fix: replace actions/setup-copilot with npm install for Copilot CLI#1062
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes the failing Copilot-driven dependency update workflow by replacing a non-existent GitHub Action (actions/setup-copilot) with the documented Copilot CLI installation approach, allowing the workflow to proceed past action resolution and execute its matrix jobs.
Changes:
- Replace
uses: actions/setup-copilot@v0.0.5withnpm install -g @github/copilotto install the Copilot CLI per GitHub documentation. - Replace hardcoded
/tmpprompt file path with$RUNNER_TEMPfor portability on GitHub-hosted runners.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
13 tasks
actions/setup-copilot@v0.0.5 does not exist, causing the workflow to fail immediately on every run since it was created. Replace with the correct installation method per the GitHub docs: npm install -g @github/copilot Also use \ instead of /tmp for the prompt temp file, which is more portable and follows GitHub Actions best practices. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Pin npm global install to @github/copilot@1.0.51 to address SonarCloud S8543 (unlocked dependency versions) and add --ignore-scripts flag to address S6505 (shell script execution risk). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
dgee2
force-pushed
the
dgee2/fix-copilot-dependency-action
branch
from
5786eab to
c86fb08
Compare
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The \Dependency updates (copilot)\ workflow has been failing on every run since it was created with:
\
##[error]Unable to resolve action \�ctions/setup-copilot, not found
\\
\�ctions/setup-copilot\ is not a real GitHub Action. This caused every matrix job to fail during the action-resolution phase before any step executed.
Fix
Replace:
\\yaml
uses: actions/setup-copilot@v0.0.5
\\
with the correct installation method per the GitHub docs:
\\yaml
run: npm install -g @github/copilot
\\
The \�ctions/setup-node@v6\ step already present in the job ensures Node.js is available before this install runs.
Also replaces the hardcoded /tmp\ temp file path with \, which is the portable GitHub Actions convention.
Related
Closes #1010 (follow-up fix to PRs #1011 and #1026)