fix: harden external plugin intake and fork-safe scheduled workflows#1897
Open
Sertxito wants to merge 6 commits into
Open
fix: harden external plugin intake and fork-safe scheduled workflows#1897Sertxito wants to merge 6 commits into
Sertxito wants to merge 6 commits into
Conversation
- learning-hub-updater.md: Fix path from website/learning-hub to website/src/content/docs/learning-hub, wrap URLs in <>, remove trailing colons from section headings - resource-staleness-report.md: Remove non-existent prompts/ directory, add workflows/ and plugins/, update guidelines and examples - duplicate-resource-detector.md: Add missing plugins/ directory and reading instructions, update frontmatter description - pr-duplicate-check.md: Add hooks and plugins to all directory lists, update frontmatter description and noop messages, expand template examples All workflows now consistently scan: agents/, instructions/, skills/, hooks/, workflows/, and plugins/
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR limits several GitHub Actions workflows to run only in the upstream github/awesome-copilot repository, expands resource-scanning workflows/docs to include hooks/workflows/plugins, and improves external plugin intake detection and report publication behavior.
Changes:
- Add repository-level guards (
if: github.repository == 'github/awesome-copilot') to prevent workflows from running in forks. - Improve skill quality report publishing by detecting whether discussions/issues are enabled and choosing an appropriate publishing path.
- Update workflow instruction markdown to include hooks/workflows/plugins, and broaden external plugin intake triggers/title detection.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/traffic-reporting.yml | Restricts traffic reporting job to the upstream repo only. |
| .github/workflows/skill-quality-report.yml | Adds upstream-only guard; detects discussions/issues capabilities and gates discussion/issue publication accordingly. |
| .github/workflows/resource-staleness-report.md | Updates staleness scan instructions to include workflows/plugins (and remove prompts). |
| .github/workflows/resource-staleness-report.lock.yml | Restricts activation job to the upstream repo only. |
| .github/workflows/pr-duplicate-check.md | Updates duplicate-check instructions to include hooks/plugins and related messaging. |
| .github/workflows/learning-hub-updater.md | Updates learning hub paths and link formatting for the updater instructions. |
| .github/workflows/learning-hub-updater.lock.yml | Restricts activation job to the upstream repo only. |
| .github/workflows/external-plugin-rerun-intake-command.yml | Broadens external plugin issue detection to include title prefixes. |
| .github/workflows/external-plugin-intake.yml | Triggers on labeling and expands gating conditions to include title prefixes. |
| .github/workflows/duplicate-resource-detector.md | Expands weekly duplicate scan instructions to include hooks/workflows/plugins. |
| .github/workflows/duplicate-resource-detector.lock.yml | Restricts activation job to the upstream repo only. |
| .github/workflows/cli-for-beginners-sync.lock.yml | Restricts activation job to the upstream repo only. |
… variable - Replace 6 hardcoded 'github/awesome-copilot' strings with vars.UPSTREAM_REPOSITORY - Reduces maintenance churn and improves consistency - Affects: traffic-reporting.yml, skill-quality-report.yml, and 4 agentic workflows (.lock.yml) - Variable to be set in repository settings by maintainer
- Add if: github.repository == vars.UPSTREAM_REPOSITORY to agent jobs - Fixes workflow failures in fork environment - Affects: learning-hub-updater.lock.yml, cli-for-beginners-sync.lock.yml, duplicate-resource-detector.lock.yml, resource-staleness-report.lock.yml - Ensures agentic workflow agent jobs only run in upstream repository
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary\nThis PR includes two workflow reliability fixes:\n\n1. External plugin intake robustness\n- Prevents false skipped intake runs when submissions are missing label/marker but use expected issue title patterns.\n- Adds issues.labeled trigger and title-based fallback detection for intake and rerun commands.\n\n2. Fork-safe scheduled workflows\n- Adds repository guards so workflows that depend on upstream-only secrets/features run only on github/awesome-copilot and skip cleanly on forks.\n- Applies to:\n - Traffic Reporting\n - Skill Quality Report — Nightly Scan\n - Learning Hub Updater (lock)\n - CLI for Beginners Content Sync (lock)\n - Duplicate Resource Detector (lock)\n - Resource Staleness Report (lock)\n\n## Why\n- Unblocks issue intake path for external plugin submission #1892.\n- Prevents expected fork environment differences (missing secrets/features) from causing failing required checks.\n\n## Validation\n- Local syntax diagnostics: no errors in updated workflows.\n-
pm run skill:validate passes locally.\n- Branch includes commits:\n - 2516379\n - 5f982a8\n - 9535855\n