Add GitHub Actions instructions for repository workflows

[Sylvie1711]

Pull Request

Description

This PR adds repository-specific GitHub Actions instructions under .github/instructions/.

The instructions document existing conventions and security requirements observed across current workflows and are intended to guide contributors and tooling when authoring or modifying GitHub Actions.

Related Issue(s)

Fixes #317

Type of Change

Select all that apply:

Code & Documentation:

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Infrastructure & Configuration:

• GitHub Actions workflow
• Linting configuration (markdown, PowerShell, etc.)
• Security configuration
• DevContainer configuration
• Dependency update

AI Artifacts:

• Reviewed contribution with prompt-builder agent and addressed all feedback
• Copilot instructions (.github/instructions/*.instructions.md)
• Copilot prompt (.github/prompts/*.prompt.md)
• Copilot agent (.github/agents/*.agent.md)
• Copilot skill (.github/skills/*/SKILL.md)

Other:

• Script/automation (.ps1, .sh, .py)
• Other (please describe):

Sample Prompts (for AI Artifact Contributions)

Testing

Not applicable. Documentation-only change.

Checklist

Required Checks

• Documentation is updated (if applicable)
• Files follow existing naming conventions
• Changes are backwards compatible (if applicable)
• Tests added for new functionality (if applicable)

AI Artifact Contributions

• Used /prompt-analyze to review contribution
• Addressed all feedback from prompt-builder review
• Verified contribution follows common standards and type-specific requirements

Required Automated Checks

• Markdown linting: npm run lint:md
• Spell checking: npm run spell-check
• Frontmatter validation: npm run lint:frontmatter
• Link validation: npm run lint:md-links
• PowerShell analysis: npm run lint:ps

Security Considerations

• This PR does not contain any sensitive or NDA information
• Any new dependencies have been reviewed for security issues
• Security-related scripts follow the principle of least privilege

Additional Notes

None.

[katriendg]

Hi @Sylvie1711, thank you for taking the time to contribute to what may be your first PR (congrats on taking this step!).

It looks like the PR currently contains an empty file. For this reason, I've marked this PR as Draft so you can continue work before asking for a review.

The instructions file needs the actual content outlined in issue #317, including:

• Frontmatter with proper applyTo glob pattern
• Dependency pinning requirements (full SHA pins)
• Permissions best practices
• Reusable workflow patterns
• Security guidelines

Typical PR workflow for this repo:

1. Fork and create a feature branch
2. Review the issue's acceptance criteria and proposed solution
3. Implement the changes following our Contributing AI Artifacts and Instructions Guidelines
4. Run validation commands (npm run lint:md, npm run lint:frontmatter, etc.)
5. Test the instructions with actual workflow edits to verify they provide useful guidance
6. Then push the changes to the branch and when you are ready mark this PR as ready for review

Suggestion: Use the RPI Agent

To help you create a complete implementation, try invoking our rpi-agent in VS Code with GitHub Copilot:

/rpi Implement issue #317: create .github/instructions/github-actions.instructions.md with the content specified in the issue acceptance criteria

The RPI (Research → Plan → Implement) workflow will research the codebase patterns, create an implementation plan, and generate the content following our conventions.

Resources:

• Contributing AI Artifacts
• Instructions Guidelines
• RPI Workflow Documentation

Let me know if you'd like guidance walking through the RPI workflow, and thanks again for your interest in contributing!

[Sylvie1711]

Hi @katriendg, thanks for the clarification.

I’ve added the full instructions content per issue #317 and incorporated the requested sections.
I also ran npm run lint:md and npm run lint:frontmatter locally and both passed.

Please let me know if there’s any additional feedback or changes you’d like me to make.

[Sylvie1711]

The instructions file was populated in commit 68867a8 (54 lines added).
The initial commit created an empty file.

i've marked it ready for review, Thanks.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.19%. Comparing base (5e710fd) to head (f816c01).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #430      +/-   ##
==========================================
- Coverage   76.22%   76.19%   -0.03%     
==========================================
  Files          20       20              
  Lines        3503     3503              
==========================================
- Hits         2670     2669       -1     
- Misses        833      834       +1     

Flag	Coverage Δ
pester	76.19% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[WilliamBerryiii]

Thank you for the continued work on this PR, @Sylvie1711! We're looking forward to moving this forward.

One remaining step before we can proceed with the review: we need you to sign the Contributor License Agreement (CLA). The microsoft-github-policy-service bot posted the agreement earlier in this thread. To sign, simply reply to that comment with:

@microsoft-github-policy-service agree

Once the CLA is signed, we can continue with the review process. Let us know if you have any questions!

[Sylvie1711]

@microsoft-github-policy-service agree

[Sylvie1711]

@WilliamBerryiii Please let me know if anything else is required. Thanks.

[WilliamBerryiii]

Thank you @Sylvie1711 for this contribution! 🎉

This is a great addition to the repository — having well-documented GitHub Actions conventions and security requirements will help every contributor and tool that touches our workflows. Appreciate you taking the time to put this together and iterate on the review feedback.

Welcome to hve-core! 🚀

[Sylvie1711]

Thanks you @agreaves-ms @WilliamBerryiii and @katriendg for the pointers, review and help. Looking forward to contributing more.