Skip to content

fix: add target-repo support to submit_pull_request_review for cross-repo workflows#20678

Merged
pelikhan merged 3 commits intomainfrom
copilot/fix-submit-pull-request-review
Mar 12, 2026
Merged

fix: add target-repo support to submit_pull_request_review for cross-repo workflows#20678
pelikhan merged 3 commits intomainfrom
copilot/fix-submit-pull-request-review

Conversation

Copy link
Contributor

Copilot AI commented Mar 12, 2026
edited
Loading

submit_pull_request_review lacked target-repo/allowed-repos support, causing it to always resolve the repository from context.repo (the provider) rather than the actual PR repository (the consumer), resulting in 404s in cross-repo review flows.

Changes

  • Go struct & parser (submit_pr_review.go): Added TargetRepoSlug and AllowedRepos fields to SubmitPullRequestReviewConfig; parsing uses the shared parseTargetRepoWithValidation / parseAllowedReposFromConfig helpers
  • Compiler config (compiler_safe_outputs_config.go): Emit target-repo and allowed_repos into the handler config, matching the pattern used by create_pull_request_review_comment
  • JS handler (submit_pr_review.cjs): Replaced hardcoded context.repo with resolveTargetRepoConfig + resolveAndValidateRepo from repo_helpers.cjs; PR fetch now targets the configured repo
  • TypeScript types: Added target, target-repo, allowed-repos to SubmitPullRequestReviewConfig
  • Docs: Updated safe-outputs.md to document the new fields, matching parity with create-pull-request-review-comment

Example

safe-outputs:
  create-pull-request-review-comment:
    max: 10
    target-repo: "consumer-org/consumer-repo"
  submit-pull-request-review:
    max: 1
    target: "${{ github.event.inputs.pr_number }}"
    target-repo: "consumer-org/consumer-repo"   # ← new: routes review to correct repo
    allowed-repos: ["consumer-org/other-repo"]   # ← new: optional allowlist

Without target-repo, behavior is unchanged — falls back to GITHUB_REPOSITORY.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -trimpath 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile /usr/bin/git 10 GO111MODULE Name,path,createdAt,startedAt,up--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GO111MODULE 0/x64/bin/node git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/cgo /usr/bin/git vaScript17602633gcc GO111MODULE /opt/hostedtoolc-x git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --get remote.origin.url ache/node/24.14.0/x64/bin/node 804ceef7674f520egit GO111MODULE 64/bin/go ache/node/24.14.0/x64/bin/node -366�� --show-current ache/go/1.25.0/x-importcfg /usr/bin/git 9132361/b417/_pkgit GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha Cn_Y/5B4iLiQEF4sALTzcCn_Y (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ndor/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha /tmp/TestHashConsistency_KeyOrdering2993831380/001/test2.md go /usr/bin/git JRst/OFrQgiGYGecgit GO111MODULE 64/bin/go git rev-�� --show-toplevel 9132361/b374/importcfg /usr/bin/git k/gh-aw/gh-aw/cmgit k/gh-aw/gh-aw/cmrev-parse 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel go /usr/bin/git tants.go tants_test.go 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/compile r: $owner, name: $name) { hasDiscussionsEnabled } } g_.a GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel -tests /tmp/go-build1696284940/b413/repoutil.test -json GO111MODULE 64/bin/go /tmp/go-build1696284940/b413/repoutil.test -tes�� -test.paniconexit0 -test.v=true /usr/bin/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha ry=1 6284940/b422/_testmain.go 6284940/b436/_pkg_.a remote.origin.urgit -nolocalimports -importcfg git rev-�� --show-toplevel -pack ache/node/24.14.0/x64/bin/node d/gh-aw/main.go GO111MODULE 64/bin/go ache/node/24.14.0/x64/bin/node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.0/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha 1WLZb6UPh GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ortcfg env 35126d5394e2a1caGOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE ache/go/1.25.0/x-buildtags (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env ck '**/*.cjs' '*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha k/gh-aw/gh-aw/pkg/styles/theme.go k/gh-aw/gh-aw/pkg/styles/theme_test.go /opt/hostedtoolcache/node/24.14.0/x64/bin/node -json GO111MODULE 64/bin/go node /tmp�� /tmp/TestHashConsistency_GoAndJavaScript176026337/001/test-empty-frontmatter.md go /tmp/go-build1696284940/b428/timeutil.test ck '**/*.cjs' '*git GO111MODULE 64/bin/go /tmp/go-build1696284940/b428/timeutil.test (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/gh-aw-test-runs/20260312-140824-41881/test-3357570995/.github/workflows rev-parse /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -json GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile -o /tmp/go-build1696284940/b418/_pkg_.a -trimpath /usr/bin/git -p github.com/githurev-parse -lang=go1.25 git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha blog-auditor.md g/sliceutil/sliceutil_test.go 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 6284940/b416/_pkg_.a .cfg 6284940/b416=> GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git SameOutput209514git GO111MODULE 0/x64/bin/node git rev-�� --show-toplevel go /usr/bin/git orts3640137033/0git GO111MODULE (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 go x_amd64/vet tierignore GO111MODULE 64/bin/go x_amd64/vet env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 scripts/**/*.js x_amd64/vet -d GO111MODULE 64/bin/go x_amd64/vet env ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 scripts/**/*.js 64/bin/go -d GO111MODULE 64/bin/go go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GOMOD 64/bin/go tierignore GO111MODULE 64/bin/go go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 go x_amd64/link -d GO111MODULE 64/bin/go x_amd64/link env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 0B/BbpKnpOfd46pb4kTgHEs/EiezGfJK--jq (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GOMOD 64/bin/go -d GO111MODULE 64/bin/go go estl�� ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GOCACHE 64/bin/go tierignore GO111MODULE 64/bin/go go estl�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE erignore env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE erignore env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha ck '**/*.cjs' '*GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env e=false GO111MODULE 64/bin/go GOINSECURE %H %ct %D c9da5bcd95dfd607/tmp/gh-aw-test-runs/20260312-140824-41881/test-608256366/.github/workflows go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE erignore env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel 64/pkg/tool/linu1 /usr/bin/git 6284940/b413/rep/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link .cfg 6284940/b413/importcfg.link git rev-�� --show-toplevel gUIYjN6c4lmkV/4fownHncp26b6DL2LBDN/N6GE9dzJuLpfUe9tz4e_/aZSvDGNgremote.origin.url /usr/bin/git ithub-script/git/usr/bin/gh GO111MODULE ache/go/1.25.0/xgraphql git (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE 0XVD7GS/mRL0tEU7JbrieQ94-F8q env 1079857865/.github/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion -p main -lang=go1.25 go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go GOINSECURE GOMOD GOMODCACHE go env heck '**/*.cjs' GOINSECURE GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build1696284940/b383/cli.test /tmp/go-build1696284940/b383/cli.test -test.testlogfile=/tmp/go-build1696284940/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

Copilot AI linked an issue Mar 12, 2026 that may be closed by this pull request
submit_pull_request_review lacks target-repo support and fails in cross-repo workflows #20664
Closed
@pelikhan
fix: add target-repo and allowed-repos support to submit_pull_request…
b18bec7 
…_review

Adds cross-repository support to `submit_pull_request_review` to fix PR review
submission failing with 404 in cross-repo workflows.

- Add `TargetRepoSlug` and `AllowedRepos` fields to `SubmitPullRequestReviewConfig`
- Parse `target-repo` and `allowed-repos` in `parseSubmitPullRequestReviewConfig`
- Update compiler config to include new fields in handler config output
- Update JS handler to use `resolveTargetRepoConfig`/`resolveAndValidateRepo`
- Update TypeScript types to add `target`, `target-repo`, `allowed-repos` fields
- Add cross-repo tests in JS and Go test files
- Update documentation in safe-outputs.md

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix submit_pull_request_review for target-repo support fix: add target-repo support to submit_pull_request_review for cross-repo workflows Mar 12, 2026
@pelikhan
Copy link
Contributor

pelikhan commented Mar 12, 2026

@copilot compare to other handlers and ensure the implementation is similar

@pelikhan
Changes before error encountered
983fdf8 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Copy link
Contributor

