fix: add roles: all to smoke-copilot workflow by lpcox · Pull Request #8301 · github/gh-aw-mcpg · GitHub
Skip to content

fix: add roles: all to smoke-copilot workflow#8301

Merged
lpcox merged 1 commit into
mainfrom
upgrade-gh-aw-prerelease
Jun 29, 2026
Merged

fix: add roles: all to smoke-copilot workflow#8301
lpcox merged 1 commit into
mainfrom
upgrade-gh-aw-prerelease

Conversation

@lpcox

@lpcox lpcox commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Problem

The smoke copilot workflow fails to activate when triggered via workflow_dispatch by github-actions[bot]. The pre_activation job checks the triggering actor's collaborator permissions, and github-actions[bot] has permission level none — causing the entire workflow to be skipped.

See: https://github.com/github/gh-aw-mcpg/actions/runs/28383964655

Root Cause

The smoke-copilot.md workflow source was missing roles: all in its on: block. Without it, the gh-aw compiler generates a pre_activation job that gates on collaborator permissions (admin, maintainer, or write). This isn't an issue in gh-aw-firewall because their smoke-copilot workflow already has roles: all.

Fix

Added roles: all to the frontmatter, matching the pattern used in gh-aw-firewall. This removes the pre_activation permission gate, allowing bot-triggered dispatches to proceed.

The smoke copilot workflow was failing to activate when triggered via
workflow_dispatch by github-actions[bot] because the pre_activation job
checks the actor's collaborator permissions. The bot has 'none' permission
level, causing the entire workflow to be skipped.

Adding 'roles: all' (matching gh-aw-firewall's config) removes the
pre_activation permission gate, allowing bot-triggered dispatches to
proceed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 29, 2026 21:59
GitHub Advanced Security started work on behalf of lpcox June 29, 2026 21:59 View session
GitHub Advanced Security finished work on behalf of lpcox June 29, 2026 22:00

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the gh-aw source workflow frontmatter for the Smoke Copilot workflow so that bot-triggered workflow_dispatch runs (specifically github-actions[bot]) are no longer gated by the generated collaborator-permission pre_activation job.

Changes:

  • Added roles: all under the on: frontmatter in .github/workflows/smoke-copilot.md.
  • Updated the generated lock workflow to remove the pre_activation job and its needs.* wiring from the activation job.
Show a summary per file
File Description
.github/workflows/smoke-copilot.md Adds roles: all to the workflow source frontmatter to disable collaborator-role gating.
.github/workflows/smoke-copilot.lock.yml Regenerates the compiled workflow to remove pre_activation and references to its outputs.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0
  • Review effort level: Low

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants