093495a653
Some checks failed
Test / rust-fmt-check (pull_request) Failing after 0s
Test / rust-clippy (pull_request) Failing after 1s
Test / rust-tests (pull_request) Failing after 0s
Test / frontend-typecheck (pull_request) Failing after 16s
Test / frontend-tests (pull_request) Failing after 18s
PR Review Automation / review (pull_request) Failing after 4m13s
Complete backport of all features from apollo_nxt-trcaa repository: - Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny) - Ollama function calling with tool use support - AI provider tool calling auto-detection - kubectl binary bundling and management - kubeconfig upload and context management - Shell approval modal with real-time UI - MCP protocol HTTP transport with custom headers - Enhanced security audit logging - Comprehensive test coverage (275+ tests) - Updated CI/CD workflows for Gitea Actions - Complete documentation (ADRs, wiki, release notes) Sanitization applied to all files: - Removed all MSI, Motorola, VNXT, Vesta references - Replaced internal infrastructure references with TFTSR equivalents - Updated all URLs and API endpoints - Sanitized commit history references in documentation Technical changes: - New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig - Enhanced AI providers: ollama.rs, openai.rs with function calling - New Tauri commands: shell execution, kubeconfig management, tool calling detection - Database migrations: shell_execution_audit table - Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages - CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration Version: 1.0.8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
5.0 KiB
5.0 KiB
GitHub Copilot Code Review Setup
Overview
GitHub Copilot can automatically review pull requests when properly configured. This document explains how to enable Copilot code reviews for this repository.
Current Status
✅ Workflows Active: GitHub shows Copilot workflows are active:
Copilot(pull-request-reviewer)Copilot cloud agent(copilot-swe-agent)CodeQL(code scanning)
⚠️ Configuration Needed: Copilot code reviews must be enabled through GitHub Advanced Security settings.
How GitHub Copilot Code Reviews Work
GitHub Copilot code reviews are not triggered via CODEOWNERS file (unlike human reviewers). Instead, they are configured through:
- GitHub Advanced Security (requires GitHub Enterprise or GitHub Team plan)
- Repository Settings → Security → Code security and analysis
- Copilot Autofix (for security vulnerabilities)
- Copilot Code Review (manual opt-in feature)
Setup Steps
Step 1: Enable GitHub Advanced Security
- Navigate to:
https://github.com/tftsr/apollo_nxt-trcaa/settings/security_analysis - Enable GitHub Advanced Security (if available with your plan)
- Enable Dependabot alerts
- Enable Code scanning (CodeQL)
- Enable Secret scanning
Step 2: Enable Copilot Code Review
As of 2024-2026, GitHub Copilot code reviews can be enabled via:
Option A: Copilot Autofix (Security-focused)
- Go to repository Settings → Code security and analysis
- Enable Copilot Autofix under "Code scanning"
- Copilot will suggest fixes for CodeQL alerts in pull requests
Option B: Copilot Workspace (Preview Feature)
- Ensure your organization has Copilot Business or Enterprise
- Navigate to:
https://github.com/tftsr/apollo_nxt-trcaa/settings/copilot - Enable Copilot Code Review (if available)
- Configure review triggers:
- On all pull requests
- On pull requests targeting protected branches
- Manual trigger only
Step 3: Configure Review Rules
Add Copilot as a required check in branch protection:
# Via GitHub CLI
gh api repos/tftsr/apollo_nxt-trcaa/branches/main/protection/required_status_checks \
--method PATCH \
--field strict=true \
--field contexts[]='rust-test' \
--field contexts[]='frontend-test' \
--field contexts[]='copilot-code-review' # Add this line
Or via GitHub UI:
- Go to Settings → Branches → Branch protection rules → main
- Under "Require status checks to pass before merging"
- Add copilot-code-review to required checks
Verification
To verify Copilot is reviewing PRs:
# Check if Copilot workflow ran on a PR
gh pr checks 27
# Check for Copilot comments on a PR
gh pr view 27 --comments | grep -i copilot
Triggering Manual Review
If Copilot code review is enabled but not automatic, you can trigger it manually:
- Add a comment to the PR:
@github-copilot review - Or use GitHub CLI:
gh pr review 27 --request-changes --body "@github-copilot please review"
Current Configuration
Branch Protection (as of 2026-06-02):
- ✅ Required status checks:
rust-test,frontend-test - ✅ Require code owner reviews: Yes
- ✅ Required approving review count: 1
- ⚠️ Copilot code review: Not configured as required check
CODEOWNERS:
- Owner: @sarman
- Note:
@github-copilotremoved from CODEOWNERS (not a valid reviewer)
Limitations
- Plan Requirement: GitHub Advanced Security requires GitHub Enterprise or Team plan
- Private Repos: May have limited Copilot features depending on plan
- Availability: Copilot code review features are gradually rolling out
- Manual Trigger: Some orgs require manual trigger via comments
Alternative: CodeQL Analysis
If Copilot code review is not available, CodeQL provides automated code analysis:
- CodeQL workflow is already active (
.github/workflows/codeql-analysis.yml- dynamic) - Runs on every push to main and pull request
- Scans for security vulnerabilities and code quality issues
- Results appear in Security → Code scanning alerts
References
Action Items
To fully enable Copilot code reviews on this repo:
- Verify GitHub plan includes Advanced Security features
- Enable GitHub Advanced Security in repo settings
- Enable Copilot Autofix (if available)
- Configure Copilot code review triggers (if feature is available)
- Add
copilot-code-reviewto required status checks - Test on a sample PR to verify functionality
Contact
For questions about GitHub Advanced Security or Copilot features for the TFTSR organization, contact:
- GitHub Organization Admins
- DevOps Team
Last Updated: 2026-06-02 Status: Configuration pending - awaiting Advanced Security setup