Stale Issue Cleanup #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Stale Issue Cleanup | |
| # # Authentication | |
| # | |
| # This workflow uses two secrets: | |
| # | |
| # 1. `COPILOT_TOKEN` — a Fine-Grained Personal Access Token for Copilot model inference | |
| # | |
| # The Copilot CLI (v0.0.413+) accepts only OAuth tokens or Fine-Grained PATs | |
| # (prefix: github_pat_). Classic PATs (prefix: ghp_) are rejected with | |
| # "No authentication information found" regardless of which env var they are placed in | |
| # or whether they have the `copilot` scope. | |
| # | |
| # To create this token: | |
| # | |
| # - Go to github.com/settings/personal-access-tokens/new | |
| # - Resource owner: your personal account | |
| # - Repository access: None (no repository permissions needed) | |
| # - Expiration: set as appropriate | |
| # - Account permissions: Copilot Requests -> Read-only | |
| # - Store as `COPILOT_TOKEN` repo secret | |
| # | |
| # 2. `STALE_ISSUES_TOKEN` — a Classic PAT for GitHub CLI API calls | |
| # | |
| # Fine-Grained PATs in the microsoft org require org owner approval, so a Classic PAT | |
| # is used for org-level operations. Required scopes: | |
| # | |
| # - `read:org` — list members of the microsoft/azure-storage-explorer team | |
| # - `project` — update the Resolution field on the org-level project | |
| # - `repo` — comment on and close issues | |
| # | |
| # PATs are a temporary onboarding mechanism. For production, consider replacing with a | |
| # GitHub App token to avoid manual renewal: | |
| # | |
| # - Register a "Storage Explorer Automation" GitHub App in the microsoft org | |
| # - Grant it `members:read` and `projects:write` permissions | |
| # - Install it on this repo | |
| # - Use `actions/create-github-app-token` to generate tokens at runtime | |
| # Note: a GitHub App cannot hold a Copilot seat, so COPILOT_TOKEN will always require | |
| # a personal Fine-Grained PAT. | |
| # | |
| # # Install Step Note | |
| # | |
| # The "Install Copilot CLI" step downloads from gh.io/copilot-install, which is a public | |
| # GitHub URL that completes in ~3 seconds on GitHub-hosted runners. | |
| on: | |
| schedule: | |
| - cron: "0 9 1,15 * *" # Twice monthly | |
| workflow_dispatch: # Allow manual triggers | |
| permissions: | |
| contents: read | |
| jobs: | |
| cleanup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Copilot CLI | |
| run: | | |
| curl -fsSL https://gh.io/copilot-install | bash | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| - name: Run stale issue cleanup agent | |
| env: | |
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_TOKEN }} | |
| GH_TOKEN: ${{ secrets.STALE_ISSUES_TOKEN }} | |
| run: | | |
| copilot \ | |
| --agent issue-manager \ | |
| --prompt "Find and close stale bug issues." \ | |
| --allow-all-tools \ | |
| --share stale-cleanup-log.md | |
| - name: Upload session log | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: stale-cleanup-log-${{ github.run_id }} | |
| path: stale-cleanup-log.md | |
| retention-days: 30 |