Add non-blocking GHA workflow to warn when ADO pipeline YAML file changes (#123)

PRs that modify `.azdo/ci-pr.yaml` can cause Azure DevOps to disable or
require approval for the `DV-Python-SDK-PullRequest`
(definitionId=29922) pipeline after merge, requiring a manual re-enable
step that's easy to forget.

## Changes

- **`.github/workflows/ado-pipeline-yaml-pr-warning.yml`** — new
workflow named `Warn when ADO pipeline YAML file changes` that:
  - Triggers only on PRs touching `.azdo/ci-pr.yaml`
- Emits a `::warning` annotation in the Actions log referencing the file
and ADO pipeline URL
- Writes a formatted markdown callout to `$GITHUB_STEP_SUMMARY` for
visibility in the GitHub UI
- Posts a resolvable file-level review comment on `.azdo/ci-pr.yaml` so
reviewers must explicitly acknowledge and resolve the warning before
merging
- Always succeeds (non-blocking); minimal `contents: read` and
`pull-requests: write` permissions

<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>

> Create a non-blocking GitHub Actions workflow that warns when the
Azure DevOps PR validation pipeline YAML file changes.
> 
> Repo: `microsoft/PowerPlatform-DataverseClient-Python`
> Base branch: `main`
> 
> ## Background / Why
> Any PR that changes `.azdo/ci-pr.yaml` may cause Azure DevOps to
disable/require approval for the PR validation pipeline YAML after
merge. We want a pre-merge guardrail that *warns* (non-blocking) so
authors/maintainers remember to perform the post-merge manual
re-enable/approval step.
> 
> ADO Pipeline referenced in messaging:
> - Name: `DV-Python-SDK-PullRequest`
> - definitionId: `29922`
> - URL:
https://dev.azure.com/dynamicscrm/OneCRM/_build?definitionId=29922
> 
> ## Requirements
> Add exactly one GitHub Actions workflow file:
> - Path: `.github/workflows/ado-pipeline-yaml-pr-warning.yml`
> - Trigger: `pull_request` with `paths: [".azdo/ci-pr.yaml"]`
> - Behavior: always succeeds (non-blocking)
> - Steps:
>   1. Print a `::warning` in logs referencing the file
> 2. Write the same message into `$GITHUB_STEP_SUMMARY` so it’s visible
in the UI
> - Permissions: minimal (`contents: read`)
> 
> ## Exact workflow content
> Create the file with the following exact YAML:
> ```yaml
> name: Warn when ADO PR pipeline YAML changes
> 
> on:
>   pull_request:
>     paths:
>       - ".azdo/ci-pr.yaml"
> 
> permissions:
>   contents: read
> 
> jobs:
>   warn:
>     runs-on: ubuntu-latest
>     steps:
>       - name: Emit warning in logs
>         run: |
> echo "::warning file=.azdo/ci-pr.yaml::This PR changes
.azdo/ci-pr.yaml. After merge, Azure DevOps may disable/require approval
for the PR pipeline YAML until it is re-enabled/approved."
> 
> echo "ADO pipeline: DV-Python-SDK-PullRequest (definitionId=29922)"
> echo
"https://dev.azure.com/dynamicscrm/OneCRM/_build?definitionId=29922"
> 
>       - name: Add workflow summary
>         run: |
>           {
>             echo "## ADO PR pipeline YAML change detected"
>             echo ""
>             echo "**File changed:** \`.azdo/ci-pr.yaml\`"
>             echo ""
> echo "**Why this matters:** After this is merged, Azure DevOps may
disable/require approval for the PR pipeline YAML."
>             echo ""
> echo "**Action required (post-merge):** Re-enable / approve the
updated YAML for:"
> echo "- **DV-Python-SDK-PullRequest** (definitionId=29922)"
> echo "-
https://dev.azure.com/dynamicscrm/OneCRM/_build?definitionId=29922"
>             echo ""
>             echo "Then trigger a run to confirm PR validation works."
>           } >> "$GITHUB_STEP_SUMMARY"
> ```
> 
> ## Explicitly out of scope
> Do not add any post-merge automation, GitHub issue creation, Teams
webhooks, or push-to-main workflows.


</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

*This pull request was created from Copilot chat.*
>

<!-- START COPILOT CODING AGENT TIPS -->
---

💡 You can make Copilot smarter by setting up custom instructions,
customizing its development environment and configuring Model Context
Protocol (MCP) servers. Learn more [Copilot coding agent
tips](https://gh.io/copilot-coding-agent-tips) in the docs.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: saurabhrb <32964911+saurabhrb@users.noreply.github.com>

Author: Copilot

.github/workflows/ado-pipeline-yaml-pr-warning.yml

@@ -0,0 +1,55 @@
+name: Warn when ADO pipeline YAML file changes
+
+on:
+  pull_request:
+    paths:
+      - ".azdo/ci-pr.yaml"
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  warn:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Emit warning in logs
+        run: |
+          echo "::warning file=.azdo/ci-pr.yaml::This PR changes .azdo/ci-pr.yaml. After merge, Azure DevOps may disable/require approval for the PR pipeline YAML until it is re-enabled/approved."
+
+          echo "ADO pipeline: DV-Python-SDK-PullRequest (definitionId=29922)"
+          echo "https://dev.azure.com/dynamicscrm/OneCRM/_build?definitionId=29922"
+
+      - name: Add workflow summary
+        run: |
+          {
+            echo "## ADO PR pipeline YAML change detected"
+            echo ""
+            echo "**File changed:** \`.azdo/ci-pr.yaml\`"
+            echo ""
+            echo "**Why this matters:** After this is merged, Azure DevOps may disable/require approval for the PR pipeline YAML."
+            echo ""
+            echo "**Action required (post-merge):** Re-enable / approve the updated YAML for:"
+            echo "- **DV-Python-SDK-PullRequest** (definitionId=29922)"
+            echo "- https://dev.azure.com/dynamicscrm/OneCRM/_build?definitionId=29922"
+            echo ""
+            echo "Then trigger a run to confirm PR validation works."
+          } >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Post resolvable PR review comment
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          jq -n \
+            --arg sha "${{ github.event.pull_request.head.sha }}" \
+            '{
+              path: ".azdo/ci-pr.yaml",
+              subject_type: "file",
+              commit_id: $sha,
+              body: "> [!WARNING]\n> **ADO PR pipeline YAML change detected**\n>\n> This PR modifies `.azdo/ci-pr.yaml`. After merge, Azure DevOps may disable or require approval for the PR validation pipeline.\n>\n> **Action required (post-merge):** Re-enable / approve the updated YAML for:\n> - **DV-Python-SDK-PullRequest** (definitionId=29922)\n> - https://dev.azure.com/dynamicscrm/OneCRM/_build?definitionId=29922\n>\n> Please resolve this comment after completing the post-merge steps."
+            }' | \
+          gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/comments \
+            --input -