Conversation
…te_project - Add content_repo field to update_project tool schema (both JSON files) - Update update_project.cjs to use content_repo for GraphQL content resolution - Add allowed-repos/target-repo config validation in handleUpdateProject - Add TargetRepoSlug and AllowedRepos fields to UpdateProjectConfig Go struct - Update compiler_safe_outputs_config.go to pass target-repo and allowed_repos - Update safe_outputs_config_generation.go to use generateTargetConfigWithRepos - Add target-repo and allowed-repos to main_workflow_schema.json - Update documentation with cross-repo examples and feature tables Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add content_repo for cross-repo project item resolution
feat(update_project): add Mar 17, 2026
content_repo for cross-repo project item resolution
Contributor
|
@copilot rename content_repo to target_repo to avoid confusing. Review all code and add tests. Ensure consistency. Reuse helpers. |
- Rename content_repo -> target_repo in update_project.cjs, both schema JSON files, main_workflow_schema.json, Go struct comment, and all documentation - Add camelCase alias targetRepo -> target_repo in normalizeUpdateProjectOutput - Add 9 tests covering: target_repo content resolution, camelCase alias, invalid format, fallback to context.repo, allowed-repos validation, target-repo config match, allowed-repos list, wildcard pattern, no target_repo Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in a3d3735. Renamed
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Copilot
AI
changed the title
feat(update_project): add
feat(update_project): add Mar 17, 2026
content_repo for cross-repo project item resolutiontarget_repo for cross-repo project item resolution
Contributor
|
@copilot review changes, added tests |
Contributor
|
@copilot create integration tests with agentic workflows that use the feature and make sure the compiled code config.json contains the target-repo configured |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds cross-repository support to the update_project safe-output by introducing a target_repo field (agent output) and corresponding allowlisting configuration, enabling org-level Projects to resolve issues/PRs from repos other than the workflow host repo.
Changes:
- Add
target_reposupport toupdate_project(GraphQL content resolution uses the specified repo instead of alwayscontext.repo) plus camelCase alias normalization. - Introduce
target-repo/allowed-reposconfig parsing and propagation (Go compiler + generated runtime config) and enforce repo allowlisting in the JS handler. - Update schemas/docs and add tests covering cross-repo resolution, normalization, validation, and allowlist behavior.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
actions/setup/js/update_project.cjs |
Uses target_repo for issue/PR node resolution and validates it against configured allowlist before executing. |
actions/setup/js/update_project.test.cjs |
Adds test coverage for cross-repo resolution, aliasing, and allowlist enforcement. |
actions/setup/js/safe_outputs_tools.json |
Extends tool input schema with optional target_repo. |
pkg/workflow/update_project.go |
Adds target-repo + allowed-repos to update-project frontmatter config parsing. |
pkg/workflow/safe_outputs_config_generation.go |
Emits runtime config including target repo + allowed repos for the update_project handler. |
pkg/workflow/compiler_safe_outputs_config.go |
Includes target-repo and allowed_repos in handler-manager config export. |
pkg/workflow/js/safe_outputs_tools.json |
Extends tool input schema with optional target_repo. |
pkg/parser/schemas/main_workflow_schema.json |
Adds target-repo + allowed-repos to update-project frontmatter schema. |
docs/.../safe-outputs.md |
Documents cross-repo usage and configuration. |
docs/.../safe-outputs-specification.md |
Updates capability metadata to reflect cross-repo support. |
docs/.../multi-repo.md |
Marks update-project as cross-repo capable. |
.changeset/patch-update-project-content-repo.md |
Records a patch-level release note for the new behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+4634
to
+4639
| "description": "Default repository in format 'owner/repo' for cross-repository content resolution. When specified, the agent can use 'target_repo' in agent output to resolve issues or PRs from this repository. Wildcards ('*') are not allowed." | ||
| }, | ||
| "allowed-repos": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" |
