Skip to content

Run security-guard only when PR is marked ready for review #12438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 6 commits into from
Jan 29, 2026
Merged

Run security-guard only when PR is marked ready for review #12438

pelikhan merged 6 commits into from
Jan 29, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 29, 2026
edited
Loading

The security-guard workflow was running on all PRs including drafts, creating noise before code is ready for review.

Changes

  • Added draft: false filter to pull_request trigger in security-guard.md
  • Set trigger to only ready_for_review event (removed opened, synchronize, reopened)
  • Recompiled workflow with draft filtering conditions applied to job gates

Implementation

on:
  pull_request:
    types: [ready_for_review]
    draft: false

The compiler transforms this into job-level conditions (github.event.pull_request.draft == false) on both pre_activation and activation jobs, following the existing pattern used by other workflows in the repo.

Result

Security reviews now only run when a PR is explicitly marked as ready for review. The workflow will not run on initial PR creation, subsequent pushes, or reopened PRs - only when the author marks the PR ready for review.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

Original prompt

Update security guard to only run when the pull request is ready for review.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@pelikhan pelikhan mentioned this pull request Jan 29, 2026
Closed
Copilot AI and others added 2 commits January 29, 2026 04:22
@pelikhan
Plan: Update security-guard to only run on ready PRs
56e5812 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Update security-guard to only run on ready PRs
9dcf06a 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
pelikhan
pelikhan reviewed Jan 29, 2026
View reviewed changes
@pelikhan
Use draft: false field instead of if condition for consistency
7fabb5b 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update security guard to run on pull request ready status Skip security-guard on draft PRs Jan 29, 2026
Copilot AI requested a review from pelikhan January 29, 2026 04:29
@pelikhan
Remove opened, synchronize, reopened events per review feedback
2ae39f6 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title Skip security-guard on draft PRs Run security-guard only when PR is marked ready for review Jan 29, 2026
@pelikhan pelikhan marked this pull request as ready for review January 29, 2026 04:42
@pelikhan pelikhan merged commit 882b964 into main Jan 29, 2026
49 checks passed
@pelikhan pelikhan deleted the copilot/update-security-guard-trigger branch January 29, 2026 04:42
@github-actions github-actions bot mentioned this pull request Jan 29, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan