[bug]Use user-scoped auth for Copilot E2E#1413
Open
stale2000 wants to merge 1 commit into
Open
Conversation
Copilot CLI now rejects the GitHub Actions installation token when loading models, so the Copilot E2E jobs need the same user-scoped secret already used by the isolated E2E workflow. The bootstrap guard fails early when the secret is absent, keeping the error actionable without printing the token. Constraint: Copilot CLI model access does not accept GitHub App server-to-server tokens. Rejected: Keep using github.token | latest Copilot CLI fails before tests with unsupported server-to-server token. Confidence: medium Scope-risk: narrow Directive: Do not replace unrelated GITHUB_TOKEN usage; this change is only for Copilot CLI authentication. Tested: git diff --check; mise run lint Not-tested: Real Copilot E2E run, because it makes paid external agent calls. Entire-Checkpoint: 6009a8fc1234
stale2000
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Entire logs: https://entire.io/gh/stale2000/cli/session/019eb4d1-91e3-7633-97e4-689edfb04769
Summary
Fixes the Copilot CLI E2E jobs by using the repo's Copilot-specific secret for Copilot CLI authentication instead of the GitHub Actions installation token.
The failing E2E run showed Copilot CLI failing while loading models with:
That points at the token type passed to Copilot CLI, not git checkout/push auth. The workflow was setting
COPILOT_GITHUB_TOKENto${{ github.token }}, which is an Actions installation/server-to-server token. Copilot CLI model access needs a supported user-scoped token, matching the existingE2E Isolated Testworkflow pattern that already passessecrets.COPILOT_GITHUB_TOKEN.Targeted Fix
${{ github.token }}to${{ secrets.COPILOT_GITHUB_TOKEN }}.This intentionally does not change unrelated
GITHUB_TOKEN/GH_TOKENusage, git remotes, checkout auth, or non-Copilot agents.Verification
git diff --checkmise run lintNot run: real Copilot E2E tests, because they invoke an external paid agent.