Feature Request: skip-if-no-match / skip-if-match support for cross-repo and org-wide queries #20801
Description
Summary
skip-if-no-match and skip-if-match do not support org-wide or cross-repo search queries. The current implementation auto-scopes all queries to the current repository and only uses GITHUB_TOKEN. This makes these features unusable for CentralRepoOps workflows that search across an organization from a central orchestration repository.
Problem
We run a CentralRepoOps pipeline from a central repo that triages and remediates issues across ~30 repositories in our org. Our intake workflow runs on a 15-minute schedule and searches for unclassified issues org-wide:
org:org label:agent-fix -label:ops:agentic is:issue is:open
When no issues match, the agent still starts, burns inference tokens, performs the search via MCP tools, and calls noop. We'd like to use skip-if-no-match to prevent the agent from running when there's nothing to process, but two limitations block this:
1. Auto-scoping to current repository
In check_skip_if_no_match.cjs (line 30):
const scopedQuery = `${skipQuery} repo:${owner}/${repo}`;The query is always scoped to the current repository. For our case, repo:org/central-repo gets appended to our org:org query, which conflicts and returns zero results even when there are matching issues in other repos.
2. No custom token support
The pre-activation step uses the default GITHUB_TOKEN via actions/github-script. Our org-wide search requires a GitHub App installation token with cross-repo search permissions. There is no way to provide a github-app: or github-token: to the skip-if check.
Proposed Solution
Option A: Add github-app: / github-token: and scope: to skip-if conditions
on:
schedule:
- cron: "*/15 * * * *"
skip-if-no-match:
query: 'org:org label:agent-fix -label:ops:agentic is:issue is:open'
scope: none # or "org" — disables auto repo:owner/repo scoping
github-app:
app-id: ${{ secrets.WORKFLOW_APP_ID }}
private-key: ${{ secrets.WORKFLOW_APP_PRIVATE_KEY }}
owner: "ns-actions"Option B: Add a raw: flag to disable auto-scoping
on:
skip-if-no-match:
query: 'org:org label:agent-fix is:issue is:open'
raw: true # pass query as-is without appending repo:owner/repo
github-token: ${{ secrets.CROSS_ORG_TOKEN }}Either option would also benefit skip-if-match symmetrically.
Impact
This affects any CentralRepoOps pattern where a workflow in repo A monitors or triages work across repos B, C, D, etc. Without this, the only option is to let the agent start and call noop, which wastes inference tokens on every empty scheduled run.
Affected workflow patterns
| Workflow | Trigger | Why skip-if can't be used |
|---|---|---|
| Scheduled intake (poll for issues org-wide) | schedule |
Org-wide search, needs app token |
| Scheduled router (scan for ready/blocked issues) | schedule |
Org-wide search, needs app token |
| Blocked queue health (monitor blocked backlog) | schedule |
Org-wide search, needs app token |
| Factory failure reconciler | workflow_run |
Needs if: on github.event.workflow_run.conclusion to skip success runs |
Secondary request: workflow_run conclusion filtering
Separately, factory-failure-reconciler workflows triggered by workflow_run run on every completion — including successes where the agent just calls noop. Supporting a conclusion filter or an if: condition on the agent job would prevent token waste:
on:
workflow_run:
workflows: [Agentic Bug-Fix Factory, Agentic Feature Factory]
types: [completed]
conclusions: [failure, timed_out, cancelled, action_required, startup_failure]Or alternatively, emitting an if: condition on the agent job:
agent:
if: >-
github.event.workflow_run.conclusion == 'failure' ||
github.event.workflow_run.conclusion == 'timed_out' ||
github.event.workflow_run.conclusion == 'cancelled'Environment
- gh-aw version: v0.58.0
- Engine: copilot
- Workflow triggers:
schedule,workflow_dispatch,workflow_run