docs: add trigger file + workflow_call pattern to CentralRepoOps

[Copilot]

CentralRepoOps examples only showed schedule: as the orchestrator trigger, leaving no documented path to react to GitHub events (issues, pushes, labels) without recompiling the agentic workflow.

Changes

• New section: "Richer Triggers with a Trigger File" in central-repo-ops.mdx covering:
  • Adding workflow_call to the orchestrator frontmatter (alongside schedule:) so it can be called externally
  • A stable, hand-authored trigger .yml that references the compiled .lock.yml and uses secrets: inherit — this file survives recompiles unchanged
  • A cross-repo workflow_call example showing how a trigger file in a target repository can call back into the orchestrator in the central control repo
  • Trade-off table: schedule-only vs trigger file across setup cost, flexibility, recompile coupling, and event context forwarding

Pattern in brief

Same-repo trigger file (lives alongside the orchestrator in the central repo):

on:
  issues:
    types: [labeled]
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  trigger:
    uses: ./.github/workflows/dependabot-rollout-orchestrator.lock.yml
    with:
      reason: ${{ github.event_name }}
    secrets: inherit

Cross-repo trigger file (lives in a target repo, calls back into the central repo):

jobs:
  trigger:
    uses: my-org/central-ops/.github/workflows/dependabot-rollout-orchestrator.lock.yml@main
    with:
      reason: "${{ github.event_name }} in ${{ github.repository }}"
    secrets:
      GH_AW_READ_ORG_TOKEN: ${{ secrets.GH_AW_READ_ORG_TOKEN }}

The key insight: the trigger file is plain YAML (no compilation), so trigger conditions change independently of the agent logic. Cross-repo calls require secrets to be listed explicitly (secrets: inherit is not supported).

Warning

Custom agent used: technical-doc-writer
AI technical documentation writer for GitHub Actions library using GitHub Docs voice

Original prompt

Add a section in central repo ops about using a trigger action yml file and a workflow_call to leverage richer triggers than just schedule. The trigger .yml is stable and does not requires much updates, the workflos_call calls into the compile agentic workflow .

Discuss trade off : schedule only vs trigger file

Custom agent used: technical-doc-writer
AI technical documentation writer for GitHub Actions library using GitHub Docs voice

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[pelikhan]

@copilot show cross repo example (workflow_call into central repo workflow)

[Copilot]

@copilot show cross repo example (workflow_call into central repo workflow)

Added in 8c67357.

A new "Calling the Orchestrator from Another Repository" subsection shows how a trigger file in a target repo can call back into the central orchestrator via cross-repo workflow_call:

jobs:
  trigger:
    uses: my-org/central-ops/.github/workflows/dependabot-rollout-orchestrator.lock.yml@main
    with:
      reason: "${{ github.event_name }} in ${{ github.repository }}"
    secrets:
      GH_AW_READ_ORG_TOKEN: ${{ secrets.GH_AW_READ_ORG_TOKEN }}

The section also notes the key constraints: same-org requirement and no secrets: inherit for cross-repo calls (secrets must be listed explicitly).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• telemetry.astro.build
  • Triggering command: /opt/hostedtoolcache/node/24.14.0/x64/bin/node node /home/REDACTED/work/gh-aw/gh-aw/docs/node_modules/.bin/astro build (dns block)
  • Triggering command: /opt/hostedtoolcache/node/24.14.0/x64/bin/node node node_modules/.bin/astro preview --host 0.0.0.0 --port 4322 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Adds documentation for a “trigger file + workflow_call” pattern in CentralRepoOps so orchestrators can be invoked by GitHub events (not only schedules) without recompiling agent logic.

Changes:

• Documented adding on.workflow_call to an orchestrator and using a stable .github/workflows/*-trigger.yml to invoke the compiled *.lock.yml.
• Added a cross-repo workflow_call example and a schedule-vs-trigger trade-off table.
• Regenerated many *.lock.yml workflows (tool description text formatting changes).

