Skip to content

Fix missing target-repo/allowed-repos in submit-pull-request-review schema#20789

Merged
pelikhan merged 2 commits intomainfrom
copilot/fix-unknown-property-target-repo
Mar 13, 2026
Merged

Fix missing target-repo/allowed-repos in submit-pull-request-review schema#20789
pelikhan merged 2 commits intomainfrom
copilot/fix-unknown-property-target-repo

Conversation

Copy link
Contributor

Copilot AI commented Mar 13, 2026
edited
Loading

The JSON schema for submit-pull-request-review had additionalProperties: false but was missing target-repo and allowed-repos — causing compilation to reject them even though the runtime handler and TypeScript types already supported both fields.

Changes

  • pkg/parser/schemas/main_workflow_schema.json: Added target-repo (string) and allowed-repos (string array) to submit-pull-request-review schema properties, consistent with other cross-repository safe-output types
  • docs/src/content/docs/reference/safe-outputs-specification.md: Updated the Submit PR Review Extensions example and submit_pull_request_review type notes to document cross-repository support

Example

safe-outputs:
  submit-pull-request-review:
    max: 1
    target: "${{ github.event.inputs.pr_number }}"
    target-repo: "owner/repo"          # previously rejected at compile time
    allowed-repos: ["org/repo1"]
    footer: false

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 64/pkg/tool/linurev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git ch 64/pkg/tool/linurev-parse /usr/bin/git git (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw git /opt/hostedtoolc"prettier" --write 'scripts/**/*.js' --ignore-path .prettierignore --log-level=error git comm�� h ../../../.prettierignore Initial 0/x64/bin/node x_amd64/vet git /opt/hostedtoolc--write git (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false /tmp/go-build539673756/b010/vet.cfg 673756/b275/vet.cfg (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git rev-�� --show-toplevel git /opt/hostedtoolcache/node/24.14.0/x64/bin/node --show-toplevel x_amd64/vet /usr/bin/git node (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha FETCH_HEAD^{commit} (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --show-toplevel /opt/hostedtoolc--package-lock-only 0/x64/bin/node -bool 4792287/b390/_terev-parse /opt/hostedtoolc--show-toplevel git js --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link 64/pkg/tool/linux_amd64/compile /tmp/go-build338git -importcfg /usr/bin/git 64/pkg/tool/linux_amd64/compile (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -bool -buildtags /usr/local/bin/bash -errorsas -ifaceassert -nilfunc bash --no�� --noprofile -tests /home/REDACTED/.local/bin/bash (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --noprofile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha se 673756/b115/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha se 673756/b073/vet.cfg a1a959e8ac1c4c64f1966cb8ceebce57aa08fb75ede6487f76b66da2df149961-d - (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --noprofile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --noprofile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --noprofile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel git ache/node/24.14.0/x64/bin/node --show-toplevel /tmp/go-build338rev-parse /usr/bin/git git _lab�� --show-toplevel git nfig/composer/vendor/bin/bash --show-toplevel (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --local cfg 64/pkg/tool/linux_amd64/vet itPR\|Test.*Safegit (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet 0/x64/bin/node -unreachable=falgit /tmp/go-build539rev-parse /opt/hostedtoolc--show-toplevel git ance�� --show-toplevel /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet 0/x64/bin/node -unreachable=falgit /tmp/go-build539rev-parse /usr/bin/tail git (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha h ../../../.pret.prettierignore node 0/x64/bin/node x_amd64/vet git /opt/hostedtoolc--write git arne�� w/js/**/*.json' --ignore-path node x_amd64/vet x_amd64/vet git /usr/local/.ghcu/home/REDACTED/work/gh-aw/gh-aw/.github/workflows x_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha h ../../../.prettierignore node 0/x64/bin/node x_amd64/vet git /opt/hostedtoolc--noprofile git arne�� --show-toplevel node n-dir/bash x_amd64/link git /opt/hostedtoolcgraphql git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build3384792287/b384/importcfg -pack 6iV7PiPHuA1w (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha --show-toplevel node 0/x64/bin/node x_amd64/vet 0/x64/bin/npm /home/REDACTED/wor--show-toplevel git cjs --show-toplevel bash es/.bin/node --noprofile git /usr/bin/git git (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha --show-toplevel x_amd64/asm /usr/bin/git --local cfg 64/pkg/tool/linux_amd64/vet git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git FETCH_HEAD^{commnode (http block)

If you need me to access, download, or install something from one of these locations, you can either:

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

Copilot AI linked an issue Mar 13, 2026 that may be closed by this pull request
Issue #20664 still unresolved in v0.58.0: target-repo remains unsupported in safe-outputs.submit-pull-request-review #20781
Closed
@pelikhan
Fix: Add target-repo and allowed-repos to submit-pull-request-review …
c0b4569 
…schema

Closes #20664 - The JSON schema for submit-pull-request-review was missing
the target-repo and allowed-repos fields that were already supported at
runtime but rejected during compilation validation.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] [GH-AW-20664] Fix target-repo issue in pull request review Fix missing target-repo/allowed-repos in submit-pull-request-review schema Mar 13, 2026
Copilot AI requested a review from pelikhan March 13, 2026 13:07
@pelikhan pelikhan marked this pull request as ready for review March 13, 2026 13:09
Copilot AI review requested due to automatic review settings March 13, 2026 13:09
@pelikhan pelikhan merged commit 4108529 into main Mar 13, 2026
1 check passed
@pelikhan pelikhan deleted the copilot/fix-unknown-property-target-repo branch March 13, 2026 13:09
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes compile-time schema rejection for cross-repository review submission by adding the missing target-repo / allowed-repos fields to the submit-pull-request-review safe-output schema, and documents the options in the safe-outputs reference.

Changes:

  • Add target-repo (string) and allowed-repos (string array) to the submit-pull-request-review JSON schema (previously blocked by additionalProperties: false).
  • Update safe-outputs documentation to include and describe cross-repository support for submit_pull_request_review.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pkg/parser/schemas/main_workflow_schema.json Extends submit-pull-request-review schema to allow target-repo and allowed-repos, matching runtime support and other safe-output types.
docs/src/content/docs/reference/safe-outputs-specification.md Documents target-repo/allowed-repos for submit PR review, updating the example and type notes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

This was referenced Mar 13, 2026
Closed
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Issue #20664 still unresolved in v0.58.0: target-repo remains unsupported in safe-outputs.submit-pull-request-review

3 participants

@pelikhan