diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ac56a41742e..1dc2a6b99f02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Docs changelog +**23 February 2026** + +Added a new how-to article, [Automating tasks with Copilot CLI and GitHub Actions](https://docs.github.com/en/copilot/how-tos/copilot-cli/automate-with-actions), that walks through how to run Copilot CLI inside a GitHub Actions workflow in non-interactive (programmatic) mode. The article covers the full pattern—trigger, setup, install, authenticate, and run—and includes an example workflow that generates a daily summary of repository changes. +
+ **17 February 2026** We’ve added a new tutorial, "[Using hooks with Copilot CLI for predictable, policy-compliant execution](https://docs.github.com/en/copilot/tutorials/copilot-cli-hooks)", to help teams configure repository-scoped hooks that log prompts and tool usage, enforce guardrails with `preToolUse`, and roll out policies safely across repositories. diff --git a/content/copilot/how-tos/copilot-cli/automate-with-actions.md b/content/copilot/how-tos/copilot-cli/automate-with-actions.md new file mode 100644 index 000000000000..4b4609c68c3e --- /dev/null +++ b/content/copilot/how-tos/copilot-cli/automate-with-actions.md @@ -0,0 +1,151 @@ +--- +title: Automating tasks with Copilot CLI and GitHub Actions +shortTitle: Automate with Actions +intro: Integrate {% data variables.copilot.copilot_cli %} into your {% data variables.product.prodname_actions %} workflows. +product: '{% data reusables.gated-features.copilot-cli %}' +versions: + feature: copilot +topics: + - Copilot + - CLI +contentType: how-tos +category: + - Build with Copilot CLI + - Author and optimize with Copilot +--- + +You can run {% data variables.copilot.copilot_cli %} in a {% data variables.product.prodname_actions %} workflow to automate AI-powered tasks as part of your CI/CD process. For example, you can summarize recent repository activity, generate reports, or scaffold project content. {% data variables.copilot.copilot_cli %} runs on the Actions runner like any other CLI tool, so you can install it during a job and invoke it from workflow steps. + +## Understanding the workflow + +You can define a job in a {% data variables.product.prodname_actions %} workflow that: installs {% data variables.copilot.copilot_cli_short %} on the runner, authenticates it, runs it in programmatic mode, and then handles the results. Programmatic mode is designed for scripts and automation and lets you pass a prompt non-interactively. + +Workflows can follow this pattern: +1. **Trigger**: Start the workflow on a schedule, in response to repository events, or manually. +1. **Setup**: Checkout code, set up environment. +1. **Install**: Install {% data variables.copilot.copilot_cli %} on the runner. +1. **Authenticate**: Ensure the CLI has the necessary permissions to access the repository and make changes. +1. **Run {% data variables.copilot.copilot_cli_short %}**: Invoke {% data variables.copilot.copilot_cli_short %} with a prompt describing the task you want to automate. + +The following workflow generates a daily summary of repository changes and prints the summary to the workflow logs. + +```yaml copy +name: Daily summary +on: + workflow_dispatch: + # Daily at 8:25 UTC + schedule: + - cron: '25 8 * * *' +permissions: + contents: read +jobs: + daily-summary: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: {% data reusables.actions.action-checkout %} + + - name: Set up Node.js environment + uses: {% data reusables.actions.action-setup-node %} + + - name: Install Copilot CLI + run: npm install -g @github/copilot + + - name: Run Copilot CLI + env: + {% raw %}COPILOT_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}{% endraw %} + run: | + TODAY=$(date +%Y-%m-%d) + copilot -p "Review the git log for this repository and write a bullet point summary of all code changes that were made today ($TODAY). Include a brief description of what was changed." +``` + +## Trigger + +In this example, the workflow runs on a daily schedule and can also be triggered manually. + +`The workflow_dispatch` trigger lets you run the workflow manually from the Actions tab, which is useful when testing changes to your prompt or workflow configuration. + +The `schedule` trigger runs the workflow automatically at a specified time using cron syntax. + +```yaml copy +on: + # Allows manual triggering of this workflow. + workflow_dispatch: + # Daily at 8:30 UTC + schedule: + - cron: '30 8 * * *' +``` + +## Setup + +Set up the job so {% data variables.copilot.copilot_cli_short %} can access your repository and run on the runner. This allows {% data variables.copilot.copilot_cli_short %} to analyze the repository context, when generating the daily summary. + +The `permissions` block defines the scope granted to the built-in `GITHUB_TOKEN`. Because this workflow reads repository data and prints a summary to the logs, it requires `contents: read`. + +```yaml copy +permissions: + contents: read +jobs: + daily-summary: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: {% data reusables.actions.action-checkout %} +``` + +## Install + +Install {% data variables.copilot.copilot_cli_short %} on the runner so your workflow can invoke it as a command. You can install {% data variables.copilot.copilot_cli %} using any supported installation method. For a full list of installation options, see [AUTOTITLE](/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli). + +In this example, the workflow installs {% data variables.copilot.copilot_cli %} globally with npm. + +```yaml copy +- name: Set up Node.js environment + uses: {% data reusables.actions.action-setup-node %} + +- name: Install Copilot CLI + run: npm install -g @github/copilot +``` + +## Authenticate + +To authenticate {% data variables.copilot.copilot_cli_short %} in a workflow, create a {% data variables.product.pat_v2 %} (PAT) with the **Copilot Requests** permission. Store the PAT as a repository secret, then pass it to the CLI using an environment variable. For more information on creating a PAT for the CLI, see [Authenticating with a {% data variables.product.pat_generic %}](/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli#authenticating-with-a-personal-access-token). + +{% data variables.copilot.copilot_cli_short %} supports multiple authentication environment variables. In this example, the workflow uses `COPILOT_GITHUB_TOKEN`, which is specific to {% data variables.copilot.copilot_cli_short %} and avoids confusion for the built-in `GITHUB_TOKEN` environment variable. + +```yaml copy +- name: Run Copilot CLI + env: + {% raw %}COPILOT_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}{% endraw %} +``` + + +## Run {% data variables.copilot.copilot_cli_short %} + +Run {% data variables.copilot.copilot_cli_short %} in programmatic mode when you want to use it in automation. +`copilot -p PROMPT` executes a prompt programmatically and exits when the command completes. + +In this workflow, {% data variables.copilot.copilot_cli_short %} references the repository content that is available in the job workspace. The command prints its response to standard output and the summary appears in the workflow logs. + +```yaml copy +- name: Run Copilot CLI + env: + {% raw %}COPILOT_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}{% endraw %} + run: | + TODAY=$(date +%Y-%m-%d) + copilot -p "Review the git log for this repository and write a bullet point summary of all code changes that were made today ($TODAY). Include a brief description of what was changed." +``` + +## Next steps + +After you confirm the workflow prints a summary to the logs, you can adapt the same pattern to other automation tasks. Start by changing the prompt you pass to `copilot -p PROMPT`, then decide what you want to do with the output. + +* Write the summary to a file so later steps can use it as input. +* Post the summary as a comment on an issue or a message in a team chat. +* Summarize requests and output a draft changelog. + +## Further reading + +* [AUTOTITLE](/copilot/reference/cli-command-reference) +* [AUTOTITLE](/copilot/reference/cli-plugin-reference) + diff --git a/content/copilot/how-tos/copilot-cli/index.md b/content/copilot/how-tos/copilot-cli/index.md index f13818fed965..a7d37bfdce80 100644 --- a/content/copilot/how-tos/copilot-cli/index.md +++ b/content/copilot/how-tos/copilot-cli/index.md @@ -10,5 +10,6 @@ children: - /set-up-copilot-cli - /customize-copilot - /use-copilot-cli + - /automate-with-actions contentType: how-tos --- diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md index a37d97af68d4..b45ffd9b7914 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md @@ -14,7 +14,7 @@ product: 'Organizations on {% data variables.product.prodname_ghe_cloud %}{% ifv {% data reusables.organizations.custom-org-roles-intro %} For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles). -If you are an organization owner or have a custom role with the "View organization roles" or "Manage custom organization roles" permissions, you can view custom roles for the organization. With {% data variables.product.prodname_ghe_cloud %} and starting from {% data variables.product.prodname_ghe_server %} 3.19, if your enterprise owner has created organization roles, these roles can be seen and assigned as well, but not edited or deleted. +If you are an organization owner or have a custom role with the "View organization roles" or "Manage custom organization roles" permissions, you can view custom roles for the organization.{% ifversion ent-owner-custom-org-roles %} If your enterprise owner has created organization roles, these roles can be seen and assigned as well, but not edited or deleted.{% endif %} To find the "Custom roles" page, you can follow the first steps in [Creating a custom role](#creating-a-custom-role). The exact steps will vary depending on which other settings page you have access to. diff --git a/data/reusables/enterprise-onboarding/create-custom-roles.md b/data/reusables/enterprise-onboarding/create-custom-roles.md index 8ee9278832f2..56ef235e6d08 100644 --- a/data/reusables/enterprise-onboarding/create-custom-roles.md +++ b/data/reusables/enterprise-onboarding/create-custom-roles.md @@ -1,5 +1,3 @@ ->[!NOTE] The ability for enterprise owners to create custom roles for an organization or enterprise is in public preview and subject to change. - To tailor access management to your company's needs, you can create custom roles for your{% ifversion enterprise-custom-roles %} enterprise account and{% endif %} organizations. Custom roles are sets of permissions for settings and resources that you can assign to users and teams.{% ifversion enterprise-custom-roles %} To learn best practices for using roles on {% data variables.product.github %}, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/identify-role-requirements).{% endif %} @@ -8,6 +6,8 @@ Custom roles are sets of permissions for settings and resources that you can ass ## Creating enterprise custom roles +>[!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change. + Enterprise custom roles grant access to a subset of enterprise settings, such as viewing audit logs and creating organizations. {% data variables.product.github %} plans to expand the list of available permissions over time. {% data reusables.enterprise-accounts.start-creating-custom-role %} diff --git a/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml b/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml index 3f85a0c2a13f..5adefd6e8bab 100644 --- a/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml +++ b/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml @@ -2959,7 +2959,7 @@ - provider: Mapbox supportedSecret: Mapbox Secret Access Token secretType: mapbox_secret_access_token - isPublic: false + isPublic: true isPrivateWithGhas: true hasPushProtection: true hasValidityCheck: true diff --git a/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml b/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml index 3f85a0c2a13f..5adefd6e8bab 100644 --- a/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml +++ b/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml @@ -2959,7 +2959,7 @@ - provider: Mapbox supportedSecret: Mapbox Secret Access Token secretType: mapbox_secret_access_token - isPublic: false + isPublic: true isPrivateWithGhas: true hasPushProtection: true hasValidityCheck: true