Skip to content

<empty></empty>#31197

Closed
Copilot wants to merge 2 commits into
mainfrom
copilot/aw-stale-pr-cleanup-fix
Closed

<empty></empty>#31197
Copilot wants to merge 2 commits into
mainfrom
copilot/aw-stale-pr-cleanup-fix

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 9, 2026
edited
Loading

Copilot AI linked an issue May 9, 2026 that may be closed by this pull request
[aw] Stale PR Cleanup failed #31183
Closed
@pelikhan
fix(stale-pr-cleanup): allow gh CLI usage in bash tool allowlist
59e9d14 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix workflow failure for Stale PR Cleanup Allow gh CLI in Stale PR Cleanup workflow runtime May 9, 2026
Copilot AI requested a review from pelikhan May 9, 2026 12:06
@pelikhan pelikhan marked this pull request as ready for review May 9, 2026 12:07
Copilot AI review requested due to automatic review settings May 9, 2026 12:07
Copilot AI reviewed May 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes Stale PR Cleanup workflow failures caused by the runtime tool policy blocking gh CLI usage under the bash allowlist when using github.mode: gh-proxy.

Changes:

  • Added gh * to the workflow’s tools.bash allowlist.
  • Regenerated the compiled lockfile so runtime permissions include shell(gh *).
Show a summary per file
File Description
.github/workflows/stale-pr-cleanup.md Expands bash allowlist to include gh commands.
.github/workflows/stale-pr-cleanup.lock.yml Recompiled lockfile reflecting the updated tool allowlist (adds shell(gh *)).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 1

Comment thread .github/workflows/stale-pr-cleanup.md
mode: gh-proxy
toolsets: [pull_requests, repos, issues]
bash:
- "gh *"
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 9, 2026

@copilot review all comments

The gh access is proxied and safe. Delete .github/workflows/shared/gh.md it's outdated

Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 9, 2026

@copilot review all comments

The gh access is proxied and safe. Delete .github/workflows/shared/gh.md it's outdated

I reviewed this and did not delete /home/runner/work/gh-aw/gh-aw/.github/workflows/shared/gh.md yet because it is still imported by multiple workflows (smoke-* and copilot-pr-merged-report), so removing it directly would break those workflows. If you want, I can do a follow-up migration in this PR to remove those imports and switch remaining mcpscripts-gh usage to the current gh-proxy/bash pattern, then delete the file safely.

Copilot AI changed the title Allow gh CLI in Stale PR Cleanup workflow runtime <empty></empty> May 9, 2026
@pelikhan pelikhan closed this May 9, 2026
@github-actions github-actions Bot deleted the copilot/aw-stale-pr-cleanup-fix branch May 17, 2026 03:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[aw] Stale PR Cleanup failed

3 participants

@pelikhan