fix(workflows): skip-don't-fail panel label gate; bump gh-aw v0.68.3 -> v0.71.1#1030
Merged
danielmeppiel merged 2 commits intomainfrom Apr 29, 2026
Merged
Conversation
…-> v0.71.1 Replace the on.steps: 'exit 1' label-name guards in pr-review-panel and triage-panel with top-level frontmatter 'if:' fields. gh-aw propagates top-level 'if:' to BOTH the pre_activation and activation jobs, so unmatched label events now render as a clean gray Skipped status instead of red Failed (which was polluting the CI dashboard on every PR labeled with anything other than 'panel-review', and on every issue labeled with anything other than 'status/needs-triage'). Workaround for the lack of native label-name filtering on pull_request_target / issues 'labeled' triggers. Both .md files now carry a TODO marker pointing at github/gh-aw ADR-28737, which adds a first-class 'on.labels:' filter (committed 2026-04-27, post-v0.71.1, not yet released). Once released, both gates can collapse to 'on.labels: [<name>]'. Also bump gh-aw v0.68.3 -> v0.71.1 (latest released) and recompile all workflows. Other lock.yml files and agentics-maintenance.yml change only because of the setup-action SHA bump and the regenerated maintenance-workflow template; no behavioural change there. Repro of the original noise: https://github.com/microsoft/apm/actions/runs/25089778042 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the agentic panel workflows to skip (not fail) when the triggering label does not match, and recompiles the repository’s gh-aw generated workflows after upgrading gh-aw v0.68.3 -> v0.71.1.
Changes:
- Move panel label gating from failing
on.stepsshell gates to workflow-level frontmatterif:conditions (Skipped instead of Failed). - Recompile gh-aw generated workflows/lockfiles with gh-aw v0.71.1 (including regenerated maintenance workflow output).
- Update
.github/aw/actions-lock.jsonentries for the bumped gh-aw actions and additional actions.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/triage-panel.md | Switch label gate to top-level if: to skip unmatched issues.labeled events. |
| .github/workflows/triage-panel.lock.yml | Regenerated lockfile for gh-aw v0.71.1; includes new gating and other template changes. |
| .github/workflows/pr-review-panel.md | Switch label gate to top-level if: to skip unmatched pull_request_target.labeled events. |
| .github/workflows/pr-review-panel.lock.yml | Regenerated lockfile for gh-aw v0.71.1; includes new gating and other template changes. |
| .github/workflows/daily-test-improver.lock.yml | Regenerated lockfile for gh-aw v0.71.1. |
| .github/workflows/daily-doc-updater.lock.yml | Regenerated lockfile for gh-aw v0.71.1. |
| .github/workflows/cli-consistency-checker.lock.yml | Regenerated lockfile for gh-aw v0.71.1. |
| .github/workflows/agentics-maintenance.yml | Regenerated gh-aw maintenance workflow (new operations + bumped setup/setup-cli). |
| .github/aw/actions-lock.json | Updates action tag->SHA mappings used by the repo’s gh-aw workflow pinning. |
Copilot's findings
- Files reviewed: 9/9 changed files
- Comments generated: 4
| AW_APM_LEGACY_OWNER: ${{ github.aw.import-inputs.owner }} | ||
| AW_APM_LEGACY_PRIVATE_KEY: ${{ github.aw.import-inputs.private-key }} | ||
| AW_APM_LEGACY_REPOS: ${{ github.aw.import-inputs.repositories }} | ||
| AW_APM_PACKAGES: "[microsoft/apm#main]" |
There was a problem hiding this comment.
AW_APM_PACKAGES is set to "[microsoft/apm#main]", which is not valid JSON. The apm-prep step passes this through jq --argjson packages, so this will fail to parse and abort the workflow. Set this env var to a valid JSON array string (e.g., include quotes around the package entry) or source it from github.aw.import-inputs.packages in JSON form.
Suggested change
| AW_APM_PACKAGES: "[microsoft/apm#main]" | |
| AW_APM_PACKAGES: '["microsoft/apm#main"]' |
| AW_APM_LEGACY_OWNER: ${{ github.aw.import-inputs.owner }} | ||
| AW_APM_LEGACY_PRIVATE_KEY: ${{ github.aw.import-inputs.private-key }} | ||
| AW_APM_LEGACY_REPOS: ${{ github.aw.import-inputs.repositories }} | ||
| AW_APM_PACKAGES: "[microsoft/apm#main]" |
There was a problem hiding this comment.
AW_APM_PACKAGES is set to "[microsoft/apm#main]", which is not valid JSON. Since apm-prep uses jq --argjson packages "$packages_json", this will error and stop the workflow. Update it to a valid JSON array string (quote the element) or use github.aw.import-inputs.packages in JSON form.
Suggested change
| AW_APM_PACKAGES: "[microsoft/apm#main]" | |
| AW_APM_PACKAGES: '["microsoft/apm#main"]' |
Comment on lines
63
to
67
| "ruby/setup-ruby@v1.301.0": { | ||
| "repo": "ruby/setup-ruby", | ||
| "version": "v1.301.0", | ||
| "sha": "4c56a21280b36d862b5fc31348f463d60bdc55d5" | ||
| } |
There was a problem hiding this comment.
This action lock file is missing entries for actions that the regenerated workflows now reference by version tag (e.g. actions/setup-node@v6.4.0 and ruby/setup-ruby@v1.305.0), and it still pins ruby/setup-ruby@v1.301.0. If gh aw compile uses .github/aw/actions-lock.json for tag->SHA resolution, a future recompile could drift or fail. Add/update entries so the versions here match what the .lock.yml workflows are using.
Comment on lines
+857
to
862
| mkdir -p "${RUNNER_TEMP}/gh-aw/mcp-config" | ||
|
|
||
| # Export gateway environment variables for MCP config and gateway script | ||
| export MCP_GATEWAY_PORT="80" | ||
| export MCP_GATEWAY_PORT="8080" | ||
| export MCP_GATEWAY_DOMAIN="host.docker.internal" | ||
| MCP_GATEWAY_API_KEY=$(openssl rand -base64 45 | tr -d '/+=') |
There was a problem hiding this comment.
PR description says workflows other than the two panels have only a setup-action SHA bump and maintenance template regen, but this lock file includes runtime behavior changes (e.g., MCP gateway port changed from 80 to 8080, plus other regenerated steps/env). Either update the PR description to reflect these behavioral diffs, or confirm/restrict the recompile output so non-panel workflows remain unchanged as stated.
Resolved conflicts in generated files by taking main's versions, then re-running 'gh aw compile' to re-apply the panel/triage label-gate 'if:' fields and re-bump setup-cli SHA to v0.71.1. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Apr 29, 2026
danielmeppiel
pushed a commit
that referenced
this pull request
Apr 29, 2026
Promotes [Unreleased] -> [0.11.0] - 2026-04-29 and bumps pyproject.toml + uv.lock to 0.11.0. Version-bump rationale: 0.11.0 (minor bump) chosen over 0.10.1 because this release ships one BREAKING removal (`apm marketplace build` -> exits 2, use `apm pack`) plus several net-new features (Dev Container Feature, Codex project-scoped MCP, `marketplace:` block in apm.yml, `apm pack` unification, multi-org `apps[]`). Strict semver in 0.x: minor for features-with-break, patch only for bugfixes. Milestone admin (done out-of-band): - Renamed milestone #8 `0.10.1` -> `0.11.0` - Created milestone #9 `0.12.0` as next-up bucket - Moved 43 open items (42 issues + 1 open PR #999) from `0.11.0` -> `0.12.0` - 6 closed items stay in `0.11.0` PRs shipping in 0.11.0 (22 commits since v0.10.0): User-facing features: - #1042/#722 `apm pack` unifies bundle + marketplace.json (BREAKING: `apm marketplace build` removed) - #1038 `marketplace:` block in apm.yml + `apm marketplace migrate` - #803 /#502 Codex project-scoped MCP (`.codex/config.toml`) + user-scope primitives - #861 Dev Container Feature `ghcr.io/microsoft/apm/apm-cli` - #982/#984 shared/apm.md `apps:` array for cross-org private packages - #820 `target:` in apm.yml validates at parse time - #1032 `apm marketplace add` honors manifest.name (Claude Code parity) - #1000/#998/#994 unified `--policy` / `--policy-source` accepted forms User-facing fixes: - #1015 ADO Entra ID auth + `apm install --update` pre-flight abort - #1019/#1020 GEMINI.md only created when target requested - #1008 marketplace producer respects GITHUB_HOST + multi-host URL forms - #1018 POSIX paths in auto-discovery output (Windows compat) - #996 drop stray 'specify' from generated file footer Maintainer tooling: - #1043 NOTICE.md per CELA template - #1045/#1044 NOTICE drift gate + license-policy gate in CI - #1033 shared/apm.md `[a b]` import-input repair (gh-aw#29076 paper-cut) - #1030 panel workflows skip-don't-fail on unmatched labels; gh-aw v0.71.1 - #1026 shared/apm.md recompiled to apm-action v1.5.0 + bundles-file - #1022 review-panel: true fan-out + binary verdict + label automation - #918 complexity audit + benchmarks suite - #1002 CodeQL clear-text-storage false-positive resolved (token -> placeholder) Files changed: - pyproject.toml: 0.10.0 -> 0.11.0 - uv.lock: regenerated (version field only) - CHANGELOG.md: [Unreleased] promoted to [0.11.0] - 2026-04-29 NOTICE drift check passes against the bumped lockfile. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
