feat(workflow): add copilot-setup-steps.yml for Coding Agent environment (#398)

katriendg · Copilot · WilliamBerryiii · web-flow · commit 085a38b09a9d · 2026-02-03T10:49:59.000-08:00
## Description Adds `copilot-setup-steps.yml` workflow to bridge the devcontainer environment to GitHub Actions runners for Copilot Coding Agent. The workflow pre-installs Node.js 20, Python 3.11, and PowerShell modules to match local development capabilities, enabling agents to use the same npm scripts for validation in the cloud environment. - Created `.github/workflows/copilot-setup-steps.yml` with SHA-pinned actions for `checkout`, `setup-node`, and `setup-python` - Added tool verification step confirming availability of `node`, `npm`, `python3`, `pwsh`, and `shellcheck` - Updated `.github/copilot-instructions.md` with new "Coding Agent Environment" section documenting pre-installed tools and npm script usage - Applied minimal `contents: read` permissions following principle of least privilege ## Related Issue(s) Closes #388 ## Type of Change Select all that apply: **Code & Documentation:** - [ ] Bug fix (non-breaking change fixing an issue) - [x] New feature (non-breaking change adding functionality) - [ ] Breaking change (fix or feature causing existing functionality to change) - [ ] Documentation update **Infrastructure & Configuration:** - [x] GitHub Actions workflow - [ ] Linting configuration (markdown, PowerShell, etc.) - [ ] Security configuration - [ ] DevContainer configuration - [ ] Dependency update **AI Artifacts:** - [ ] Reviewed contribution with `prompt-builder` agent and addressed all feedback - [ ] Copilot instructions (`.github/instructions/*.instructions.md`) - [ ] Copilot prompt (`.github/prompts/*.prompt.md`) - [ ] Copilot agent (`.github/agents/*.agent.md`) **Other:** - [ ] Script/automation (`.ps1`, `.sh`, `.py`) - [ ] Other (please describe): ## Sample Prompts (for AI Artifact Contributions) N/A - only updated copilot-instructions.md for the cloud agent. ## Testing - Workflow triggers on push/PR to its own path for validation - Tool verification step confirms all dependencies are available - npm scripts listed via `npm run --list` for agent reference ## Checklist ### Required Checks - [ ] Documentation is updated (if applicable) - This will be a follow-up PR to update documentation after workflow is merged and verified - [x] Files follow existing naming conventions - [x] Changes are backwards compatible (if applicable) - [ ] Tests added for new functionality (if applicable) ### AI Artifact Contributions - [x] Copilot instructions (`.github/instructions/*.instructions.md`) ### Required Automated Checks The following validation commands must pass before merging: - [x] Markdown linting: `npm run lint:md` - [x] Spell checking: `npm run spell-check` - [ ] Frontmatter validation: `npm run lint:frontmatter` - [x] Link validation: `npm run lint:md-links` - [ ] PowerShell analysis: `npm run lint:ps` ## Security Considerations - [x] This PR does not contain any sensitive or NDA information - [ ] Any new dependencies have been reviewed for security issues - [x] Security-related scripts follow the principle of least privilege ## Additional Notes The workflow uses SHA-pinned actions for security: - `actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd` (v4.2.2) - `actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238` (v4.1.0) - `actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f` (v5.1.1) The job is named `copilot-setup-steps` as required by GitHub Copilot documentation for automatic recognition. **Intentionally excluded or leveraged from runners:** - **gitleaks** - Secret scanning runs in CI workflows via `security-scan.yml`, following the principle that security validation belongs in the pipeline, not the agent's editing environment. GitHub's push protection provides an additional layer of defense. - **shellcheck** - Pre-installed on ubuntu-latest runners (v0.9.0-1), no explicit installation needed. - **Pester 5.7.1** - Pre-installed on GitHub-hosted runners, no explicit installation needed. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Bill Berry <WilliamBerryiii@users.noreply.github.com>
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -91,5 +91,35 @@ All tracking files use markdown format with frontmatter and follow patterns from
 * Scripts follow instructions provided by the codebase for convention and standards.
 * Scripts used by the codebase have an `npm run` script for ease of use.
 
-PowerShell scripts follow PSScriptAnalyzer rules from `PSScriptAnalyzer.psd1` and include proper comment-based help. Validation runs via `npm run psscriptanalyzer` with results output to `logs/`.
+PowerShell scripts follow PSScriptAnalyzer rules from `PSScriptAnalyzer.psd1` and include proper comment-based help. Validation runs via `npm run lint:ps` with results output to `logs/`.
 <!-- </script-operations> -->
+
+<!-- <coding-agent-environment> -->
+## Coding Agent Environment
+
+Copilot Coding Agent uses a cloud-based GitHub Actions environment, separate from the local devcontainer. The `.github/workflows/copilot-setup-steps.yml` workflow pre-installs tools to match devcontainer capabilities.
+
+### Pre-installed Tools
+
+* Node.js 20 with npm dependencies from `package.json`
+* Python 3.11
+* PowerShell 7 with Pester 5.7.1 and PowerShell-Yaml modules
+* shellcheck for bash script validation (pre-installed on ubuntu-latest)
+
+### Using npm Scripts
+
+Agents should use npm scripts for all validation:
+
+* `npm run lint:md` - Markdown linting
+* `npm run lint:ps` - PowerShell analysis
+* `npm run lint:yaml` - YAML validation
+* `npm run lint:frontmatter` - Frontmatter validation
+* `npm run lint:all` - Run all linters
+* `npm run test:ps` - PowerShell tests
+
+### Environment Synchronization
+
+The `copilot-setup-steps.yml` mirrors tools from `.devcontainer/scripts/on-create.sh` and `.devcontainer/scripts/post-create.sh`. When adding tools to the devcontainer, update the setup workflow to maintain parity.
+<!-- </coding-agent-environment> -->
+
+🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
@@ -0,0 +1,65 @@
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: MIT
+#
+# copilot-setup-steps.yml
+# Pre-install tools and dependencies for GitHub Copilot Coding Agent
+# Reference: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment
+
+name: "Copilot Setup Steps"
+
+# Auto-run on push/PR to validate the setup workflow
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  # Job MUST be named 'copilot-setup-steps' to be recognized by Copilot
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+
+    # Minimal permissions; Copilot receives its own token for operations
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Set up Node.js
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+        with:
+          node-version: "20"
+          cache: "npm"
+
+      - name: Install JavaScript dependencies
+        run: npm ci
+
+      - name: Set up Python
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+        with:
+          python-version: "3.11"
+
+      - name: Install PowerShell modules
+        shell: pwsh
+        run: |
+          Install-Module -Name PowerShell-Yaml -Force -Scope CurrentUser
+          Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser
+
+      - name: Verify tool availability
+        run: |
+          echo "=== Tool Versions ==="
+          node --version
+          npm --version
+          python3 --version
+          pwsh --version
+          shellcheck --version
+          echo ""
+          echo "=== npm Scripts Available ==="
+          npm run --list
