From 3e1c331b76152f10076ab15ef710feb026e73127 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 14 Jun 2026 09:49:35 +0000 Subject: [PATCH] [instructions] Sync safe-output defaults with post-v0.79.8 changes - add-comment.discussions default flipped to opt-in (false) per #39051 - dispatch-workflow now supports cross-repo via target-repo/allowed-repos/target-ref per #39080 Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/aw/campaign.md | 2 +- .github/aw/safe-outputs-automation.md | 5 ++++- .github/aw/safe-outputs-content.md | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/aw/campaign.md b/.github/aw/campaign.md index f21e7e1bb29..7d3c4b8c757 100644 --- a/.github/aw/campaign.md +++ b/.github/aw/campaign.md @@ -122,7 +122,7 @@ First-class output is a **metric** and an **interpretation**. Make KPI computati ### Cross-repo coordination -- `safe-outputs.dispatch-workflow` is same-repo only. +- `safe-outputs.dispatch-workflow` is same-repo by default; cross-repo dispatch needs `target-repo` plus an `allowed-repos` allowlist and a token with `actions: write` on the target. - For org-wide/multi-org, use a coordinator sending `repository_dispatch` to each target repo. - Requires PAT or GitHub App token with access to every dispatched repo. - Prefer fine-grained PAT scoped to specific repos with `Actions: Read & Write`. diff --git a/.github/aw/safe-outputs-automation.md b/.github/aw/safe-outputs-automation.md index ae3d5a26679..0b1b9a9e6c7 100644 --- a/.github/aw/safe-outputs-automation.md +++ b/.github/aw/safe-outputs-automation.md @@ -68,9 +68,12 @@ description: Safe-output reference for workflow dispatch, code scanning, checks, dispatch-workflow: workflows: [workflow-name] # Required: list of workflow names to allow max: 3 # Optional: max dispatches (default: 1, max: 3) + target-repo: org/other-repo # Optional: cross-repo dispatch target (owner/repo or expression) + allowed-repos: [org/*] # Optional: allowlist for cross-repo dispatch targets + target-ref: main # Optional: ref to dispatch against (overrides caller's GITHUB_REF) ``` - Triggers other agentic workflows in the same repository using workflow_dispatch. Agent output includes `workflow_name` (without .md extension) and optional `inputs` (key-value pairs). Not supported for cross-repository operations. + Triggers other agentic workflows using workflow_dispatch. Agent output includes `workflow_name` (without .md extension) and optional `inputs` (key-value pairs). Cross-repo dispatch is supported via `target-repo` plus an `allowed-repos` allowlist; cross-repo targets require a token with `actions: write` on the target repository. - `dispatch_repository:` - Dispatch `repository_dispatch` events to external repositories (experimental) ```yaml diff --git a/.github/aw/safe-outputs-content.md b/.github/aw/safe-outputs-content.md index f964e1af7bf..a40762f4392 100644 --- a/.github/aw/safe-outputs-content.md +++ b/.github/aw/safe-outputs-content.md @@ -125,7 +125,7 @@ description: Safe-output reference for issue, discussion, comment, and pull requ required-title-prefix: "[bot]" # Optional: issue/PR title must start with this prefix hide-older-comments: true # Optional: minimize previous comments from same workflow allowed-reasons: [outdated] # Optional: restrict hiding reasons (default: outdated) - discussions: true # Optional: set false to exclude discussions:write permission (default: true) + discussions: true # Optional: opt-in to discussions:write permission for discussion comments/replies (default: false) issues: true # Optional: set false to exclude issues:write permission (default: true) pull-requests: true # Optional: set false to exclude pull-requests:write permission (default: true) footer: true # Optional: when false, omits visible footer but preserves XML markers (default: true)