fix: reduce skipped workflow fan-out on comment and PR events#22505
Merged
fix: reduce skipped workflow fan-out on comment and PR events#22505
Conversation
- content-moderation.yml: add job guard `if: vars.BLOCKED_USERS != ''` to skip entirely when no blocked users are configured, preventing unnecessary runs on every issue/PR/comment event - pr-nitpick-reviewer.md: add events restriction to slash_command trigger, narrowing from 6 broad event types to 2 (PR comments only), as this is a PR code review tool not an issue/discussion tool - ai-moderator.md: expand skip-bots list with dependabot, renovate, github-copilot-enterprise, copilot-swe-agent to reduce bot-triggered fan-out Recompiled all lock files with make recompile. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/c79d40bc-6687-4a52-8e1e-b4ddbf2c7b02
Copilot
AI
changed the title
[WIP] Reduce skipped workflow fan-out on comment and PR events
fix: reduce skipped workflow fan-out on comment and PR events
Mar 23, 2026
pelikhan
deleted the
copilot/deep-report-reduce-skipped-workflow-fan-out
branch
Contributor
There was a problem hiding this comment.
Pull request overview
Reduces GitHub Actions workflow fan-out and runner queue noise by tightening workflow activation conditions and narrowing event triggers so workflows don’t wake up only to immediately exit.
Changes:
- Restricts
/nitslash-command activation to PR comment contexts (PR comments + PR review comments only). - Adds a job-level guard to skip the content moderation job when no blocked-user list is configured.
- Expands AI moderator bot-skip list to avoid triggering moderation for common automation/bot actors.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/pr-nitpick-reviewer.md | Narrows slash-command trigger events to PR-only comment contexts. |
| .github/workflows/pr-nitpick-reviewer.lock.yml | Reflects compiled trigger/activation logic after narrowing supported events. |
| .github/workflows/content-moderation.yml | Adds job-level if guard to avoid runner allocation when blocklist is empty/unset. |
| .github/workflows/ai-moderator.md | Adds additional bots to skip-bots to reduce unnecessary moderation runs. |
| .github/workflows/ai-moderator.lock.yml | Updates compiled workflow to pass the expanded bot skip list to the skip-bot check step. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
54 of 108 sampled workflow runs completed as
skipped, generating queue noise from broad event triggers that wake up workflows only to exit early. Three targeted fixes:Changes
content-moderation.yml: Add job-level guardif: vars.BLOCKED_USERS != ''. The job previously triggered on everyissue_comment/issues/pull_requestevent and returned immediately when the blocklist was empty — the common case.pr-nitpick-reviewer.md: Restrict slash command to PR comment contexts only:ai-moderator.md: Expandskip-botsto includedependabot,renovate,github-copilot-enterprise,copilot-swe-agent— bots that routinely open issues and post comments but shouldn't trigger moderation analysis.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/graphql/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw artifacts-summar--norc audit-workflows.--noprofile auto-triage-issues.md blog�� bot-detection.md brave.md breaking-change-checker.md changeset.md ci-coach.md ci-doctor.md claude-code-user-docs-review.md(http block)/usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 6Z-FXSM3b7bq(http block)https://api.github.com/orgs/test-owner/actions/secrets/usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name ithub/workflows ep/bin/linux-x64github.com/aymanbagabas/go-udiff es/.bin/sh(http block)https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1/usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel x_amd64/vet /opt/hostedtoolcache/node/24.14.0/x64/bin/node '**/*.ts' '**/*.git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v3/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha -bool -buildtags /tmp/go-build2447389089/b412/envutil.test -errorsas -ifaceassert -nilfunc /tmp/go-build2447389089/b412/envutil.test -tes�� ons-test2708471839 -test.v=true /usr/bin/git l -test.run=^Test -test.short=true--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v5/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha inspect mcp/arxiv-mcp-server 64/pkg/tool/linux_amd64/vet --local user.name ode-gyp-bin/nodexterm-color 64/pkg/tool/linux_amd64/vet -C te '../../../**/*.json' '!../../../pkg/workflow/-errorsas rev-parse .cfg ent\|pull_requesgit ormance.md $name) { has--show-toplevel ache/go/1.25.0/x64/pkg/tool/linuremote.origin.url(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git *.json' '!../../git config x_amd64/compile git rev-�� --show-toplevel x_amd64/compile /usr/bin/git /home/REDACTED/worgit .cfg 64/pkg/tool/linu--show-toplevel git(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linuorigin /usr/bin/git 4420-15453/test-git 7389089/b207/vetrev-parse ache/go/1.25.0/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git k/gh-aw/gh-aw/ingit lsb_release /opt/hostedtoolc--show-toplevel git(http block)https://api.github.com/repos/actions/checkout/git/ref/tags/v6/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript1088001295/001/test-frontmatter-with-nesremote.origin.urgit bash /usr/bin/git