fix: add Copilot actor to bots list for agent activation#72
Merged
Conversation
The pull_request_review event actor is 'Copilot' (the GitHub App), not 'copilot-pull-request-reviewer' (the review author login). check_membership.cjs compares context.actor against GH_AW_ALLOWED_BOTS, so 'Copilot' must be in the list for the activation gate to pass. Keep both identities for safety across different event types. Closes #70 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes gh-aw agent activation for Copilot-triggered pull_request_review events by allowing the GitHub App actor (Copilot) to pass the pre-activation bot allowlist, ensuring the activation and agent jobs run as intended.
Changes:
- Add
Copilotto theon.botsallowlist inreview-responder.mdandquality-gate.md. - Regenerate the corresponding compiled
.lock.ymlworkflows soGH_AW_ALLOWED_BOTSincludesCopilot.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .github/workflows/review-responder.md | Adds Copilot to the gh-aw on.bots allowlist for review responder activation. |
| .github/workflows/review-responder.lock.yml | Updates compiled workflow to include Copilot in GH_AW_ALLOWED_BOTS. |
| .github/workflows/quality-gate.md | Adds Copilot to the gh-aw on.bots allowlist for quality gate activation. |
| .github/workflows/quality-gate.lock.yml | Updates compiled workflow to include Copilot in GH_AW_ALLOWED_BOTS. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Fixes gh-aw agent workflow activation for Copilot auto-reviews by allowing the GitHub App actor (Copilot) in the permitted bots list, aligning workflow configuration with the actual pull_request_review event actor identity.
Changes:
- Add
Copilotto thebots:allowlist inreview-responder.mdandquality-gate.md. - Regenerate the compiled gh-aw workflow lockfiles so
GH_AW_ALLOWED_BOTSincludesCopilotalongsidecopilot-pull-request-reviewer.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .github/workflows/review-responder.md | Adds Copilot to the gh-aw bots allowlist for activation on pull_request_review. |
| .github/workflows/review-responder.lock.yml | Updates compiled GH_AW_ALLOWED_BOTS and metadata to include Copilot. |
| .github/workflows/quality-gate.md | Adds Copilot to the gh-aw bots allowlist for activation on pull_request_review. |
| .github/workflows/quality-gate.lock.yml | Updates compiled GH_AW_ALLOWED_BOTS and metadata to include Copilot. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Document the context.actor = 'Copilot' vs review author = 'copilot-pull-request-reviewer' distinction in agentic-workflows.md pitfalls, debugging, and history sections. Add changelog entry for the fix. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
microsasa
pushed a commit
that referenced
this pull request
Mar 15, 2026
check_membership.cjs has a bug where the error branch from a 404 (GitHub App actors are not users) exits before the bot allowlist fallback is evaluated. This makes the bots: field ineffective. Workaround: roles: all skips the permission check entirely so check_membership.cjs is not included in pre_activation. Previous attempts that didn't fix this: - PR #64: bots: at top level (ignored by compiler) - PR #65: bots: under on: (correct placement, but runtime bug) - PR #72: added Copilot to bots list (correct actor, but bot check unreachable) Tracked for removal when upstream is fixed: #74 Upstream bug: github/gh-aw#21098 Closes #75 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Mar 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
pull_request_reviewevent triggered by Copilot's auto-review hascontext.actor = 'Copilot'(the GitHub App), but our workflow bots list only containedcopilot-pull-request-reviewer(the review author login). These are different identities.check_membership.cjsin gh-aw'spre_activationjob:context.actoragainst repo roles → fails (Copilot is not a user)GH_AW_ALLOWED_BOTS→Copilotnot in[copilot-pull-request-reviewer]→ activation blockedResult:
pre_activationcompletes withsuccessbutactivatedoutput isfalse, so theactivationandagentjobs are skipped. The agent never runs.Fix
Add
Copilotto thebots:list in bothreview-responder.mdandquality-gate.md. Keepcopilot-pull-request-revieweras well for safety across different event types.Evidence
From the pre_activation logs:
Closes