Skip to content

Add allowed-files to aw-auto-update for gh-aw managed files#19656

Merged
T-Gro merged 4 commits intomainfrom
copilot/fix-agentic-workflow-auto-update-again
May 4, 2026
Merged

Add allowed-files to aw-auto-update for gh-aw managed files#19656
T-Gro merged 4 commits intomainfrom
copilot/fix-agentic-workflow-auto-update-again

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 28, 2026
edited
Loading

The auto-update workflow fails with a protected-files error because gh aw upgrade / gh aw compile modify files under .github/agents/, .github/aw/, and .github/workflows/*.lock.yml that aren't listed in allowed-files.

  • Added allowed-files globs to both create-pull-request and push-to-pull-request-branch safe-outputs covering all paths gh aw can touch:
    • .github/workflows/*.md — source workflows (codemods from upgrade)
    • .github/workflows/*.lock.yml — compiled lock files
    • .github/workflows/shared/** — shared components
    • .github/aw/**actions-lock.json and config
    • .github/agents/** — agent instruction files
  • Added protected-files: fallback-to-issue as a safety net for unexpected protected file changes

Copilot AI linked an issue Apr 28, 2026 that may be closed by this pull request
[aw] Agentic Workflow Auto-Update failed #19626
Closed
@T-Gro
Add allowed-files to aw-auto-update safe-outputs for gh-aw managed files
0c9a6e1 
The auto-update workflow was failing with "protected files" error because
it tried to modify .github/agents/, .github/aw/, and .github/workflows/*.lock.yml
files without having them listed in allowed-files.

Add allowed-files patterns covering all files that gh aw upgrade/compile
can touch, and add protected-files: fallback-to-issue as safety net.

Agent-Logs-Url: https://github.com/dotnet/fsharp/sessions/59195935-8f4a-4404-a7cd-6f3dd8425890

Co-authored-by: T-Gro <46543583+T-Gro@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix agentic workflow auto-update failure due to protected files Add allowed-files to aw-auto-update for gh-aw managed files Apr 28, 2026
Copilot AI requested a review from T-Gro April 28, 2026 08:55
@T-Gro
Copy link
Copy Markdown
Member

T-Gro commented Apr 28, 2026

@copilot : You forgot to gh aw compile , a must for the workflow.

@T-Gro T-Gro marked this pull request as ready for review April 28, 2026 10:00
@T-Gro T-Gro requested a review from a team as a code owner April 28, 2026 10:00
@T-Gro T-Gro requested a review from abonie April 28, 2026 10:00
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 28, 2026

✅ No release notes required

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 28, 2026

@copilot : You forgot to gh aw compile , a must for the workflow.

Ran gh aw compile aw-auto-update — lock file and actions-lock.json regenerated in 14e563d.

Copilot AI requested a review from T-Gro April 28, 2026 10:11
@github-project-automation github-project-automation Bot moved this from New to In Progress in F# Compiler and Tooling Apr 29, 2026
@T-Gro
Merge remote-tracking branch 'origin/main' into copilot/fix-agentic-w…
0872184 
…orkflow-auto-update-again

# Conflicts:
#	.github/workflows/aw-auto-update.lock.yml
@T-Gro T-Gro merged commit 8b756c1 into main May 4, 2026
4 checks passed
@github-project-automation github-project-automation Bot moved this from In Progress to Done in F# Compiler and Tooling May 4, 2026
@T-Gro T-Gro deleted the copilot/fix-agentic-workflow-auto-update-again branch May 4, 2026 07:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abonie abonie abonie approved these changes

@T-Gro T-Gro Awaiting requested review from T-Gro

Assignees

@T-Gro T-Gro

Copilot code review Copilot

Labels

None yet

Projects

F# Compiler and Tooling
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[aw] Agentic Workflow Auto-Update failed

3 participants

@T-Gro @abonie