From 88ca7126d894c60ccbdd99db12af76737e60229d Mon Sep 17 00:00:00 2001 From: Sasa Junuzovic Date: Sat, 14 Mar 2026 23:09:11 -0700 Subject: [PATCH] fix: add bots under on: for review-responder and quality-gate activation Move bots: under on: so the compiler emits GH_AW_ALLOWED_BOTS in the lock file. The check_membership.cjs script checks allowed bots alongside required roles, letting the Copilot reviewer bot bypass the role gate. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/quality-gate.lock.yml | 7 ++++++- .github/workflows/quality-gate.md | 3 +-- .github/workflows/review-responder.lock.yml | 7 ++++++- .github/workflows/review-responder.md | 3 +-- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.github/workflows/quality-gate.lock.yml b/.github/workflows/quality-gate.lock.yml index fa419b9..2c6b82f 100644 --- a/.github/workflows/quality-gate.lock.yml +++ b/.github/workflows/quality-gate.lock.yml @@ -22,10 +22,12 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"ddc05091f49326139f57d76d51f5e1ffe03bb0a8641f3429620707b82986dede","compiler_version":"v0.58.1","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"647d1032017ffb27629b128c73d927ea4e89450a4076e7f85b72d1209d2ff086","compiler_version":"v0.58.1","strict":true} name: "Quality Gate" "on": + # bots: # Bots processed as bot check in pre-activation job + # - copilot-pull-request-reviewer # Bots processed as bot check in pre-activation job pull_request_review: types: - submitted @@ -109,6 +111,8 @@ jobs: - name: Compute current body text id: sanitized uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + env: + GH_AW_ALLOWED_BOTS: copilot-pull-request-reviewer with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -1109,6 +1113,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: copilot-pull-request-reviewer with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/quality-gate.md b/.github/workflows/quality-gate.md index d69bfe7..4015286 100644 --- a/.github/workflows/quality-gate.md +++ b/.github/workflows/quality-gate.md @@ -2,8 +2,7 @@ on: pull_request_review: types: [submitted] - -bots: [copilot-pull-request-reviewer] + bots: [copilot-pull-request-reviewer] permissions: contents: read diff --git a/.github/workflows/review-responder.lock.yml b/.github/workflows/review-responder.lock.yml index 0c65146..dbe3922 100644 --- a/.github/workflows/review-responder.lock.yml +++ b/.github/workflows/review-responder.lock.yml @@ -22,10 +22,12 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"f329f5594237e4fd0f76a7084061068ff2df6b6b4f8923e1c36854073ae4af63","compiler_version":"v0.58.1","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"2e65899aae74e70bf5713c338461409a657ef2cb0e8a398496baa554fa51d636","compiler_version":"v0.58.1","strict":true} name: "Review Responder" "on": + # bots: # Bots processed as bot check in pre-activation job + # - copilot-pull-request-reviewer # Bots processed as bot check in pre-activation job pull_request_review: types: - submitted @@ -109,6 +111,8 @@ jobs: - name: Compute current body text id: sanitized uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + env: + GH_AW_ALLOWED_BOTS: copilot-pull-request-reviewer with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -1209,6 +1213,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_REQUIRED_ROLES: admin,maintainer,write + GH_AW_ALLOWED_BOTS: copilot-pull-request-reviewer with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/review-responder.md b/.github/workflows/review-responder.md index 4942c59..9df90c1 100644 --- a/.github/workflows/review-responder.md +++ b/.github/workflows/review-responder.md @@ -2,8 +2,7 @@ on: pull_request_review: types: [submitted] - -bots: [copilot-pull-request-reviewer] + bots: [copilot-pull-request-reviewer] permissions: contents: read