From b91a2a0c7c2cf53ee713d31d65ada872b4e7d551 Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 14:07:29 -0700 Subject: [PATCH 01/12] Consult the council Signed-off-by: Sylvain Niles --- .github/workflows/rivendell_council.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/rivendell_council.yml diff --git a/.github/workflows/rivendell_council.yml b/.github/workflows/rivendell_council.yml new file mode 100644 index 0000000000..97ddc0a751 --- /dev/null +++ b/.github/workflows/rivendell_council.yml @@ -0,0 +1,16 @@ +name: Rivendell Council Review + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + council: + name: Convene the Council + uses: sylvainsf/rivendell_council/.github/workflows/council.yml@main + permissions: + contents: read + pull-requests: write + models: read + with: + model: anthropic/claude-sonnet-4.6 \ No newline at end of file From 909a0ffe04f841e6f40587b0be12003a03f07202 Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 14:32:29 -0700 Subject: [PATCH 02/12] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Sylvain Niles --- .github/workflows/rivendell_council.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/rivendell_council.yml b/.github/workflows/rivendell_council.yml index 97ddc0a751..9f38d1c34d 100644 --- a/.github/workflows/rivendell_council.yml +++ b/.github/workflows/rivendell_council.yml @@ -1,9 +1,13 @@ +# yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json +--- name: Rivendell Council Review on: pull_request: types: [opened, synchronize, reopened] +permissions: {} + jobs: council: name: Convene the Council From 2fb34b6885a1804ad31fd12d76907003acf21acd Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 14:32:43 -0700 Subject: [PATCH 03/12] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Sylvain Niles --- .github/workflows/rivendell_council.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rivendell_council.yml b/.github/workflows/rivendell_council.yml index 9f38d1c34d..bae7b53e25 100644 --- a/.github/workflows/rivendell_council.yml +++ b/.github/workflows/rivendell_council.yml @@ -11,7 +11,7 @@ permissions: {} jobs: council: name: Convene the Council - uses: sylvainsf/rivendell_council/.github/workflows/council.yml@main + uses: sylvainsf/rivendell_council/.github/workflows/council.yml@v1 permissions: contents: read pull-requests: write From 607b1f4f8a51f84db1111ab7065664ccebb09615 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Sun, 15 Mar 2026 14:37:11 -0700 Subject: [PATCH 04/12] Guard Rivendell Council workflow against fork PR write-permission failures (#11434) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # Description On `pull_request` events from forks, `GITHUB_TOKEN` is read-only — the `council` job requesting `pull-requests: write` would fail for external contributors. Adds a job-level guard to skip execution on fork PRs. ## Changes - **`.github/workflows/rivendell_council.yml`**: Added `if` condition to the `council` job: ```yaml if: github.event.pull_request.head.repo.full_name == github.repository ``` The job is now skipped entirely when the PR originates from a fork, avoiding token permission errors. ## Type of change - This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional). ## Contributor checklist - An overview of proposed schema changes is included in a linked GitHub issue. - [ ] Yes - [x] Not applicable - A design document PR is created in the [design-notes repository](https://github.com/radius-project/design-notes/), if new APIs are being introduced. - [ ] Yes - [x] Not applicable - The design document has been reviewed and approved by Radius maintainers/approvers. - [ ] Yes - [x] Not applicable - A PR for the [samples repository](https://github.com/radius-project/samples) is created, if existing samples are affected by the changes in this PR. - [ ] Yes - [x] Not applicable - A PR for the [documentation repository](https://github.com/radius-project/docs) is created, if the changes in this PR affect the documentation or any user facing updates are made. - [ ] Yes - [x] Not applicable - A PR for the [recipes repository](https://github.com/radius-project/recipes) is created, if existing recipes are affected by the changes in this PR. - [ ] Yes - [x] Not applicable --- 💬 Send tasks to Copilot coding agent from [Slack](https://gh.io/cca-slack-docs) and [Teams](https://gh.io/cca-teams-docs) to turn conversations into code. Copilot posts an update in your thread when it's finished. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: sylvainsf <540991+sylvainsf@users.noreply.github.com> --- .github/workflows/rivendell_council.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/rivendell_council.yml b/.github/workflows/rivendell_council.yml index bae7b53e25..d36c817321 100644 --- a/.github/workflows/rivendell_council.yml +++ b/.github/workflows/rivendell_council.yml @@ -11,6 +11,8 @@ permissions: {} jobs: council: name: Convene the Council + # Skip on fork PRs - GITHUB_TOKEN is read-only for forks and cannot write PR comments + if: github.event.pull_request.head.repo.full_name == github.repository uses: sylvainsf/rivendell_council/.github/workflows/council.yml@v1 permissions: contents: read From f3e7e27d0f08c2850f746357394cc462f75872e2 Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 14:39:23 -0700 Subject: [PATCH 05/12] rename workflow file Signed-off-by: Sylvain Niles --- .github/workflows/{rivendell_council.yml => council-review.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{rivendell_council.yml => council-review.yml} (100%) diff --git a/.github/workflows/rivendell_council.yml b/.github/workflows/council-review.yml similarity index 100% rename from .github/workflows/rivendell_council.yml rename to .github/workflows/council-review.yml From 5739b32bdb0fa87839f479856728977692b44810 Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 15:41:27 -0700 Subject: [PATCH 06/12] Change council.yml workflow version from v1 to v0 fix to call the current version Signed-off-by: Sylvain Niles --- .github/workflows/council-review.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/council-review.yml b/.github/workflows/council-review.yml index d36c817321..865861e121 100644 --- a/.github/workflows/council-review.yml +++ b/.github/workflows/council-review.yml @@ -13,10 +13,10 @@ jobs: name: Convene the Council # Skip on fork PRs - GITHUB_TOKEN is read-only for forks and cannot write PR comments if: github.event.pull_request.head.repo.full_name == github.repository - uses: sylvainsf/rivendell_council/.github/workflows/council.yml@v1 + uses: sylvainsf/rivendell_council/.github/workflows/council.yml@v0 permissions: contents: read pull-requests: write models: read with: - model: anthropic/claude-sonnet-4.6 \ No newline at end of file + model: anthropic/claude-sonnet-4.6 From 518b50db5512513c4a6f4004e69376ebed20f902 Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 15:48:53 -0700 Subject: [PATCH 07/12] Update council workflow to use version 1 this adds pinned shas for all upstream actions Signed-off-by: Sylvain Niles --- .github/workflows/council-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/council-review.yml b/.github/workflows/council-review.yml index 865861e121..eee47e0e46 100644 --- a/.github/workflows/council-review.yml +++ b/.github/workflows/council-review.yml @@ -13,7 +13,7 @@ jobs: name: Convene the Council # Skip on fork PRs - GITHUB_TOKEN is read-only for forks and cannot write PR comments if: github.event.pull_request.head.repo.full_name == github.repository - uses: sylvainsf/rivendell_council/.github/workflows/council.yml@v0 + uses: sylvainsf/rivendell_council/.github/workflows/council.yml@v1 permissions: contents: read pull-requests: write From aa4a4e2c0defd5ccea6a186da2d78db5d75353ff Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 16:03:54 -0700 Subject: [PATCH 08/12] Update model from Claude Sonnet to GPT-5 valid model Signed-off-by: Sylvain Niles --- .github/workflows/council-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/council-review.yml b/.github/workflows/council-review.yml index eee47e0e46..d7fc74b6d7 100644 --- a/.github/workflows/council-review.yml +++ b/.github/workflows/council-review.yml @@ -19,4 +19,4 @@ jobs: pull-requests: write models: read with: - model: anthropic/claude-sonnet-4.6 + model: openai/gpt-5 From 1a5d0020b68a815172f518efad8caa5283b65496 Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 16:09:10 -0700 Subject: [PATCH 09/12] Change model from gpt-5 to gpt-4o in workflow Signed-off-by: Sylvain Niles --- .github/workflows/council-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/council-review.yml b/.github/workflows/council-review.yml index d7fc74b6d7..a54a76f538 100644 --- a/.github/workflows/council-review.yml +++ b/.github/workflows/council-review.yml @@ -19,4 +19,4 @@ jobs: pull-requests: write models: read with: - model: openai/gpt-5 + model: openai/gpt-4o From f23d440e786271ba06c0e6ab5021dc2fa8ee8c98 Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 16:17:17 -0700 Subject: [PATCH 10/12] trigger council re- run Signed-off-by: Sylvain Niles From 00ff3df8ec4dd703738b0ef5c985c9ca2eef8a3b Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 16:17:46 -0700 Subject: [PATCH 11/12] trigger council re- run Signed-off-by: Sylvain Niles From 83609083d85cfb116d26ea192c06955649fc2d0f Mon Sep 17 00:00:00 2001 From: Sylvain Niles Date: Sun, 15 Mar 2026 16:21:11 -0700 Subject: [PATCH 12/12] trigger council re-run Signed-off-by: Sylvain Niles