Add agentic issue-triage workflow for Win32-OpenSSH#2443
Open
tgauth wants to merge 8 commits into
Open
Conversation
Adds a gh-aw issue-triage workflow modeled on PowerShell/vscode-powershell, adapted to Win32-OpenSSH. On opened/reopened issues the agent takes exactly one action: close spam, mark/close duplicates, request author feedback, or label genuine issues with 'Investigate' plus area/type labels and a maintainer hand-off comment. Accounts for the repo's caveats: issues are tracked here but Windows code lives in PowerShell/openssh-portable (a downstream fork of upstream openssh/openssh-portable). Cross-platform OpenSSH bugs are flagged 'Issue-Upstream Parity' with a comment recommending the author file upstream (Bugzilla / openssh@openssh.com for security), without auto-filing. Uses the existing Win32-OpenSSH label taxonomy. Includes the compiled .lock.yml, action pin cache, and .gitattributes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Corrects the meaning of 'Issue-Upstream Parity': it now applies only to enhancement requests where the Windows port lacks a feature that exists upstream, never to bugs. Adds a distinct outcome E for genuine cross-platform OpenSSH bugs (reproduce on Linux/macOS): the agent applies no labels at all and posts only an upstream-filing recommendation (Bugzilla / openssh@openssh.com for security), leaving the issue open for maintainers to close once tracked upstream. These no longer enter the 'Investigate' queue. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Expands the add-labels allow-list to cover the full Resolution-* set via glob, so every resolution label is available. Triage behavior stays conservative: the agent still actively applies only 'Resolution - Duplicate' on fresh issues; the others are reserved for unmistakable edge cases / maintainers. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Agentic Workflow (“gh-aw”) to automatically triage newly opened/reopened issues in Win32-OpenSSH, using a human-editable source file that compiles into a locked GitHub Actions workflow.
Changes:
- Introduces the issue-triage agent workflow definition (
issue-triage.md) describing outcomes A–E and the associated labeling/commenting/closing behavior. - Checks in the compiled, pinned workflow (
issue-triage.lock.yml) plus an actions SHA lock entry. - Marks
*.lock.ymlworkflow outputs as generated to reduce noise and prefer “ours” on merges.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/issue-triage.md | Human-editable agent workflow source defining triage behavior and safe-output constraints. |
| .github/workflows/issue-triage.lock.yml | Generated/pinned GitHub Actions workflow produced by gh aw compile. |
| .github/aw/actions-lock.json | Pins the gh-aw setup action SHA used by the workflow toolchain. |
| .gitattributes | Marks lock workflow outputs as generated and sets merge strategy for them. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Addresses PR review: the safe-outputs note implied ALL writes go through safe-outputs, but the workflow also adds a +1 acknowledgement reaction directly (outside safe-outputs). Clarify that safe-outputs governs labels/comments/closures while the reaction is a separate workflow-side write. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a GitHub Agentic Workflow (gh-aw) for automated issue triage, modeled on PowerShell/vscode-powershell and adapted to the realities of Win32-OpenSSH. On each opened/reopened issue, an AI agent gathers context (read-only) and takes exactly one action through sanitized, least-privilege safe-outputs.
This is the first of the planned triage workflows; comment-handler and stale-closer will follow separately.
Files
.github/workflows/issue-triage.md— human-editable source (the workflow logic).github/workflows/issue-triage.lock.yml— compiled workflow Actions runs (generated bygh aw compile; do not hand-edit).github/aw/actions-lock.json— pinned action SHAs.gitattributes— marks*.lock.ymlas generatedTriage behavior — one of five outcomes
Resolution - Duplicate+ closeWaiting on Author+More info needed+ a comment naming the specific missing details (OpenSSH-for-Windows version, server/client OS, expected vs actual — matching the issue template)Investigate+ type/area labels + a maintainer hand-off commentHandling the repo's caveats
PowerShell/openssh-portable(a downstream fork of upstreamopenssh/openssh-portable).Investigatequeue.Issue-Upstream Parityis reserved for enhancement requests where the Windows port lacks an upstream feature — never for bugs.Safety
add-labelsmax 5,add-commentmax 1,close-issue-> not_planned max 1).Notes for reviewers / enabling
GH_AW_GITHUB_TOKEN). That's repo configuration, not part of this code change.issue-triage.md, then rungh aw compileto regenerate the.lock.yml.Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com