Problem
All workflows triggered from Copilot-authored branches (copilot/*) require manual approval before execution, resulting in a action_required conclusion. This blocks the CI feedback loop: the agent cannot iterate on failures because its own CI cannot run automatically. The copilot/fix-cli-docker-build branch had 13 out of 14 workflow runs blocked in this way — every push triggers a new wave of action_required workflows that accumulate without ever running.
Evidence
- Analysis window: 2026-05-25 to 2026-06-08
- Sessions analyzed: 50
- Key metrics and examples:
- 28 out of 50 workflow runs (56%) concluded with
action_required
copilot/fix-cli-docker-build: 13/14 runs were action_required, across CWI, CGO, Smoke CI, Doc Build - Deploy, Content Moderation, AI Moderator, Q, and Agentic Commandscopilot/bump-mcp-gateway-to-v0325: 2 CWI runs both action_requiredcopilot/debug-failed-run-27151802516: 1 CWI run action_required- Pattern repeats across 4 distinct Copilot branches
- The approval gate fires immediately on PR open and each subsequent push, requiring manual re-approval
View action_required breakdown by workflow name
| Workflow name |
action_required count |
| Agentic Commands |
5 |
| CWI |
5 |
| Q |
5 |
| Smoke CI |
4 |
| CGO |
3 |
| Doc Build - Deploy |
2 |
| AI Moderator |
1 |
| Content Moderation |
1 |
| Label Closed PRs |
1 |
| PR Description Updater |
1 |
Proposed Change
- Approve the Copilot GitHub App identity (
app/copilot-swe-agent) as a trusted actor for PR-triggered workflows, so its branch pushes do not require manual re-approval each time.
- Alternatively, configure GitHub Actions approval policies to auto-approve runs from
copilot/* branches opened by the bot identity.
- Audit which specific workflow trigger condition is causing the approval gate (e.g., first-time contributor policy vs. fork policy) and address the root policy cause.
Expected Impact
- Eliminate the 56%
action_required bottleneck and restore CI-driven iteration for Copilot PRs
- Allow the agent to detect and fix CI failures autonomously without human intervention per push
- Reduce wasted workflow trigger noise from repeated unapproved pushes accumulating on the same branch
Notes
- Distinct root cause category: CI approval gating policy for bot-authored branches
- Data quality: only 1 day of session data available (50 runs); the
action_required rate may persist across the full 14-day window given it affects 4 different branches uniformly
- No
events.jsonl files were found in session logs; analysis is based on sessions-list.json metadata only
Generated by ⚡ Copilot Opt · ⌖ 44.3 AIC · ⊞ 19.7K · ◷
Problem
All workflows triggered from Copilot-authored branches (
copilot/*) require manual approval before execution, resulting in aaction_requiredconclusion. This blocks the CI feedback loop: the agent cannot iterate on failures because its own CI cannot run automatically. Thecopilot/fix-cli-docker-buildbranch had 13 out of 14 workflow runs blocked in this way — every push triggers a new wave ofaction_requiredworkflows that accumulate without ever running.Evidence
action_requiredcopilot/fix-cli-docker-build: 13/14 runs wereaction_required, across CWI, CGO, Smoke CI, Doc Build - Deploy, Content Moderation, AI Moderator, Q, and Agentic Commandscopilot/bump-mcp-gateway-to-v0325: 2 CWI runs bothaction_requiredcopilot/debug-failed-run-27151802516: 1 CWI runaction_requiredView action_required breakdown by workflow name
Proposed Change
app/copilot-swe-agent) as a trusted actor for PR-triggered workflows, so its branch pushes do not require manual re-approval each time.copilot/*branches opened by the bot identity.Expected Impact
action_requiredbottleneck and restore CI-driven iteration for Copilot PRsNotes
action_requiredrate may persist across the full 14-day window given it affects 4 different branches uniformlyevents.jsonlfiles were found in session logs; analysis is based on sessions-list.json metadata only