feat(workflow): add copilot-setup-steps.yml for Coding Agent environment#398
Merged
WilliamBerryiii merged 7 commits intomainfrom Feb 3, 2026
Merged
feat(workflow): add copilot-setup-steps.yml for Coding Agent environment#398WilliamBerryiii merged 7 commits intomainfrom
WilliamBerryiii merged 7 commits intomainfrom
Conversation
Create copilot-setup-steps.yml workflow to pre-install tools for GitHub Copilot Coding Agent, bridging the devcontainer environment to GitHub Actions runners. Workflow includes: - SHA-pinned actions (checkout, setup-node, setup-python) - Node.js 20 with npm ci for JavaScript dependencies - Python 3.11 - PowerShell modules (PowerShell-Yaml) Update copilot-instructions.md with Coding Agent Environment section documenting pre-installed tools and npm script usage.
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #398 +/- ##
==========================================
- Coverage 61.49% 61.45% -0.04%
==========================================
Files 17 17
Lines 3111 3111
==========================================
- Hits 1913 1912 -1
- Misses 1198 1199 +1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a GitHub Actions workflow to configure the environment for GitHub Copilot Coding Agent, ensuring tool parity with the local devcontainer. The workflow pre-installs Node.js 20, Python 3.11, PowerShell modules, and verifies tool availability to enable cloud-based agents to run the same validation scripts as local developers.
Changes:
- Created
.github/workflows/copilot-setup-steps.ymlto pre-install development tools and dependencies for Copilot Coding Agent - Updated
.github/copilot-instructions.mdwith new "Coding Agent Environment" section documenting pre-installed tools, npm script usage, and environment synchronization practices
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
.github/workflows/copilot-setup-steps.yml |
New workflow that sets up Node.js 20, Python 3.11, PowerShell modules, and verifies tool availability for Copilot Coding Agent with SHA-pinned actions |
.github/copilot-instructions.md |
Added documentation section describing the cloud agent environment, available tools, npm scripts for validation, and synchronization guidance |
PR review comment Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
nguyena2
approved these changes
Feb 3, 2026
auyidi1
approved these changes
Feb 3, 2026
WilliamBerryiii
added a commit
that referenced
this pull request
Feb 4, 2026
🤖 I have created a release *beep* *boop* --- ## [2.1.0](hve-core-v2.0.1...hve-core-v2.1.0) (2026-02-04) ### ✨ Features * add PowerShell script to validate copyright headers ([#370](#370)) ([92fce72](92fce72)) * **docs:** Replace deprecated chat.modeFilesLocations with chat.agentFilesLocations ([#413](#413)) ([67fb2ab](67fb2ab)) * **scripts:** add CIHelpers module for CI platform abstraction ([#348](#348)) ([23e7a7e](23e7a7e)) * **scripts:** add SecurityHelpers and CIHelpers modules ([#354](#354)) ([b93d990](b93d990)) * **workflow:** add copilot-setup-steps.yml for Coding Agent environment ([#398](#398)) ([085a38b](085a38b)) ### 🐛 Bug Fixes * **build:** increase release-please search depths to prevent 250-commit window issue ([#342](#342)) ([4bb857d](4bb857d)) * **build:** patch @isaacs/brace-expansion critical vulnerability ([#404](#404)) ([292ef51](292ef51)) * **ci:** disable errexit during spell check exit code capture ([#356](#356)) ([ed6ed46](ed6ed46)) * **ci:** exclude extension/README.md from frontmatter validation ([#362](#362)) ([e0d7378](e0d7378)) * exclude test fixtures from markdown link checker ([#345](#345)) ([58147f9](58147f9)) * **extension:** resolve path resolution issues in Windows/WSL environments ([#407](#407)) ([8529725](8529725)) * **linting:** use Write-Error instead of Write-Host for error output ([#377](#377)) ([2ca766b](2ca766b)) * **scripts:** apply CI output escaping to infrastructure scripts ([#369](#369)) ([251021e](251021e)) * **scripts:** apply CI output escaping to linting scripts ([#367](#367)) ([fdd75ed](fdd75ed)) * **scripts:** apply CI output escaping to