k/gh-aw/gh-aw/.ggit(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha k/gh-aw/gh-aw/.github/workflows/auto-triage-issues.md -importcfg /usr/bin/git -s -w -buildmode=exe git -C /tmp/gh-aw-test-runs/20260323-204420-15453/test-3536826333 status /usr/bin/git .github/workflowgit(http block)/usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel ache/go/1.25.0/x64/pkg/tool/linu/tmp/go-build2447389089/b436/_testmain.go /usr/bin/git se 7389089/b046/vetrev-parse .cfg git rev-�� --show-toplevel ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet /usr/bin/git "prettier" --wrigit bash ache/go/1.25.0/x--show-toplevel git(http block)https://api.github.com/repos/actions/github-script/git/ref/tags/v8/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha rd(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha json' --ignore-p-errorsas l ules/.bin/pretti-nilfunc(http block)/usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha k/gh-aw/gh-aw/.g-errorsas(http block)https://api.github.com/repos/actions/setup-go/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /tmp/go-build2447389089/b444/_pkg_.a -trimpath(http block)/usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --show-toplevel node /usr/bin/git /tmp/TestHashCongit /home/REDACTED/worrev-parse ache/node/24.14.--show-toplevel git rev-�� --show-toplevel ache/node/24.14.0/x64/bin/node /tmp/TestGetNpmBinPathSetup_GorootOrdering521459393/001/go/1.25.0/x64/bin/go -unreachable=falgit /tmp/go-build244rev-parse /usr/bin/git go(http block)https://api.github.com/repos/actions/setup-node/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -test.paniconexit0 -test.v=true /usr/lib/git-core/git -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel /usr/lib/git-core/git main�� run --auto /usr/bin/git --detach origin x_amd64/vet git(http block)/usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --show-toplevel infocmp /usr/bin/git xterm-color grep /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel node /usr/bin/find /tmp/TestHashStagit chmod /usr/bin/git find(http block)https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4/usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build2447389089/b054/vet.cfg 7389089/b374/vet.cfg --noprofile(http block)https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b/usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha(http block)https://api.github.com/repos/github/gh-aw/usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --local pull.rebase r: $owner, name: $name) { hasDiscussionsEnabled } }(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha jpq_JbW5I /tmp/go-build2447389089/b003/vet.cfg 7389089/b378/vet.cfg l ci-doctor.lock.yrev-parse ed-workflow-fan---show-toplevel ortcfg -uns�� g/timeutil/format.go g/timeutil/format_test.go ache/node/24.14.0/x64/bin/node --noprofile(http block)https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha runs/20260323-204420-15453/test-561350798/.github/workflows /tmp/go-build2447389089/b099/vet.cfg 7389089/b365/vet.cfg l ci-doctor.lock.yrev-parse /node /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� k/gh-aw/gh-aw/.github/workflows /tmp/go-build2447389089/b254/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/compile ithub/workflows(http block)https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts/usr/bin/gh gh run download 1 --dir test-logs/run-1 config x_amd64/link ignore .md DiscussionsEnabluser.email x_amd64/link api rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json .cfg 64/pkg/tool/linux_amd64/vet -f owner=github -f HC/wPHmRHH07drGotDxh6_4/9rUbv3kNVNgnGPLEQds7(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts/usr/bin/gh gh run download 12345 --dir test-logs/run-12345 git 64/pkg/tool/linux_amd64/compile ignore --global $name) { has--git-dir 64/pkg/tool/linux_amd64/compile estl�� g_.a config 64/pkg/tool/linux_amd64/vet remote.origin.urgit rt/yaml ache/node/24.14.--show-toplevel 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts/usr/bin/gh gh run download 12346 --dir test-logs/run-12346 ew@v1.1.1/spew/common.go x_amd64/vet ignore owner=github DiscussionsEnabluser.email x_amd64/vet -C g_.a rev-parse 64/pkg/tool/linux_amd64/vet get fflib ache/go/1.25.0/x--show-toplevel 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts/usr/bin/gh gh run download 2 --dir test-logs/run-2 config x_amd64/link ignore --local /usr/local/sbin/--show-toplevel x_amd64/link imag�� rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-p-errorsas .cfg x_amd64/compile get --local(http block)https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts/usr/bin/gh gh run download 3 --dir test-logs/run-3 rev-parse 64/pkg/tool/linux_amd64/vet ignore --local /home/REDACTED/.do--show-toplevel 64/pkg/tool/linux_amd64/vet -C rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json .cfg 64/pkg/tool/linux_amd64/vet remote.origin.urnode --local ndor/bin/bash 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts/usr/bin/gh gh run download 4 --dir test-logs/run-4 -f x_amd64/compile ignore owner=github -f x_amd64/compile -1 rite '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json .cfg 64/pkg/tool/linux_amd64/vet nt.md --local ode-gyp-bin/sh 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts/usr/bin/gh gh run download 5 --dir test-logs/run-5 git x_amd64/compile ignore --local /usr/local/.ghcu--show-toplevel x_amd64/compile -C rite '**/*.cjs' '**/*.ts' '**/*.