you identify or "simple image bump PRs"? |
|
It basically just looks for any PR from updatecli/dependabot, or PRs that only touch files like |
|
So I tested on my fork, https://github.com/cwayne18/rke2/pulls is the result of having merged |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
New github actions to make copilot do backports for simple image bump PRs, triggers whenever a PR gets merged to master