Skip to content

Fix Security Alert Burndown workflow: Add inline discovery for Dependabot PRs#12166

Merged
pelikhan merged 2 commits intomainfrom
copilot/debug-security-alert-burndown-again
Jan 28, 2026
Merged

Fix Security Alert Burndown workflow: Add inline discovery for Dependabot PRs#12166
pelikhan merged 2 commits intomainfrom
copilot/debug-security-alert-burndown-again

Conversation

Copy link
Contributor

Copilot AI commented Jan 28, 2026
edited
Loading

The workflow expected a precomputed discovery manifest (./.gh-aw/campaign.discovery.json) but had no step to create it. The project: frontmatter triggered campaign orchestration mode, which injected instructions referencing this missing manifest. The agent succeeded but produced zero safe outputs, triggering failure detection.

Changes

Convert to inline discovery pattern:

  • Added GitHub MCP toolsets (repos, issues, pull_requests) for API access
  • Added noop safe output (max: 1) to handle zero-result scenarios
  • Rewrote prompt with step-by-step inline discovery:
    1. Search for Dependabot JavaScript PRs via GitHub MCP
    2. Call noop if no PRs found
    3. Update project board for discovered PRs (limit: 10)
    4. Report summary

Example search query added to prompt:

repo:githubnext/gh-aw is:pr author:app/dependabot label:dependencies label:javascript is:open

Result: Agent now performs active discovery and always produces safe outputs (either noop or update-project calls), eliminating "no safe outputs" failures.

Original prompt

This section details on the original issue you should resolve

<issue_title>[agentics] Security Alert Burndown failed</issue_title>
<issue_description>### Workflow Failure

Workflow: Security Alert Burndown
Branch: main
Run URL: https://github.com/githubnext/gh-aw/actions/runs/21412394486

⚠️ No Safe Outputs Generated: The agent job succeeded but did not produce any safe outputs. This typically indicates:

  • The safe output server failed to run
  • The prompt failed to generate any meaningful result
  • The agent should have called noop to explicitly indicate no action was taken

Action Required

Debug this workflow failure using the agentic-workflows agent:

/agent agentic-workflows

When prompted, instruct the agent to debug this workflow failure.

Generated from Security Alert Burndown

  • expires on Feb 3, 2026, 8:11 PM UTC

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan
Fix Security Alert Burndown workflow to perform inline discovery and …
b5473a8 
…call noop when no PRs found

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Debug security alert burndown workflow failure Fix Security Alert Burndown workflow: Add inline discovery for Dependabot PRs Jan 28, 2026
Copilot AI requested a review from pelikhan January 28, 2026 05:13
@pelikhan pelikhan marked this pull request as ready for review January 28, 2026 05:15
@pelikhan pelikhan merged commit 98770bc into main Jan 28, 2026
@pelikhan pelikhan deleted the copilot/debug-security-alert-burndown-again branch January 28, 2026 05:15
@github-actions github-actions bot mentioned this pull request Jan 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[agentics] Security Alert Burndown failed

2 participants

@pelikhan