-c=4 .cfg 64/pkg/tool/linux_amd64/vet get --local $name) { has--show-toplevel 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/actions/workflows/usr/bin/gh gh workflow list --json name,state,path celain --ignore-submodules | head -n 10(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100(http block)/usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 owner=github -f 64/pkg/tool/linux_amd64/vet -1 xterm-color git 64/pkg/tool/linux_amd64/vet get --local(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha /home/REDACTED/wor-c=4 .cfg 64/pkg/tool/linu-importcfg remote.origin.urgit --local DiscussionsEnabl/home/REDACTED/work/gh-aw/gh-aw/pkg/testutil/tempdir_test.go 64/pkg/tool/linux_amd64/vet k/gh�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows rev-parse 64/pkg/tool/linux_amd64/vet --local credential.helperev-parse erignore 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha ithub/workflows .github/workflows/dictation-prom../../../.prettierignore /home/REDACTED/.config/composer/vendor/bin/bash .github/workflow/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile .github/workflow-o ed } } bash --no�� ../pkg/workflow/-p .github/workflowgithub.com/github/gh-aw/pkg/constants x_amd64/vet .github/workflowgit .github/workflowrev-parse .github/workflow--show-toplevel x_amd64/vet(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha ithub/workflows .github/workflow-ifaceassert rning_test.go .github/workflow/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/compile .github/workflow-o DiscussionsEnabl/tmp/go-build2447389089/b402/_pkg_.a bash --no�� ../pkg/workflow/-p .github/workflowgithub.com/github/gh-aw/pkg/console x_amd64/vet .github/workflowgit .github/workflowrev-parse ed } } x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha th .prettierigno-errorsas .github/workflow-ifaceassert /usr/bin/make .github/workflow/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link .github/workflow-o .github/workflow/tmp/go-build2447389089/b406/console.test make buil�� ../pkg/workflow/-s .github/workflow-w x_amd64/vet .github/workflowgit .github/workflow-C .github/workflow/tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_with_repos_array_c3843863344/001 x_amd64/vet(http block)/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha th .prettierigno-errorsas .github/workflow-ifaceassert es/.bin/node l .github/workflow-o DiscussionsEnabl/tmp/go-build2447389089/b412/envutil.test /bin/sh ode_�� lcs/common.go lcs/doc.go x_amd64/compile l .github/workflow-C .github/workflow/tmp/TestGuardPolicyBlockedUsersApprovalLabelsCompiledOutput4207793502/001 x_amd64/compile(http block)https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha ithub/workflows .github/workflow-ifaceassert /usr/sbin/bash l .github/workflow-o DiscussionsEnabl/tmp/go-build2447389089/b409/constants.test bash --no�� ../pkg/workflow/-s .github/workflow-w x_amd64/vet l .github/workflow-C ed } } x_amd64/vet(http block)https://api.github.com/repos/githubnext/agentics/git/ref/tags//usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha t_review_comment\|issue_comment t.md n-dir/bash http.https://gitgit(http block)https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999/usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ty-test.md .cfg 64/pkg/tool/linux_amd64/vet remote.origin.urgit --local bin/bash sb/WrsaZCqRpvSTitest@example.com k/gh�� mpiledOutput4207793502/001 -f x_amd64/compile -f owner=github erignore x_amd64/compile(http block)https://api.github.com/repos/nonexistent/repo/actions/runs/12345/usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion t_review_commentgit --get ache/node/24.14.--show-toplevel 64/pkg/tool/linux_amd64/vet ache�� 561350798/.github/workflows .cfg 64/pkg/tool/linux_amd64/vet get --local x86_64/bash 64/pkg/tool/linux_amd64/vet(http block)https://api.github.com/repos/owner/repo/actions/workflows/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo /usr/local/.ghcup/bin/bash(http block)/usr/bin/gh gh workflow list --json name,state,path --repo owner/repo ker/cli-plugins/docker-compose .github/workflow/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet .github/workflow-unsafeptr=false ed } } ker/cli-plugins//tmp/go-build2447389089/b229/vet.cfg n-me�� on' --ignore-path ../../../.pret.prettierignore .github/workflows/blog-auditor.l--log-level=error /opt/hostedtoolcache/node/24.14.0/x64/bin/bash .github/workflow/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet .github/workflow-atomic ed } } bash(http block)https://api.github.com/repos/owner/repo/contents/file.md/tmp/go-build2447389089/b400/cli.test /tmp/go-build2447389089/b400/cli.test -test.testlogfile=/tmp/go-build2447389089/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true(http block)https://api.github.com/repos/test-owner/test-repo/actions/secrets/usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name ort-reduce-skipp-p -lname me: String!) { -lang=go1.25 -exec touch ed } } bash --no�� ithub/workflows(http block)If you need me to access, download, or install something from one of these locations, you can either:
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.