Skip to content

Add --skip-secret flag to add-wizard to bypass API key prompt#20598

Merged
pelikhan merged 3 commits intomainfrom
copilot/add-option-to-skip-api-prompt
Mar 11, 2026
Merged

Add --skip-secret flag to add-wizard to bypass API key prompt#20598
pelikhan merged 3 commits intomainfrom
copilot/add-option-to-skip-api-prompt

Conversation

Copy link
Contributor

Copilot AI commented Mar 11, 2026
edited
Loading

When a secret is already configured at the org or repo level, add-wizard still forces users through the API key prompt with no way to skip it.

Changes

  • add-wizard command: Adds --skip-secret boolean flag; included in help text with usage example
  • RunAddInteractive: Accepts new skipSecret bool parameter, propagated into AddInteractiveConfig
  • AddInteractiveConfig: New SkipSecret bool field; when set, collectAPIKey returns early (with informational message) and getSecretInfo is bypassed entirely in the orchestrator

Usage

gh aw add-wizard githubnext/agentics/ci-doctor --skip-secret
# ℹ Skipping COPILOT_GITHUB_TOKEN secret setup (--skip-secret flag set).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha GOMODCACHE go /usr/bin/git on' --ignore-patgit GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha runs/20260311-223115-37397/test-232956647/.github/workflows GO111MODULE 194902/b297/vet.cfg l GOMOD GOMODCACHE go env -json GO111MODULE ache/node/24.14.0/x64/bin/node GOINSECURE GOMOD GOMODCACHE /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go k/gh�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD erignore go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --git-dir /tmp/go-build325194902/b419/_testmain.go /usr/bin/git -json GO111MODULE h git rev-�� --show-toplevel go /usr/bin/git */*.ts' '**/*.jsgit GO111MODULE ache/go/1.25.0/x--show-toplevel /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git ck 'scripts/**/*git GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json f366679a:go.mod ache/go/1.25.0/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/infocmp -json GO111MODULE odules/npm/node_--show-toplevel infocmp -1 xterm-color go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/gh-aw-test-runs/20260311-223115-37397/test-999389079/.github/workflows rev-parse /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -json GO111MODULE _modules/.bin/sh--show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build325194902/b422/_pkg_.a -trimpath /opt/hostedtoolcache/node/24.14.0/x64/bin/node -p main -lang=go1.25 node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git heck '**/*.cjs' git GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -c=4 -nolocalimports -importcfg /tmp/go-build325194902/b374/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/access_log.go /home/REDACTED/work/gh-aw/gh-aw/pkg/cli/actionlint.go env on' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build325194902/b392/importcfg -pack /tmp/go-build325194902/b392/_testmain.go env on' --ignore-patGOINSECURE GO111MODULE 64/bin/go N files are not /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha gSGT/4PU8IGZ3xsiiK_VzgSGT go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile 1949�� /tmp/go-build325194902/b418/_pkg_.a 194902/b436/_testmain.go (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/gh-aw-test-runs/20260311-223115-37397/test-3764110333/.github/workflows rev-parse /tmp/go-build325194902/b413/repoutil.test -json GO111MODULE 64/bin/go /tmp/go-build325194902/b413/repoutil.test -tes�� -test.paniconexit0 -test.v=true ache/node/24.14.0/x64/bin/node -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel ache/node/24.14.0/x64/bin/node (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE ache/go/1.25.0/x64/pkg/tool/linu-lang=go1.25 GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x64/pkg/tool/linu-dwarf=false env 3115-37397/test-221854791 GO111MODULE 194902/b405/importcfg.link GOINSECURE GOMOD GOMODCACHE NVNgnGPLEQds7/eMdwFO3cBOLj36ZOwl/tmp/go-build325194902/b433/_testmain.go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE wJ/GFtmVa307QDDNuUCuh0B/-q2laYTO-test.v=true (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE sh GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha cp .github/aw/actions-lock.json pkg/workflow/data/action_pins.json; \ echo "��� Action pins syn/usr/bin/unpigz GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 4020413965/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go ules�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha on' --ignore-patGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 3149035035/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env json' --ignore-pGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo odules/npm/node_GOMODCACHE GOINSECURE GOMOD GOMODCACHE go env json' --ignore-pGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build325194902/b383/cli.test /tmp/go-build325194902/b383/cli.test -test.testlogfile=/tmp/go-build325194902/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ode_modules/.binGOMODCACHE GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE ortcfg env b7505c45f80cd646GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/xGO111MODULE (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI linked an issue Mar 11, 2026 that may be closed by this pull request
Option to skip API secret prompt for add-wizard #20592
Closed
@pelikhan
Add --skip-secret flag to add-wizard command to skip API secret prompt
66ef3b0 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add option to skip API secret prompt for add-wizard Add --skip-secret flag to add-wizard to bypass API key prompt Mar 11, 2026
@pelikhan pelikhan marked this pull request as ready for review March 11, 2026 22:45
Copilot AI review requested due to automatic review settings March 11, 2026 22:45
@pelikhan pelikhan merged commit 9fbbceb into main Mar 11, 2026
46 checks passed
@pelikhan pelikhan deleted the copilot/add-option-to-skip-api-prompt branch March 11, 2026 22:45
Copilot AI reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new --skip-secret flag to add-wizard so users can bypass API key/secret setup when a secret is already configured outside the repo (e.g., at org level).

Changes:

  • Adds --skip-secret flag to the add-wizard command (including help/usage example).
  • Threads a new skipSecret parameter into RunAddInteractive and stores it on AddInteractiveConfig.
  • Skips secrets configuration and bypasses getSecretInfo when SkipSecret is enabled; adds unit coverage for the skip behavior in collectAPIKey.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
pkg/cli/add_wizard_command.go Adds --skip-secret flag wiring and updates command examples/help text.
pkg/cli/add_interactive_orchestrator.go Extends interactive config and orchestrator flow to honor SkipSecret (bypass secret info step).
pkg/cli/add_interactive_engine.go Implements early-return behavior in collectAPIKey when SkipSecret is set (with info message).
pkg/cli/add_interactive_secrets_test.go Adds tests ensuring collectAPIKey succeeds without prompting when SkipSecret is true.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

pkg/cli/add_interactive_orchestrator.go
NoStopAfter bool
StopAfter string
SkipWorkflowRun bool
SkipSecret bool // Skip the API secret prompt (useful when secret is set at org level)
Copy link

Copilot AI Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inline comment for SkipSecret says it's useful when the secret is set at the org level, but the flag/help text describes org or repo level. Please update this comment to match the actual supported/expected usage to avoid confusing future readers.

Suggested change
SkipSecret bool // Skip the API secret prompt (useful when secret is set at org level)
SkipSecret bool // Skip the API secret prompt (useful when secret is set at the org or repo level)

Copilot uses AI. Check for mistakes.
github-actions bot added a commit that referenced this pull request Mar 12, 2026
@github-actions @claude
docs: update documentation for features from 2026-03-12
3e754f9 
- Add add-wizard command to CLI reference with --skip-secret flag (#20598)
- Document that Codex web-search is disabled by default (#20607)
- Clarify that draft is a configuration policy in create-pull-request (#20608)
- Document compile-time warnings for push-to-pull-request-branch with target: "*" (#20580)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot mentioned this pull request Mar 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Option to skip API secret prompt for add-wizard

3 participants

@pelikhan