Reviewed changes

Copilot reviewed 77 out of 77 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
docs/src/content/docs/patterns/central-repo-ops.mdx	Adds the new “trigger file + workflow_call” documentation section and examples.
docs/src/content/docs/agent-factory-status.mdx	Adds the “Constraint Solving — Problem of the Day” workflow to the status table.
.github/workflows/workflow-skill-extractor.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/workflow-normalizer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/workflow-health-manager.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/weekly-safe-outputs-spec-review.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/weekly-editors-health-check.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/video-analyzer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/unbloat-docs.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/ubuntu-image-analyzer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/tidy.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/test-create-pr-error-handling.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/technical-doc-writer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/super-linter.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/step-name-alignment.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/stale-repo-identifier.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-update-cross-repo-pr.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-temporary-id.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-project.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-multi-pr.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-gemini.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-create-cross-repo-pr.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-copilot.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-copilot-arm.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-codex.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/smoke-claude.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/semantic-function-refactor.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/security-compliance.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/refiner.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/q.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/poem-bot.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/plan.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/layout-spec-maintainer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/jsweep.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/issue-triage-agent.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/instructions-janitor.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/gpclean.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/go-pattern-detector.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/go-logger.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/glossary-maintainer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/github-mcp-tools-report.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/functional-pragmatist.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/duplicate-code-detector.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/discussion-task-miner.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/dictation-prompt.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/developer-docs-consolidator.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/dependabot-go-checker.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/delight.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/deep-report.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/dead-code-remover.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-workflow-updater.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-testify-uber-super-expert.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-team-status.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-syntax-error-quality.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-security-red-team.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-safe-outputs-conformance.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-safe-output-optimizer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-rendering-scripts-verifier.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-multi-device-docs-tester.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-mcp-concurrency-analysis.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-file-diet.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-doc-updater.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-doc-healer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-cli-tools-tester.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-cli-performance.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/daily-architecture-diagram.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/contribution-check.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/code-simplifier.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/code-scanning-fixer.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/cloclo.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/cli-version-checker.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/cli-consistency-checker.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/ci-doctor.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/breaking-change-checker.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/bot-detection.lock.yml	Regenerated lock workflow (description formatting for labels list).
.github/workflows/ai-moderator.lock.yml	Regenerated lock workflow (description formatting for allowed-labels list).
.github/workflows/agent-performance-analyzer.lock.yml	Regenerated lock workflow (description formatting for labels list).

Comments suppressed due to low confidence (2)

docs/src/content/docs/patterns/central-repo-ops.mdx:325

• The comment says "Trigger when a repository is labeled" but the workflow uses the issues event (issue labels). Unless you’re intentionally using issues as a proxy for repos, this should be reworded to avoid implying there’s a repository-label event.
  docs/src/content/docs/patterns/central-repo-ops.mdx:378
• The note on cross-repository workflow_call is too strict: reusable workflows can be called cross-repo under a few different conditions (for example, public workflows can be reused across organizations, and private/internal reuse depends on org/enterprise settings). Suggest rephrasing to reflect the actual permission model rather than stating it "requires" the same org.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

The cross-repo uses: example pins to @main, which can introduce breaking changes into callers unexpectedly. Since this pattern is aimed at stable central orchestration, consider showing a tag or commit SHA pin here (similar to the guidance in docs/src/content/docs/reference/imports.md about using semantic versions for production).

This issue also appears on line 376 of the same file.

[Copilot]

In the trigger workflow example, workflow_dispatch defines an input reason, but the call always passes reason: ${{ github.event_name }}. This drops the user-provided reason on manual runs. Consider passing the dispatch input when present (and falling back to github.event_name for non-dispatch events).

This issue also appears on line 322 of the same file.

[Copilot]

The PR title/description focuses on docs changes, but this PR also updates a large number of generated *.lock.yml workflows. If that churn is intentional (e.g., recompilation with updated formatting), it should be called out explicitly in the PR description to help reviewers understand the scope and review strategy.