From a76c21ac32db6a328e362f1e5159e9287670f0c1 Mon Sep 17 00:00:00 2001 From: Daniel Gee Date: Sat, 23 May 2026 21:56:22 +0100 Subject: [PATCH 1/3] fix: replace actions/setup-copilot with npm install for Copilot CLI actions/setup-copilot@v0.0.5 does not exist, causing the workflow to fail immediately on every run since it was created. Replace with the correct installation method per the GitHub docs: npm install -g @github/copilot Also use \ instead of /tmp for the prompt temp file, which is more portable and follows GitHub Actions best practices. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/dependency-update.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index ba2c5426..9b75ed83 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -84,8 +84,8 @@ jobs: - name: Enable pnpm via Corepack run: corepack enable pnpm - - name: Setup Copilot CLI - uses: actions/setup-copilot@v0.0.5 + - name: Install Copilot CLI + run: npm install -g @github/copilot - name: Create or update dependency PRs with Copilot env: @@ -103,7 +103,7 @@ jobs: PROMPT_GHA_DISCOVERY_SCOPE: actions and reusable workflows PROMPT_PRERELEASE_POLICY: Consider prerelease versions only when the current version is prerelease; otherwise prefer stable releases. run: | - cat > /tmp/copilot-prompt.txt < "$RUNNER_TEMP/copilot-prompt.txt" < Date: Sat, 23 May 2026 22:07:10 +0100 Subject: [PATCH 2/3] fix: pin @github/copilot version and add --ignore-scripts flag Pin npm global install to @github/copilot@1.0.51 to address SonarCloud S8543 (unlocked dependency versions) and add --ignore-scripts flag to address S6505 (shell script execution risk). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/dependency-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 9b75ed83..af928901 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -85,7 +85,7 @@ jobs: run: corepack enable pnpm - name: Install Copilot CLI - run: npm install -g @github/copilot + run: npm install -g --ignore-scripts @github/copilot@1.0.51 - name: Create or update dependency PRs with Copilot env: From 3729cfa3f340615cd87c2c2e037f59a213fb0251 Mon Sep 17 00:00:00 2001 From: Daniel Gee Date: Sat, 23 May 2026 22:26:38 +0100 Subject: [PATCH 3/3] chore: pin @github/copilot to major version only Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/dependency-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index af928901..cda369c0 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -85,7 +85,7 @@ jobs: run: corepack enable pnpm - name: Install Copilot CLI - run: npm install -g --ignore-scripts @github/copilot@1.0.51 + run: npm install -g --ignore-scripts @github/copilot@1 - name: Create or update dependency PRs with Copilot env: