[Auto Update] Agentic workflows — fix safe-outputs config and apply pending upgrade#19756
[Auto Update] Agentic workflows — fix safe-outputs config and apply pending upgrade#19756Copilot wants to merge 4 commits into
Conversation
- Updated actions/github-script from v8 to v9 - Updated github/gh-aw-actions/setup from v0.68.3 to v0.72.1 - Updated github/gh-aw/actions/setup from v0.67.2 to v0.72.1 - Updated actions-lock.json with pinned container images - Recompiled all workflow lock files - Updated agent file to v0.72.1 references - Fixed aw-auto-update.md safe-outputs config: - Added github-app config for workflows permission - Added allow-workflows: true for create-pull-request and push-to-pull-request-branch - Changed protected-files from fallback-to-issue to allowed Co-authored-by: T-Gro <46543583+T-Gro@users.noreply.github.com>
T-Gro
added
the
AI-Auto-Resolve-Conflicts
✅ No release notes required |
github-actions
Bot
added
the
AI-Tooling-Check-Bypassed
- Resolve merge conflict in labelops-pr-maintenance.lock.yml (keep full container pinning from upgrade, use main's frontmatter_hash) - Add missing 'name' field to agentic-workflows.agent.md frontmatter (fixes 'Validate skills and agents' CI failure) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-project-automation
Bot
moved this from New
to In Progress
in F# Compiler and Tooling
|
🤖 LabelOps — Conflicts. Merge conflict detected in
|
T-Gro
left a comment
T-Gro
left a comment
There was a problem hiding this comment.
LGTM. The changes are well-scoped:
-
safe-outputs fix — Adding \github-app:\ with \workflows:write\ and \�llow-workflows: true\ correctly addresses the push failure. Switching \protected-files: fallback-to-issue\ → \�llowed\ is appropriate here since this workflow is explicitly designed to manage .github/\ files.
-
Version upgrade — Clean bump from v0.67.x/v0.68.x → v0.72.1 with properly pinned container image digests (sha256) in both the actions-lock.json and all recompiled lock files. The old \�ctions/github-script@v8\ entry is correctly removed.
-
Agent doc updates — Version URL bumps and the new CLI Commands Reference section are useful additions.
Prerequisite reminder: Repo needs \�ars.APP_ID\ and \secrets.APP_PRIVATE_KEY\ configured before this workflow will function.
The
aw-auto-updateworkflow run (#25949164516) successfully rangh aw upgradebut failed to push results. Two root causes:protect_top_level_dot_folders: true(default) +protected-files: fallback-to-issueblocked all.github/pushesworkflows:write, required by GitHub for pushing.github/workflows/filesSafe-outputs fix (
aw-auto-update.md)github-app:config to provide a token withworkflows:writeallow-workflows: trueon bothcreate-pull-requestandpush-to-pull-request-branchprotected-files: fallback-to-issue→allowed(this workflow is explicitly designed to manage these files)One-time upgrade (what the failed run was trying to do)
actions/github-scriptv8 → v9.0.0github/gh-aw-actions/setupv0.68.3 → v0.72.1github/gh-aw/actions/setupv0.67.2 → v0.72.1actions-lock.jsonwith new SHAs + container image pins.github/agents/agentic-workflows.agent.mdreferences to v0.72.1Prerequisite
Repo needs
vars.APP_IDandsecrets.APP_PRIVATE_KEYconfigured with a GitHub App that hasworkflows:writeinstalled ondotnet/fsharp.