security scripts ([#368](#368)) ([1237c9a](1237c9a)) * **scripts:** ensure reliable array count operations in linting and security scripts ([#395](#395)) ([de43e73](de43e73)) * **scripts:** standardize PowerShell requirements header block ([#385](#385)) ([6e26282](6e26282)) ### 📚 Documentation * add doc-ops agent to CUSTOM-AGENTS reference ([#358](#358)) ([15f7185](15f7185)) * add memory agent to CUSTOM-AGENTS.md ([#359](#359)) ([d92c4e1](d92c4e1)) * add missing agents to extension README ([#357](#357)) ([d58541c](d58541c)) * add task-reviewer agent to CUSTOM-AGENTS.md ([#363](#363)) ([0efb722](0efb722)) * **contributing:** add copyright header guidelines ([#382](#382)) ([881a567](881a567)) * **scripts:** update README.md with missing directory sections ([#355](#355)) ([ac2966f](ac2966f)) ### ♻️ Refactoring * **scripts:** align linting and tests with CIHelpers ([#401](#401)) ([3587e6a](3587e6a)) * **scripts:** extract Invoke-PackageExtension for testability ([#343](#343)) ([858a1be](858a1be)) * **scripts:** extract orchestration function for Prepare-Extension testability ([#344](#344)) ([9fd4bd1](9fd4bd1)) * **scripts:** replace raw GITHUB_OUTPUT with Set-CIOutput in Package-Extension ([#391](#391)) ([74a30bb](74a30bb)) * **security:** move DependencyViolation and ComplianceReport to shared module ([#378](#378)) ([1dd31ad](1dd31ad)) ### 🔧 Maintenance * add copyright headers to PowerShell scripts ([#381](#381)) ([d19c9b3](d19c9b3)) * add copyright headers to shell scripts ([#380](#380)) ([284b456](284b456)) * **deps-dev:** bump cspell from 9.6.1 to 9.6.2 in the npm-dependencies group ([#387](#387)) ([23c2b9f](23c2b9f)) * **workflows:** simplify Copilot setup steps workflow triggers ([#414](#414)) ([492a7b1](492a7b1)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: hve-core-release-please[bot] <254602402+hve-core-release-please[bot]@users.noreply.github.com> Co-authored-by: Bill Berry <wberry@microsoft.com>
This was referenced Feb 6, 2026
This was referenced Feb 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds
copilot-setup-steps.ymlworkflow to bridge the devcontainer environment to GitHub Actions runners for Copilot Coding Agent. The workflow pre-installs Node.js 20, Python 3.11, and PowerShell modules to match local development capabilities, enabling agents to use the same npm scripts for validation in the cloud environment..github/workflows/copilot-setup-steps.ymlwith SHA-pinned actions forcheckout,setup-node, andsetup-pythonnode,npm,python3,pwsh, andshellcheck.github/copilot-instructions.mdwith new "Coding Agent Environment" section documenting pre-installed tools and npm script usagecontents: readpermissions following principle of least privilegeRelated Issue(s)
Closes #388
Type of Change
Select all that apply:
Code & Documentation:
Infrastructure & Configuration:
AI Artifacts:
prompt-builderagent and addressed all feedback.github/instructions/*.instructions.md).github/prompts/*.prompt.md).github/agents/*.agent.md)Other:
.ps1,.sh,.py)Sample Prompts (for AI Artifact Contributions)
N/A - only updated copilot-instructions.md for the cloud agent.
Testing
npm run --listfor agent referenceChecklist
Required Checks
AI Artifact Contributions
.github/instructions/*.instructions.md)Required Automated Checks
The following validation commands must pass before merging:
npm run lint:mdnpm run spell-checknpm run lint:frontmatternpm run lint:md-linksnpm run lint:psSecurity Considerations
Additional Notes
The workflow uses SHA-pinned actions for security:
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd(v4.2.2)actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238(v4.1.0)actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f(v5.1.1)The job is named
copilot-setup-stepsas required by GitHub Copilot documentation for automatic recognition.Intentionally excluded or leveraged from runners:
security-scan.yml, following the principle that security validation belongs in the pipeline, not the agent's editing environment. GitHub's push protection provides an additional layer of defense.