| "target_repo": { | ||
| "type": "string", | ||
| "pattern": "^[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+$", | ||
| "description": "Repository containing the issue or pull request, in \"owner/repo\" format (e.g., \"github/docs\"). Use this when the issue or PR belongs to a different repository than the one running the workflow. Requires safe-outputs.update-project.allowed-repos to include this repository." |
actions/setup/js/update_project.cjs
Outdated
| // additional repos must be listed in allowed-repos. | ||
| const isDefaultRepo = targetRepoSlug === defaultTargetRepo; | ||
| if (!isDefaultRepo && !isRepoAllowed(targetRepoSlug, allowedRepos)) { | ||
| const errorMsg = `Repository "${targetRepoSlug}" is not allowed for cross-repo content resolution. Configure safe-outputs.update-project.allowed-repos in the workflow frontmatter to permit this repository.`; |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
|
@copilot review comments |
…arget_repo cross-repo config Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in b5f5ee3. Added:
|
…error message, tool description Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 46513fb. Addressed all three review comments:
|
Contributor
|
@copilpt make sure patterns support github macron expression syntax ${{... |
Contributor
|
@copilot make sure patterns support github action macro expression syntax ${{... |
…arget-repo and allowed-repos schema patterns Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 293a659. Updated the |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
update_projecthardcodedcontext.repowhen resolvingcontent_numberto a project item node ID, making it impossible to update fields on items from other repos — a critical gap for org-level projects aggregating issues across multiple repositories.Changes
JavaScript (
update_project.cjs)parseRepoSlug,resolveTargetRepoConfig,isRepoAllowedfromrepo_helpers.cjsoutput.target_repoand use its parsedowner/repofor the GraphQL content resolution query instead of always usingcontext.repotargetRepo→target_repocamelCase alias innormalizeUpdateProjectOutput()for consistency with other fieldsmain(config): extractdefaultTargetRepo+allowedReposviaresolveTargetRepoConfig(falls back to current workflow repo whentarget-repois not set)handleUpdateProject(): rejecttarget_repovalues not indefaultTargetRepoorallowedReposbefore callingupdateProject()target-repoandallowed-reposas valid configuration pathsGo (
pkg/workflow/update_project.go)TargetRepoSlug(target-repo) andAllowedRepos(allowed-repos) toUpdateProjectConfigparseTargetRepoWithValidation/parseAllowedReposFromConfighelpersConfig generation
compiler_safe_outputs_config.go: addtarget-repoandallowed_reposto theupdate_projecthandler config buildersafe_outputs_config_generation.go: switch fromgenerateMaxConfig→generateTargetConfigWithReposSchema
target_repo(string,^owner/repo$pattern) to theupdate_projectMCP tool input schematarget-repoandallowed-reposto theupdate-projectfrontmatter schema, with JSON Schema validation usingoneOfto accept both literal values and GitHub Actions expression syntax (${{ ... }}):target-repo: acceptsowner/repoformat (rejects wildcards) or a${{ ... }}expression (e.g.${{ vars.TARGET_REPO }})allowed-repositems: acceptsowner/repo, wildcard patterns (org/*,*/repo,*), or${{ ... }}expressionstarget_repotool description to accurately reflect that the repo must be permitted by eithertarget-repoorallowed-reposconfigurationTests
targetRepocamelCase alias, invalid format, fallback tocontext.repo,allowed-reposrejection,target-repoconfig match,allowed-reposlist match, wildcard pattern, and notarget_repoprovidedpkg/workflow/update_project_target_repo_integration_test.go) that compile workflows and assert the generatedconfig.jsonandGH_AW_SAFE_OUTPUTS_HANDLER_CONFIGcontain the correcttarget-repoandallowed_reposvalues (or correctly omit them when not configured)pkg/cli/workflows/test-copilot-update-project-cross-repo.md) demonstrating cross-repo project item updates withtarget-repoandallowed-reposconfiguredUsage
GitHub Actions expression syntax is also supported:
Agent output for an issue in another repo:
{ "type": "update_project", "project": "https://github.com/orgs/myorg/projects/42", "content_type": "issue", "content_number": 123, "target_repo": "myorg/docs", "fields": { "Status": "In Progress" } }When
target_repois omitted, behaviour is unchanged (resolves against the workflow host repo).✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.