Track whose turn on issues and pull requests#9420
Open
JesperSchulz wants to merge 2 commits into
Open
Conversation
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 9182e868-8873-4c36-b06e-50c4e6ad9c33
Contributor
Copilot PR ReviewIteration 2 · Outcome: completed Knowledge source: https://github.com/microsoft/BCQuality@be1b92b624679f8c031061602e7d3a3b5f71a688 Findings by domainFindings split into Knowledge-backed (cite a BCQuality article) and Agent (the agent's own judgement, no matching BCQuality rule).
Totals: 0 knowledge-backed · 1 agent findings. Orchestrator pre-filter (16 file(s) excluded)
Findings produced by the Copilot CLI agent against BCQuality at |
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 9182e868-8873-4c36-b06e-50c4e6ad9c33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Add deterministic
Turn: Microsoft,Turn: Partner, andTurn: Blockedclassification for every open issue and pull request. The trusted default-branch workflow reacts to issue/PR lifecycle, human conversation, review, and inline-review activity; preserves explicit blocked state; and enforces exactly one turn label without touching unrelated labels.Team actors must be human and have effective write, maintain, or admin repository permission. Team approvals return the turn to Microsoft only when no team reviewer's latest opinionated review still requests changes. Comment-only and pending reviews cannot mask an earlier change request; approval or dismissal clears that reviewer's request.
Fork review events use a zero-write producer and privileged
workflow_runconsumer because direct review-event tokens are read-only. The producer uploads one raw artifact containing only event kind, repository, PR number, and review/comment ID. The consumer resolves the trusted originating PR before job-level concurrency, bounds and validates the raw artifact, binds it to the exact first-attempt source event/actor/time, and re-fetches canonical API data before label mutation.The workflow never creates or updates label definitions.
.github/WHOS_TURN.mdcontains the one-time provisioning and operational backfill commands.Linked work
AB#642155
How I validated this
What I tested and the outcome
github-scriptbodies as async JavaScript functions.Risk & compatibility
The three labels must be provisioned exactly as documented before the workflows are enabled. The first PR adding the workflows cannot classify itself before merge, and the one-time backfill does not replay historical conversation.
CI failures and fork workflow approvals do not reliably identify who owns the next action, so this workflow deliberately does not infer turns from them. There is no scheduled reconciliation; one-item dispatch is the repair path.
Neither workflow checks out or executes PR code or uses secrets. The bridge has no repository permissions. The resolver has only Actions and pull-request read access; the mutation job has Actions read, issue-label write, and pull-request read access.