Motivation
Link to the gh-aw PR or issue: github/gh-aw#42313 — "Honor global mention allowlists in add-comment sanitization": bug fix so safe-outputs.mentions.allowed entries survive the final add_comment sanitization pass instead of being escaped.
Proposed test
- Workflow file:
test-copilot-add-comment-with-mentions.md
- Trigger:
issues: [opened, reopened] + if: contains(github.event.issue.body, 'e2e-marker:test-copilot-add-comment-with-mentions')
- Engine: copilot
- Safe output:
add-comment
- Variant: standard
Minimal test prompt sketch
Configure safe-outputs.mentions.allowed: [<allowlisted-user>] in frontmatter. When an issue is opened, instruct the agent to add a comment that @mentions the allowlisted user. The sample should include the literal @<user> mention to confirm it is preserved and not HTML-escaped in the safe output.
New fixtures or secrets needed
None. Uses existing githubnext/gh-aw-test. A stable GitHub account to allowlist (e.g., the github-actions[bot] or the PAT-owning account) should be chosen before writing the .md.
Notes
No existing test uses the mentions.allowed (or allowed-teams) configuration in safe-outputs. This is the only E2E regression path for the bug fixed in gh-aw#42313. The exact YAML structure for safe-outputs.mentions.allowed should be confirmed against the schema before the .md source is authored.
Generated by 🔍 Suggest New E2E Tests · 53.3 AIC · ⌖ 9.55 AIC · ⊞ 5.9K · ◷
Motivation
Link to the gh-aw PR or issue: github/gh-aw#42313 — "Honor global mention allowlists in add-comment sanitization": bug fix so
safe-outputs.mentions.allowedentries survive the finaladd_commentsanitization pass instead of being escaped.Proposed test
test-copilot-add-comment-with-mentions.mdissues: [opened, reopened]+if: contains(github.event.issue.body, 'e2e-marker:test-copilot-add-comment-with-mentions')add-commentMinimal test prompt sketch
Configure
safe-outputs.mentions.allowed: [<allowlisted-user>]in frontmatter. When an issue is opened, instruct the agent to add a comment that@mentionsthe allowlisted user. The sample should include the literal@<user>mention to confirm it is preserved and not HTML-escaped in the safe output.New fixtures or secrets needed
None. Uses existing
githubnext/gh-aw-test. A stable GitHub account to allowlist (e.g., thegithub-actions[bot]or the PAT-owning account) should be chosen before writing the.md.Notes
No existing test uses the
mentions.allowed(orallowed-teams) configuration insafe-outputs. This is the only E2E regression path for the bug fixed in gh-aw#42313. The exact YAML structure forsafe-outputs.mentions.allowedshould be confirmed against the schema before the.mdsource is authored.