Enforce gh aw compile + lock-file regeneration for agentic workflows#4298
Open
priyankatiwari08 wants to merge 2 commits into
Open
Enforce gh aw compile + lock-file regeneration for agentic workflows#4298priyankatiwari08 wants to merge 2 commits into
gh aw compile + lock-file regeneration for agentic workflows#4298priyankatiwari08 wants to merge 2 commits into
Conversation
- Add path-scoped instruction file under .github/instructions/ that applies to .github/workflows/**/*.md, so Copilot and coding agents auto-load the rule: edits to a workflow .md MUST include the regenerated sibling .lock.yml in the same PR. - Add verify-aw-lock CI workflow that runs `gh aw compile` and fails the PR if any .lock.yml is stale. Follow-up to the runtime failure seen in PR #4279.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds safeguards to ensure gh-aw agentic workflow Markdown sources under .github/workflows/**/*.md are always kept in sync with their generated .lock.yml counterparts, preventing runtime failures caused by stale lock files.
Changes:
- Adds a path-scoped Copilot instruction file that mandates running
gh aw compileand committing the regenerated.lock.ymlwhenever workflow.mdsources change. - Adds a PR CI guard workflow that recompiles agentic workflows and fails if generated
.lock.ymlfiles are stale.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.github/workflows/verify-aw-lock.yml |
New PR check that runs gh aw compile and verifies lock files are up to date. |
.github/instructions/agentic-workflows.instructions.md |
New Copilot instruction file auto-loaded for workflow .md edits/reviews to enforce regeneration rules. |
Comment on lines
+18
to
+21
| - name: Install gh-aw extension | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: gh extension install githubnext/gh-aw |
Comment on lines
+29
to
+30
| echo "::error::A .github/workflows/**/*.md file changed but its .lock.yml is stale." | ||
| echo "::error::Run 'gh aw compile' locally and commit the regenerated .lock.yml in this PR." |
- Pin gh-aw to v0.72.1 via github/gh-aw-actions/setup-cli to match the version already used by .github/workflows/copilot-setup-steps.yml, so the CI compilation matches the repo's expected compiler version and avoids spurious diffs from version drift. - Rewrite the failure message to describe the actual checked condition (lock files out of date relative to their compiled output). The previous wording wrongly implied only a .md change could trigger it, but the workflow also runs when a .lock.yml file is touched directly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Enforces that any edit to a
gh awagentic workflow (.github/workflows/**/*.md) is accompanied by its regenerated sibling.lock.ymlin the same PR.Two changes:
New path-scoped instruction file —
.github/instructions/agentic-workflows.instructions.mdapplyTo: ".github/workflows/**/*.md"so GitHub Copilot (chat, coding agent, PR review) auto-loads the rule whenever a workflow.mdis being edited or reviewed.gh aw compile+ commit-the-.lock.ymlrule, local verification steps, and a reviewer checklist.New CI guard workflow —
.github/workflows/verify-aw-lock.yml.github/workflows/**/*.mdor**/*.lock.yml.gh-aw, runsgh aw compile, and fails the PR if any.lock.ymlis stale relative to its.mdsource.Why
We hit a runtime failure in #4279 because a workflow
.mdwas edited without regenerating its.lock.yml. Documentation alone is not enough — this PR adds both an AI-readable nudge (the instruction file) and a hard CI gate (the verify workflow) so the failure mode is prevented going forward.How it works
.github/instructions/agentic-workflows.instructions.md.github/workflows/verify-aw-lock.ymlgh aw compileFollow-ups (not in this PR)
mainas a required status check.Validation
.mdworkflow)..mdwithout recompiling produces a non-zero diff ingit diff --exit-code -- '.github/workflows/**/*.lock.yml'after runninggh aw compile.