Skip to content

Commit 8f923b7

Browse files
austenstoneaustenstone
committed
Refactor action.yml: update input descriptions, deprecate copilot-token, and adjust default values for clarity
1 parent adbd2cf commit 8f923b7

File tree

2 files changed

+8
-17
lines changed

2 files changed

+8
-17
lines changed

README.md

-902 Bytes

Installation

Permissions

Add the copilot-requests: write permission to your workflow. The default GITHUB_TOKEN now handles Copilot authentication — no PAT required.

Note

Your organization must have the "Allow use of Copilot CLI billed to the organization" policy enabled.

TokenBasic Setup

Warning

The default GITHUB_TOKEN does NOT have Copilot permissions!

You need a Personal Access Token (PAT) with Copilot access.

🚀 Quick Setup: Create Copilot CLI Token (Pre-configured)

At minimum, you need: Copilot Requests = Read-only

Tip

Save your token as a repository secret named COPILOT_TOKEN

Basic Setup

Add the following workflow to your .github/workflows folder:

name: 'Copilot Automation'
on: [pull_request]

permissions:
  copilot-requests: write
  pull-requests: write

jobs:
  copilot:
    permissions:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v5

      - name: 'Run Copilot CLI'
        uses: austenstone/copilot-cli@v2
        with:
          copilot-token: ${{ secrets.COPILOT_TOKEN }}
          prompt: |
            Review this pull request for:
            1. Code quality and best practices
            2. Security vulnerabilities
            3. Performance implications
            4. Documentation completeness

Advanced Setup with MCP Servers

          prompt: 'What time is it?'
          mcp-config: |
            {
              "mcpServers": {
                "time": {
                  "type": "local",
                  "command": "uvx",
                  "args": ["mcp-server-time", "--local-timezone", "America/New_York"],
                  "tools": ["*"]
                }
              }
            }

Input Parameters

Parameter Description Required Default
copilot-token PAT with "Copilot Requests" permission. The default github.token does NOT work — you must provide a PAT. -
prompt Natural language prompt to send to GitHub Copilot -
repo-token Token for standard GitHub repo operations (push, PRs). Falls back to copilot-token if not set. Can use default GITHUB_TOKEN here. github.token
mcp-config MCP server configuration in JSON format -
copilot-config GitHub Copilot CLI configuration (JSON) See below
allow-all-tools Allow all tools without approval true
allowed-tools Comma-separated list of tools to allow (e.g., "shell(rm),shell(git push)") -
denied-tools Comma-separated list of tools to deny (e.g., "shell(rm),shell(git push)") -
copilot-version Version of @github/copilot to install (e.g., "latest", "0.0.329") latest
model AI model to use (e.g., "claude-sonnet-4.5", "gpt-5") -
agent Specify a custom agent to use -
additional-directories Comma-separated list of additional directories to trust (e.g., "/tmp,/var/log") -
disable-mcp-servers Comma-separated list of MCP servers to disable (e.g., "github-mcp-server,custom-server") -
enable-all-github-mcp-tools Enable all GitHub MCP tools false
resume-session Resume from a previous session ID (use "latest" for most recent) -
log-level Log level: "none", "error", "warning", "info", "debug", "all", "default" all
upload-artifact Upload Copilot logs as workflow artifacts true
Parameter Description Required Default
copilot-token (Deprecated) Token for Copilot auth. The default github.token now works — no PAT needed. Only override if necessary. github.token
prompt Natural language prompt to send to GitHub Copilot -
mcp-config MCP server configuration in JSON format -
copilot-config GitHub Copilot CLI configuration (JSON) See below
allow-all-tools Allow all tools without approval true
allowed-tools Comma-separated list of tools to allow (e.g., "shell(rm),shell(git push)") -
denied-tools Comma-separated list of tools to deny (e.g., "shell(rm),shell(git push)") -
copilot-version Version of Copilot CLI to install (e.g., "latest", "prerelease", "0.0.329") prerelease
model AI model to use (e.g., "claude-sonnet-4.5", "gpt-5") -
agent Specify a custom agent to use -
additional-directories Comma-separated list of additional directories to trust (e.g., "/tmp,/var/log") -
disable-mcp-servers Comma-separated list of MCP servers to disable (e.g., "github-mcp-server,custom-server") -
enable-all-github-mcp-tools Enable all GitHub MCP tools false
resume-session Resume from a previous session ID (use "latest" for most recent) -
log-level Log level: "none", "error", "warning", "info", "debug", "all", "default" all
upload-artifact Upload Copilot logs as workflow artifacts true

MCP Server Configuration

The action supports Model Context Protocol (MCP) servers for extending Copilot's capabilities. Configure MCP servers using JSON format with an mcpServers object where each key is the server name and the value contains its configuration.

Troubleshooting

Note

Most issues stem from tokenpermissions configuration.