danielmeppiel
pushed a commit
that referenced
this pull request
Apr 29, 2026
Promotes [Unreleased] -> [0.11.0] - 2026-04-29 and bumps pyproject.toml + uv.lock to 0.11.0. Version-bump rationale: 0.11.0 (minor bump) chosen over 0.10.1 because this release ships one BREAKING removal (`apm marketplace build` -> exits 2, use `apm pack`) plus several net-new features (Dev Container Feature, Codex project-scoped MCP, `marketplace:` block in apm.yml, `apm pack` unification, multi-org `apps[]`). Strict semver in 0.x: minor for features-with-break, patch only for bugfixes. Milestone admin (done out-of-band): - Renamed milestone #8 `0.10.1` -> `0.11.0` - Created milestone #9 `0.12.0` as next-up bucket - Moved 43 open items (42 issues + 1 open PR #999) from `0.11.0` -> `0.12.0` - 6 closed items stay in `0.11.0` PRs shipping in 0.11.0 (22 commits since v0.10.0): User-facing features: - #1042/#722 `apm pack` unifies bundle + marketplace.json (BREAKING: `apm marketplace build` removed) - #1038 `marketplace:` block in apm.yml + `apm marketplace migrate` - #803 /#502 Codex project-scoped MCP (`.codex/config.toml`) + user-scope primitives - #861 Dev Container Feature `ghcr.io/microsoft/apm/apm-cli` - #982/#984 shared/apm.md `apps:` array for cross-org private packages - #820 `target:` in apm.yml validates at parse time - #1032 `apm marketplace add` honors manifest.name (Claude Code parity) - #1000/#998/#994 unified `--policy` / `--policy-source` accepted forms User-facing fixes: - #1015 ADO Entra ID auth + `apm install --update` pre-flight abort - #1019/#1020 GEMINI.md only created when target requested - #1008 marketplace producer respects GITHUB_HOST + multi-host URL forms - #1018 POSIX paths in auto-discovery output (Windows compat) - #996 drop stray 'specify' from generated file footer Maintainer tooling: - #1043 NOTICE.md per CELA template - #1045/#1044 NOTICE drift gate + license-policy gate in CI - #1033 shared/apm.md `[a b]` import-input repair (gh-aw#29076 paper-cut) - #1030 panel workflows skip-don't-fail on unmatched labels; gh-aw v0.71.1 - #1026 shared/apm.md recompiled to apm-action v1.5.0 + bundles-file - #1022 review-panel: true fan-out + binary verdict + label automation - #918 complexity audit + benchmarks suite - #1002 CodeQL clear-text-storage false-positive resolved (token -> placeholder) Files changed: - pyproject.toml: 0.10.0 -> 0.11.0 - uv.lock: regenerated (version field only) - CHANGELOG.md: [Unreleased] promoted to [0.11.0] - 2026-04-29 NOTICE drift check passes against the bumped lockfile. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
danielmeppiel
added a commit
that referenced
this pull request
Apr 29, 2026
* chore(release): cut 0.11.0 Promotes [Unreleased] -> [0.11.0] - 2026-04-29 and bumps pyproject.toml + uv.lock to 0.11.0. Version-bump rationale: 0.11.0 (minor bump) chosen over 0.10.1 because this release ships one BREAKING removal (`apm marketplace build` -> exits 2, use `apm pack`) plus several net-new features (Dev Container Feature, Codex project-scoped MCP, `marketplace:` block in apm.yml, `apm pack` unification, multi-org `apps[]`). Strict semver in 0.x: minor for features-with-break, patch only for bugfixes. Milestone admin (done out-of-band): - Renamed milestone #8 `0.10.1` -> `0.11.0` - Created milestone #9 `0.12.0` as next-up bucket - Moved 43 open items (42 issues + 1 open PR #999) from `0.11.0` -> `0.12.0` - 6 closed items stay in `0.11.0` PRs shipping in 0.11.0 (22 commits since v0.10.0): User-facing features: - #1042/#722 `apm pack` unifies bundle + marketplace.json (BREAKING: `apm marketplace build` removed) - #1038 `marketplace:` block in apm.yml + `apm marketplace migrate` - #803 /#502 Codex project-scoped MCP (`.codex/config.toml`) + user-scope primitives - #861 Dev Container Feature `ghcr.io/microsoft/apm/apm-cli` - #982/#984 shared/apm.md `apps:` array for cross-org private packages - #820 `target:` in apm.yml validates at parse time - #1032 `apm marketplace add` honors manifest.name (Claude Code parity) - #1000/#998/#994 unified `--policy` / `--policy-source` accepted forms User-facing fixes: - #1015 ADO Entra ID auth + `apm install --update` pre-flight abort - #1019/#1020 GEMINI.md only created when target requested - #1008 marketplace producer respects GITHUB_HOST + multi-host URL forms - #1018 POSIX paths in auto-discovery output (Windows compat) - #996 drop stray 'specify' from generated file footer Maintainer tooling: - #1043 NOTICE.md per CELA template - #1045/#1044 NOTICE drift gate + license-policy gate in CI - #1033 shared/apm.md `[a b]` import-input repair (gh-aw#29076 paper-cut) - #1030 panel workflows skip-don't-fail on unmatched labels; gh-aw v0.71.1 - #1026 shared/apm.md recompiled to apm-action v1.5.0 + bundles-file - #1022 review-panel: true fan-out + binary verdict + label automation - #918 complexity audit + benchmarks suite - #1002 CodeQL clear-text-storage false-positive resolved (token -> placeholder) Files changed: - pyproject.toml: 0.10.0 -> 0.11.0 - uv.lock: regenerated (version field only) - CHANGELOG.md: [Unreleased] promoted to [0.11.0] - 2026-04-29 NOTICE drift check passes against the bumped lockfile. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(changelog): tighten 0.11.0 entries to lead with user impact Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(changelog): move Dev Container Feature to Maintainer tooling (not yet published) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(changelog): de-dupe within 0.11.0 (combine #722 Removed bullets, drop #820 Fixed pointer) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TL;DR
The PR Review Panel and Triage Panel workflows were marking every unrelated label event as a red ❌ Failed CI run (e.g. run #25089778042 — labelled with
testing, notpanel-review). Replace theon.steps:exit 1gates with top-level frontmatterif:fields so unmatched events now appear as gray ⊘ Skipped instead. Also bumpsgh-awv0.68.3 → v0.71.1.Why
Both panels filter on a specific trigger label (
panel-reviewfor PRs,status/needs-triagefor issues).gh-awv0.68.x doesn't exposenames:onpull_request_target/issues, so the previous design enforced the filter via a pre-activation step that calledexit 1for non-matching labels. That correctly stopped the pipeline at the cheapest point, but it marked the wholepre_activationjob as Failed — polluting the CI dashboard with a red ❌ on every PR / issue labelled with anything else.Recent triage-panel runs: 4 of the 5 most recent finished as failures purely from this gate.
What
pr-review-panel.md+triage-panel.md: removed theon.steps:label-gate steps; replaced with top-level frontmatterif:expressions.gh-awpropagates the top-levelif:to both thepre_activationandactivationjobs (source), so unmatched events skip both jobs cleanly — gray ⊘ Skipped status, no failed check, no runner cold-start, no agent quota burn.gh-awv0.68.3 → v0.71.1 (latest released):gh aw compileregenerated all 5 lock.yml files plusagentics-maintenance.yml; the diff in workflows other than the two panels is purely thesetup-action SHA bump and the regenerated maintenance-workflow template — no behavioural change.How (verification)
pr-review-panel.lock.ymlafter recompile:activationjob):if: needs.pre_activation.outputs.activated == 'true' && (github.event_name == 'workflow_dispatch' || github.event.label.name == 'panel-review')pre_activationjob):if: ${{ github.event_name == 'workflow_dispatch' || github.event.label.name == 'panel-review' }}triage-panel.lock.ymlcarries the equivalent gate (label + bot + locked + state) on both jobs.Trade-offs
The
if:expression is more verbose in raw YAML thanon.labels: [panel-review]would be. This is a workaround for the missing native filter — both.mdfiles carry a# Replace with on.labels: [...] once gh-aw releases a version that supports it on <trigger>TODO marker pointing atgithub/gh-awADR-28737, which lands the properon.labels:filter (committed 2026-04-27, post-v0.71.1, not yet in any release). Once released, the gates collapse to one line.How to test
testing) to a PR —PR Review Panelworkflow should now appear Skipped (gray ⊘), not Failed (red ❌).panel-reviewto a PR — full panel should activate as before.workflow_dispatchshould still work for both panels.status/needs-triagelabel to an issue → Skipped; applystatus/needs-triageon an open, unlocked, human-authored issue → activates.Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com