fix: switch weekly review from Claude to Copilot coding agent

Copilot · stanfish06 · web-flow · commit 727d02efda88 · 2026-05-04T15:26:42.000Z
Agent-Logs-Url: https://github.com/stanfish06/my-configs/sessions/57f2440a-02a2-4e22-a476-f59ba86a5cf0 Co-authored-by: stanfish06 <93099613+stanfish06@users.noreply.github.com>
diff --git a/.github/workflows/weekly-repo-review.yml b/.github/workflows/weekly-repo-review.yml
@@ -10,31 +10,29 @@ jobs:
   weekly-review:
     runs-on: ubuntu-latest
     permissions:
-      contents: write
-      pull-requests: write
+      contents: read
       issues: write
-      id-token: write
-      actions: read
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
+      - name: Create review issue for Copilot
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          WEEK=$(date -u '+%Y-W%V')
+          gh issue create \
+            --repo stanfish06/my-configs \
+            --title "Weekly repo review – ${WEEK}" \
+            --assignee "copilot" \
+            --body "$(cat <<'EOF'
+@copilot Review commits and PRs merged or opened in the last 7 days and open issues in stanfish06/my-configs. For each change, check for:
 
-      - name: Run weekly repo review
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          prompt: |
-            Review commits and PRs merged or opened in the last 7 days and open issues in stanfish06/my-configs. For each change, check for:
+1. Information leaks — secrets, API keys, tokens, personal emails/paths, private hostnames, or anything that shouldn't be public.
+2. Compatibility breaks — config syntax that may be obsolete, deprecated flags, broken references between files, or changes that could break dotfile/script consumers.
+3. Improvement opportunities — new features, config options, or fixes worth adopting based on upstream tool updates.
 
-            1. Information leaks — secrets, API keys, tokens, personal emails/paths, private hostnames, or anything that shouldn't be public.
-            2. Compatibility breaks — config syntax that may be obsolete, deprecated flags, broken references between files, or changes that could break dotfile/script consumers.
-            3. Improvement opportunities — new features, config options, or fixes worth adopting based on upstream tool updates.
+For each finding, open a GitHub issue (try to send a PR with the fix if low-risk and you are confident about the patch). Never commit directly to master — always open a PR. Group related findings into a single issue/PR when sensible. If nothing actionable is found, do nothing.
 
-            For each finding, open a GitHub issue (try to send a PR with the fix if low-risk and you are confident about the patch). Never commit directly to master — always open a PR. Group related findings into a single issue/PR when sensible. If nothing actionable is found, do nothing.
-
-            Files to ignore:
-            1. .emacs (all emacs configs in the repo can be ignored as they are actively maintained)
-          claude_args: '--allowed-tools Bash(gh *)'
+Files to ignore:
+1. .emacs (all emacs configs in the repo can be ignored as they are actively maintained)
+EOF
+)"