Common Issues

  1. "Copilot token required" / Permission Denied

    • The default GITHUB_TOKEN does NOT have Copilot access
    • You must use a PAT with the "Copilot Requests" permission
    • Make sure your token is saved as a secret and referenced correctly
    • Ensure your workflow has copilot-requests: write permission
    • Your org must enable the "Allow use of Copilot CLI billed to the organization" policy
    • If using a legacy PAT, ensure it has the "Copilot Requests" permission

  2. Copilot starts but permission denied

    • The repo-token default to GITHUB_TOKEN.
    • Add permissions: write-all to your workflow file.
    • Check Settings > Actions > General > Workflow permissions.
    • Verify the token is correctly configured in your workflow.

  3. Copilot starts but permission denied on repo operations

    • Add appropriate permissions (e.g., contents: write, pull-requests: write)
    • Check Settings > Actions > General > Workflow permissions

  4. Tool Access Denied

    • Check your allowed-tools and denied-tools configuration
    • If allow-all-tools: false, you must explicitly allow needed tools

  5. MCP Server Connection Issues

    • Verify MCP server URLs are accessible from GitHub-hosted runners
    • Check authentication headers and tokens
    • Ensure type is set correctly (local, http, or sse)

  6. Session Resume Not Working

    • Session data is stored in logs; ensure upload-artifact: true
    • Use resume-session: latest to continue the most recent session

  7. Large Output Truncation

    • Set log-level: error or log-level: warning to reduce verbosity
    • Break complex prompts into smaller, focused tasks

Related Resources

action.yml

Lines changed: 8 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,7 @@ branding:
55
color: 'purple'
66
inputs:
77
copilot-token:
8-
description: 'GitHub Personal Access Token (PAT) with "Copilot Requests" permission. The default github.token does NOT have Copilot access - you must provide a PAT with the "Copilot Requests" scope. See: https://github.com/settings/tokens/new?scopes=copilot'
9-
required: true
10-
repo-token:
11-
description: 'Token for standard GitHub repository operations (e.g., pushing commits, creating PRs). Defaults to copilot-token if not specified. You can use the default GITHUB_TOKEN here if you only need repo access.'
8+
description: '(Deprecated) The default github.token now supports copilot-requests permission — no PAT needed. Only provide this if you need to override with a specific token.'
129
required: false
1310
default: ${{ github.token }}
1411
prompt:
@@ -38,9 +35,9 @@ inputs:
3835
description: 'Comma-separated list of tools to deny (e.g., "shell(rm),shell(git push)")'
3936
required: false
4037
copilot-version:
41-
description: 'Version of @github/copilot to install (e.g., "latest", "0.0.329")'
38+
description: 'Version of Copilot CLI to install (e.g., "latest", "prerelease", "0.0.329")'
4239
required: false
43-
default: 'latest'
40+
default: 'prerelease'
4441
model:
4542
description: 'Model to use (e.g., "claude-sonnet-4.5", "claude-sonnet-4", "gpt-5")'
4643
required: false
@@ -82,21 +79,16 @@ outputs:
8279
runs:
8380
using: 'composite'
8481
steps:
85-
- uses: actions/setup-node@v6
82+
- uses: actions/setup-copilot@v0
8683
with:
87-
node-version: '22'
84+
version: ${{ inputs.copilot-version }}
8885
- name: Run GitHub Copilot CLI
8986
id: copilot
9087
shell: bash
9188
run: |
9289
# Script
9390
94-
echo "::group::Install GitHub Copilot CLI"
95-
if [ "$COPILOT_VERSION" = "latest" ]; then
96-
npm install -g @github/copilot
97-
else
98-
npm install -g @github/copilot@$COPILOT_VERSION
99-
fi
91+
echo "::group::Copilot CLI Version"
10092
echo "CLI Version: $(copilot --version)"
10193
echo "::endgroup::"
10294
@@ -186,10 +178,9 @@ runs:
186178
echo "logs_path=$HOME/.copilot/logs" >> $GITHUB_OUTPUT
187179
echo "exit_code=$EXIT_CODE" >> $GITHUB_OUTPUT
188180
env:
189-
GH_TOKEN: ${{ inputs.repo-token || inputs.copilot-token }}
190-
COPILOT_GITHUB_TOKEN: ${{ inputs.copilot-token }}
181+
GITHUB_TOKEN: ${{ inputs.copilot-token }}
182+
GH_TOKEN: ${{ inputs.copilot-token }}
191183
PROMPT: ${{ inputs.prompt }}
192-
COPILOT_VERSION: ${{ inputs.copilot-version }}
193184
CONFIG: ${{ inputs.copilot-config }}
194185
MCP_CONFIG: ${{ inputs.mcp-config }}
195186
ALLOW_ALL_TOOLS: ${{ inputs.allow-all-tools }}

0 commit comments

Comments
 (0)