Skip to content

Enable GitHub guard policy (repos: public, min-integrity: writer) on smoke-Claude workflow #18926

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 4 commits into
base: main
Choose a base branch
from
+17 −4
Draft

Enable GitHub guard policy (repos: public, min-integrity: writer) on smoke-Claude workflow #18926

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f009f58
Initial plan
Copilot Feb 28, 2026
21b6de3
feat: enable github guard policy on smoke-claude workflow
Copilot Feb 28, 2026
257450e
Add changeset [skip-ci]
Feb 28, 2026
7a0b7ea
ci: trigger CI checks
github-actions[bot] Feb 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/patch-smoke-claude-guard-policy.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 7 additions & 1 deletion .github/workflows/smoke-claude.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions .github/workflows/smoke-claude.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ tools:
agentic-workflows:
cache-memory: true
github:
repos: public
Copy link
Contributor

@github-actions github-actions bot Feb 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good addition of repos: public and min-integrity: writer guard policies — restricting the smoke test to public repos with writer integrity is a sensible security improvement. One consideration: if future smoke tests need to reference private repos, this policy would block them.

min-integrity: writer
toolsets: [repos, pull_requests]
playwright:
edit:
Expand Down
6 changes: 3 additions & 3 deletions pkg/parser/schemas/main_workflow_schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2967,12 +2967,12 @@
"examples": [["/data:/data:ro", "/tmp:/tmp:rw"], ["/opt:/opt:ro"]]
},
"repos": {
"description": "Guard policy: repository access configuration. Restricts which repositories the agent can access. Use 'all' to allow all repos or an array of 'owner/repo' strings.",
"description": "Guard policy: repository access configuration. Restricts which repositories the agent can access. Use 'all' to allow all repos, 'public' to allow only public repos, or an array of 'owner/repo' strings.",
"oneOf": [
{
"type": "string",
"enum": ["all"],
"description": "Allow access to all repositories"
"enum": ["all", "public"],
"description": "Allow access to all repositories or only public repositories"
Copy link
Contributor

@github-actions github-actions bot Feb 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The updated schema description now correctly includes 'public' as an option. The enum update from ["all"] to ["all", "public"] is clean and consistent with how the new guard policy is used.

},
{
"type": "array",
Expand Down
Loading