From 7f31ac9db7074fec07c25f82d20818d95df4b1f1 Mon Sep 17 00:00:00 2001 From: David Strome <21028455+dstrome@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:59:29 -0800 Subject: [PATCH 1/3] Default pr submitter perms to read if user = copilot --- .github/workflows/Shared-AutoLabelAssign.yml | 24 +++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Shared-AutoLabelAssign.yml b/.github/workflows/Shared-AutoLabelAssign.yml index e8b6aa20770..d9524bec4a3 100644 --- a/.github/workflows/Shared-AutoLabelAssign.yml +++ b/.github/workflows/Shared-AutoLabelAssign.yml @@ -1435,7 +1435,29 @@ jobs: # Get permission level of user who created the comment. Need to use .role_name instead of .permission because .permission provides only legacy values. # .role_name provides legacy plus triage, maintain, and custom roles like write-elevated. - $UserPermission = $(Invoke-RestMethod -Method GET -Headers $GitHubHeaders -Uri $UserPermissionUrl).role_name + # Copilot isn't a real user so attempting to retrieve its permissions on the repo will fail. Set $UserPermission to read if copilot is the submitter. + If ($PrCreator -ne "copilot") { + + Try { + + $UserPermission = $(Invoke-RestMethod -Method GET -Headers $GitHubHeaders -Uri $UserPermissionUrl).role_name + + } Catch { + + Write-Host "Failed to retrieve user permission for $PrCreator. Defaulting to read. Error: $_" + + $UserPermission = "read" + + } + + } Else { + + Write-Host "PR creator is copilot. Defaulting to read permissions." + + $UserPermission = "read" + + } + # Only add reviewers if the submitter can't sign off on their own PR. If (($UserPermission -eq "read") -or ($UserPermission -eq "") -or ($UserPermission -eq $Null)) { From d3a7361e1275c3cf18d4d1036503d31603b11b50 Mon Sep 17 00:00:00 2001 From: David Strome <21028455+dstrome@users.noreply.github.com> Date: Mon, 26 Jan 2026 11:01:09 -0800 Subject: [PATCH 2/3] Replace askanadmin with tcphelp --- .github/workflows/Shared-AutoPublishV2.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/Shared-AutoPublishV2.yml b/.github/workflows/Shared-AutoPublishV2.yml index 0b11f611725..7de678ed531 100644 --- a/.github/workflows/Shared-AutoPublishV2.yml +++ b/.github/workflows/Shared-AutoPublishV2.yml @@ -95,10 +95,10 @@ jobs: # PR variables $PrTitle = "[AutoPublish] $DefaultBranch to $TargetBranch" - $AutoMergeDisabledPrDescriptionPubOps = "@MicrosoftDocs/marveldocs-pubops`n`nThis is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is disabled.** This PR must be merged manually.`n`nBefore merging this PR, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`nIf you have questions, post a message to https://aka.ms/askanadmin." - $AutoMergeDisabledPrDescriptionNonPubOps = "This is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is disabled.** This PR must be merged manually.`n`nBefore you merge this PR, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`n**Note**: This is repo isn't managed by PubOps. **A contributor with write access to this repo will need to merge this PR for changes in it to go live.`n`nIf you have questions, post a message to https://aka.ms/askanadmin." - $AutoMergeEnabledPrDescriptionPubOps = "@MicrosoftDocs/marveldocs-pubops`n`nThis is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is enabled.** The repo will attempt to automatically merge this PR when all required checks pass. If the PR is automatically merged, no further action is required to publish the contents of this PR.`n`nIn the event the repo can't automatically merge this PR, the **Manual merge required** label will be added to the PR. If this happens, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`nIf you have questions, post a message to https://aka.ms/askanadmin." - $AutoMergeEnabledPrDescriptionNonPubOps = "This is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is enabled.** The repo will attempt to automatically merge this PR when all required checks pass. If the PR is automatically merged, no further action is required to publish the contents of this PR.`n`nIn the event the repo can't automatically merge this PR, the **Manual merge required** label will be added to the PR. If this happens, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`n**Note**: This is repo isn't managed by PubOps. **If a manual merge is required, a contributor with write access to this repo will need to merge this PR for changes in it to go live.**`n`nIf you have questions, post a message to https://aka.ms/askanadmin." + $AutoMergeDisabledPrDescriptionPubOps = "@MicrosoftDocs/marveldocs-pubops`n`nThis is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is disabled.** This PR must be merged manually.`n`nBefore merging this PR, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`nIf you have questions, post a message to https://aka.ms/tcphelp." + $AutoMergeDisabledPrDescriptionNonPubOps = "This is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is disabled.** This PR must be merged manually.`n`nBefore you merge this PR, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`n**Note**: This is repo isn't managed by PubOps. **A contributor with write access to this repo will need to merge this PR for changes in it to go live.`n`nIf you have questions, post a message to https://aka.ms/tcphelp." + $AutoMergeEnabledPrDescriptionPubOps = "@MicrosoftDocs/marveldocs-pubops`n`nThis is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is enabled.** The repo will attempt to automatically merge this PR when all required checks pass. If the PR is automatically merged, no further action is required to publish the contents of this PR.`n`nIn the event the repo can't automatically merge this PR, the **Manual merge required** label will be added to the PR. If this happens, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`nIf you have questions, post a message to https://aka.ms/tcphelp." + $AutoMergeEnabledPrDescriptionNonPubOps = "This is an automated pull request to publish changes from the $DefaultBranch branch to the $TargetBranch branch. Merging this PR will publish the changes to the live learn.microsoft.com site.`n`n**Auto-merge is enabled.** The repo will attempt to automatically merge this PR when all required checks pass. If the PR is automatically merged, no further action is required to publish the contents of this PR.`n`nIn the event the repo can't automatically merge this PR, the **Manual merge required** label will be added to the PR. If this happens, complete the following checks before merging this PR:`n`n- If there are more than $MaxAllowedChangedFiles files, the repo will not automatically merge the PR. Review the changes for any obvious mistakes such as mass-deleted files. If the changes appear normal (bulk changes, general updates to many files, etc), merge the PR. If you're not sure, do not merge the PR and investigate further.`n- If there are warnings or failing checks, resolve them before merging the PR.`n- View the changes on https://review.learn.microsoft.com to confirm the changes look correct on the site.`n`nAfter you've completed these steps, manually merge the PR.`n`n**Note**: This is repo isn't managed by PubOps. **If a manual merge is required, a contributor with write access to this repo will need to merge this PR for changes in it to go live.**`n`nIf you have questions, post a message to https://aka.ms/tcphelp." # Label variables $AutoPublishLabelColor = "5319E7" From 767a8f8dca82ff83c48a63165617de477b8899fb Mon Sep 17 00:00:00 2001 From: David Strome <21028455+dstrome@users.noreply.github.com> Date: Tue, 10 Mar 2026 11:58:08 -0700 Subject: [PATCH 3/3] Update GitHub App Token action to version 2 --- .github/workflows/Shared-AutoPublishV2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Shared-AutoPublishV2.yml b/.github/workflows/Shared-AutoPublishV2.yml index 7de678ed531..9088bd8521b 100644 --- a/.github/workflows/Shared-AutoPublishV2.yml +++ b/.github/workflows/Shared-AutoPublishV2.yml @@ -35,7 +35,7 @@ jobs: - name: Create App Token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.ClientId }} private-key: ${{ secrets.PrivateKey }}