pelikhan commented Mar 12, 2026

@copilot keep working

Copy link
Contributor Author

Copilot AI commented Mar 12, 2026
edited
Loading

@copilot keep working

Done — the Go struct now embeds SafeOutputTargetConfig inline (matching ResolvePullRequestReviewThreadConfig and ReplyToPullRequestReviewCommentConfig), and the JS handler uses resolveTargetRepoConfig + resolveAndValidateRepo from repo_helpers.cjs, consistent with reply_to_pr_review_comment.cjs.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 64/pkg/tool/linurev-parse 86_64/node git rev-�� --show-toplevel git /usr/bin/git --show-toplevel Vqh7QChbBs18WVNtrev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel /bin/sh /usr/bin/git f() { test &#34;$1&#34; git f() { test &#34;$1&#34; rev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel 64/pkg/tool/linurev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha tructions-test-4088944917/.github/workflows /tmp/go-build1084993917/b196/vet.cfg 3127107/b388/vet.cfg h ../../../.pretgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha 9go7lghnq .cfg 64/pkg/tool/linux_amd64/vet pull.rebase (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git HEAD on x_amd64/vet git rev-�� --show-toplevel x_amd64/vet r: $owner, name: $name) { hasDiscussionsEnabled } } se 4993917/b207/vetrev-parse .cfg git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha a820/Vgx0-6pZlp38hwO9a820 k/gh-aw/gh-aw/pkg/styles/theme_test.go /opt/hostedtoolcache/node/24.14.0/x64/bin/node on&#39; --ignore-patgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/gh-aw-test-runs/20260312-150121-12479/test-3152516659/.github/workflows config /usr/bin/git remote.origin.urgit -nolocalimports -importcfg git rev-�� --show-toplevel (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git rite &#39;../../../*git .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git til.go o ache/go/1.25.0/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build1084993917/b001/importcfg -pack /tmp/go-build1084993917/b001/_testmain.go ode_�� (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha on&#39; --ignore-path ../../../.pret.prettierignore (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha on&#39; --ignore-path ../../../.prettierignore (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/agent-performance-analyzer.md 3127107/b422/_testmain.go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link on&#39; --ignore-patgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --git-dir x_amd64/vet /usr/bin/git git rev-�� --show-toplevel /usr/bin/git iptables --get-regexp ^remote\..*\.gh-rev-parse /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha /tmp/gh-aw-test-runs/20260312-150121-12479/test-4158057310/.github/workflows config /opt/hostedtoolcache/node/24.14.0/x64/bin/node remote.origin.urgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel /tmp/go-build271rev-parse /usr/bin/infocmp--show-toplevel git rev-�� --show-toplevel infocmp ptables xterm-color x_amd64/vet /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha /test1.md /test2.lock.yml 4993917/b259/vet.cfg -p internal/fuzz -lang=go1.25 /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� 0121-12479/test-3636543989 /tmp/go-build1084993917/b094/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet go1.25.0 -c=4 -nolocalimports /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x-ifaceassert /home/REDACTED/.local/bin/node k/gh-aw/gh-aw/.ggit -importcfg /usr/bin/git node /opt�� install --package-lock-only /usr/bin/git /home/REDACTED/worgit rev-parse ache/node/24.14.--show-toplevel git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 ify@v1.11.1/require/forward_requ-ifaceassert x_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha get .cfg 64/pkg/tool/linux_amd64/vet http.https://gitgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git 0121-12479/test-git 4993917/b071/vetrev-parse ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ortcfg /usr/bin/git /v1.2.3 d/gh-aw/capitalirev-parse 0/x64/bin/node git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha get .cfg datedAt,event,headBranch,headSha,displayTitle http.https://gitgit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git 0121-12479/test-git 4993917/b116/vetrev-parse .cfg git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git /v2.0.0 (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion nore (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build2713127107/b383/cli.test /tmp/go-build2713127107/b383/cli.test -test.testlogfile=/tmp/go-build2713127107/b383/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true ader (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan marked this pull request as ready for review March 12, 2026 16:17
Copilot AI review requested due to automatic review settings March 12, 2026 16:17
Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds target-repo and allowed-repos support to the submit_pull_request_review safe output handler, enabling cross-repository PR review submission workflows. This brings it to parity with other handlers like create-pull-request-review-comment.

Changes:

  • Added SafeOutputTargetConfig (with TargetRepoSlug and AllowedRepos) to the Go config struct and parser, plus compiler config emission
  • Updated the JS handler to use resolveTargetRepoConfig and resolveAndValidateRepo for repo resolution instead of hardcoded context.repo
  • Added TypeScript types, tests, and documentation for the new fields

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pkg/workflow/submit_pr_review.go Embed SafeOutputTargetConfig and parse target-repo/allowed-repos
pkg/workflow/compiler_safe_outputs_config.go Emit target-repo and allowed_repos into handler config JSON
actions/setup/js/submit_pr_review.cjs Use repo helpers for cross-repo resolution instead of context.repo
actions/setup/js/submit_pr_review.test.cjs Add tests for cross-repo review submission and rejection
actions/setup/js/types/safe-outputs-config.d.ts Add new optional fields to TS type
pkg/workflow/submit_pr_review_footer_test.go Add Go tests for new config fields
docs/src/content/docs/reference/safe-outputs.md Document new fields

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@pelikhan pelikhan merged commit f620a7b into main Mar 12, 2026
56 checks passed
@pelikhan pelikhan deleted the copilot/fix-submit-pull-request-review branch March 12, 2026 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

submit_pull_request_review lacks target-repo support and fails in cross-repo workflows

3 participants

@pelikhan