Support for Contributions of Agentic Workflows#786
Support for Contributions of Agentic Workflows#786brunoborges wants to merge 6 commits intogithub:stagedfrom
Conversation
Add support for contributing Agentic Workflows — AI-powered repository automations that run coding agents in GitHub Actions, defined in markdown with natural language instructions (https://github.github.com/gh-aw). Changes: - Create workflows/ directory for community-contributed workflows - Add workflow metadata parsing (yaml-parser.mjs) - Add workflow README generation (update-readme.mjs, constants.mjs) - Add workflow data to website generation (generate-website-data.mjs) - Update README.md, CONTRIBUTING.md, and AGENTS.md with workflow docs, contributing guidelines, and code review checklists Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds validate-agentic-workflows.yml that runs on PRs touching workflows/. Uses gh-aw CLI setup action to install the compiler, then runs 'gh aw compile --validate' on each workflow .md file. Posts a sticky PR comment with fix instructions on failure. Also adds workflows/** to validate-readme.yml path triggers so README tables are regenerated when workflows change. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Prevents contributors from pushing compiled YAML (.yml, .yaml, .lock.yml) or .github/ directories into the workflows/ directory. Only .md markdown source files are accepted — compilation happens downstream via gh aw compile. This is a security measure to prevent malicious GitHub Actions code from being introduced through contributed agentic workflows. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Workflows are now standalone .md files in workflows/ — no subfolders or README.md needed. Each file contains both the metadata frontmatter (name, description, triggers, tags) and the agentic workflow definition (on, permissions, safe-outputs) in a single file. Updated all build scripts, CI workflows, docs, and review checklists. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Merges the two separate action workflows (block-workflow-yaml.yml and validate-agentic-workflows.yml) into a single validate-agentic-workflows-pr.yml with two jobs: check-forbidden-files runs first, then compile-workflows runs only if the file check passes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds first-class repository support for community-contributed Agentic Workflows (markdown-defined automations for gh-aw), integrating them into the build/readme generation, website data generation, CI validation, and contribution docs.
Changes:
- Introduces a new
workflows/resource type (flat.mdfiles) with metadata parsing and README generation. - Extends website data/search index generation to include workflows and emits
workflows.json. - Adds PR-time CI validation for workflow contributions and updates docs/templates to include workflows.
Reviewed changes
Copilot reviewed 11 out of 12 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| workflows/.gitkeep | Ensures the new workflows/ directory exists in git. |
| eng/yaml-parser.mjs | Adds parseWorkflowMetadata() for workflow frontmatter parsing. |
| eng/update-readme.mjs | Generates docs/README.workflows.md via a new workflows section builder. |
| eng/generate-website-data.mjs | Generates workflows metadata, adds workflows to search index, and writes workflows.json. |
| eng/constants.mjs | Adds WORKFLOWS_DIR and new README template snippets for workflows. |
| docs/README.workflows.md | New generated documentation page for workflows (currently empty state). |
| README.md | Adds workflows to the main README navigation and repo structure/docs. |
| CONTRIBUTING.md | Adds contribution guidance and an example workflow file format. |
| AGENTS.md | Documents workflow file expectations and adds a review checklist for workflows. |
| .github/workflows/validate-readme.yml | Triggers README validation when workflows/** changes. |
| .github/workflows/validate-agentic-workflows-pr.yml | New CI workflow to block forbidden files and validate workflows with gh aw compile --validate. |
| .github/pull_request_template.md | Adds “agentic workflow” as a contribution type and checklist item. |
Comments suppressed due to low confidence (1)
.github/workflows/validate-agentic-workflows-pr.yml:112
- Same as earlier: commenting on PRs from forks will usually fail under
pull_requestdue to missing write permissions. Please guard this step with a permission check (likevalidate-readme.ymldoes) so validation failures still surface without the workflow erroring while trying to comment.
- name: Comment on PR if compilation failed
if: failure()
uses: marocchino/sticky-pull-request-comment@v2
with:
header: workflow-validation
| // Extract triggers from frontmatter if present | ||
| const triggers = frontmatter.triggers || []; | ||
|
|
||
| return { | ||
| name: frontmatter.name, | ||
| description: frontmatter.description, | ||
| triggers, | ||
| tags: frontmatter.tags || [], | ||
| path: filePath, |
There was a problem hiding this comment.
frontmatter.triggers is treated as an array downstream (e.g., .length/.join() in README generation and .forEach() in website data). If a contributor provides a scalar (e.g., triggers: schedule) this will throw at build time. Normalize/validate here (e.g., Array.isArray(frontmatter.triggers) ? frontmatter.triggers : []) and consider warning when the type is invalid.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| # Check for YAML/lock files in workflows/ and any .github/ modifications | ||
| forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \ | ||
| 'workflows/**/*.yml' \ | ||
| 'workflows/**/*.yaml' \ | ||
| 'workflows/**/*.lock.yml' \ | ||
| '.github/*' \ | ||
| '.github/**') |
There was a problem hiding this comment.
The forbidden-file check relies on origin/${{ github.base_ref }}...HEAD and --diff-filter=ACM. In Actions this ref can be missing/ambiguous depending on checkout mode, and the filter also ignores deletions/renames. Consider diffing ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} (or ${{ github.event.pull_request.base.sha }}...${{ github.sha }}) and either removing --diff-filter or including D/R so forbidden deletions/renames are also caught. Also, this currently only blocks *.yml/*.yaml/*.lock.yml under workflows/**; the PR description says all such files should be rejected for workflow contributions—please align implementation and docs.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - name: Comment on PR | ||
| if: failure() | ||
| uses: marocchino/sticky-pull-request-comment@v2 | ||
| with: |
There was a problem hiding this comment.
This PR-commenting step runs unconditionally on failure, but pull_request workflows from forks typically don't have permission to write PR comments, which will make the job fail noisily. Mirror the pattern used in validate-readme.yml (gate on github.event.pull_request.head.repo.permissions.push == true, and otherwise log the message to the workflow output).
This issue also appears on line 108 of the same file.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install gh-aw CLI | ||
| uses: github/gh-aw/actions/setup-cli@main |
There was a problem hiding this comment.
github/gh-aw/actions/setup-cli@main is a moving ref. Pin to a tagged release or a commit SHA to reduce supply-chain risk and improve reproducibility of CI runs.
| uses: github/gh-aw/actions/setup-cli@main | |
| uses: github/gh-aw/actions/setup-cli@v1.0.0 |
There was a problem hiding this comment.
@aaronpowell are we ok with using main from a GitHub Inc. maintained action?
1 participant
Summary
Makes this project welcoming to users who want to contribute their own Agentic Workflows — AI-powered repository automations that run coding agents in GitHub Actions, defined in markdown with natural language instructions.
Changes
workflows/directory for community-contributed agentic workflows (flat.mdfiles)validate-agentic-workflows-pr.yml) with two jobs:.yml,.yaml,.lock.yml, and.github/modificationsgh aw compile --validateon each workflow.mdfilevalidate-readme.ymlupdated to trigger onworkflows/**changesType of Contribution