Write repository automation workflows in natural language using markdown files and run them as GitHub Actions. Use AI agents with strong guardrails to automate your development workflow.
Imagine a world where improvements to your repositories are automatically delivered each morning, ready for you to review. Issues are automatically triaged, CI failures analyzed, documentation maintained and tests improved. All defined via simple markdown files.
GitHub Agentic Workflows deliver this: repository automation, running the coding agents you know and love, in GitHub Actions, with strong guardrails and security-first design principles.
Use GitHub Copilot, Claude by Anthropic or OpenAI Codex for event-triggered and scheduled jobs to improve your repository. GitHub Agentic Workflows augment your existing, deterministic CI/CD with Continuous AI capabilities.
Developed by GitHub Next and Microsoft Research, workflows run with added guardrails, using safe outputs and sandboxed execution to help keep your repository safe.
ⓘ Note: GitHub Agentic Workflows is in early development and may change significantly. Using agentic workflows requires careful attention to security considerations and careful human supervision, and even then things can still go wrong. Use it with caution, and at your own risk.
Workflows run with read-only permissions by default. Write operations require explicit approval through sanitized safe outputs (pre-approved GitHub operations), with sandboxed execution, tool allowlisting, and network isolation ensuring AI agents operate within controlled boundaries.
Here’s a simple workflow that runs daily to create an upbeat status report:
title-prefix: "[team-status] " labels: [report, daily-status]Create an upbeat daily status report for the team as a GitHub issue.- Recent repository activity (issues, PRs, discussions, releases, code changes)- Progress tracking, goal reminders and highlights- Project status and recommendations- Actionable next steps for maintainersThe gh aw cli augments this with a lock file for a GitHub Actions Workflow (.lock.yml) that runs an AI agent (Copilot, Claude, Codex, …) in a containerized environment on a schedule or manually.
The AI coding agent reads your repository context, analyzes issues, generates visualizations, and creates reports. All defined in natural language rather than complex code.
Install the extension, add a sample workflow, and trigger your first run - all from the command line in minutes.
Create custom agentic workflows directly from the GitHub web interface using natural language.
Read the original article
Comments
By onionisafruit 2026-02-0817:536 reply I noticed this unusual line in go.mod and got curious why it is using replace for this (typically you would `go get github.com/Masterminds/semver/v3@v3.4.0` instead).
I found this very questionable PR[0]. It appears to have been triggered by dependabot creating an issue for a version upgrade -- which is probably unnecessary to begin with. The copilot agent then implemented that by adding a replace statement, which is not how you are supposed to do this. It also included some seemingly-unrelated changes. The copilot reviewer called out the unrelated changes, but the human maintainer apparently didn't notice and merged anyway.replace github.com/Masterminds/semver/v3 => github.com/Masterminds/semver/v3 v3.4.0There is just so much going wrong here.
This happens with all agents I've used and package.json files for npm. Instead of using `npm i foo` the agent string-edits package.json and hallucinates some version to install. Usually it's a kind of ok version, but it's not how I would like this to work.
It's worse with renaming things in code. I've yet to see an agent be able to use refactoring tools (if they even exist in VS Code) instead of brute-forcing renames with string replacement or sed. Agents use edit -> build -> read errors -> repeat, instead of using a reliable tool, and it burns a lot more GPU...
By embedding-shape 2026-02-0820:091 reply > This happens with all agents I've used and package.json files for npm. Instead of using `npm i foo` the agent string-edits package.json and hallucinates some version to install.
When using codex, I usually have something like `Never add 3rd party libraries unless explicitly requested. When adding new libraries, use `cargo add $crate` without specifying the version, so we get the latest version.` and it seems to make this issue not appear at all.
By teaearlgraycold 2026-02-0821:581 reply Eventually this specific issue will be RLHF’d out of existence. For now that should mostly solve the problem, but these models aren’t perfect at following instructions. Especially when you’re deep into the context window.
> Especially when you’re deep into the context window.
Though that is, at least to me, a bit of an anti-pattern for exactly that reason. I've found it far more successful to blow away the context and restart with a new prompt from the old context instead of having a very long running back-and-forward.
Its better than it was with the latest models, I can have them stick around longer, but it's still a useful pattern to use even with 4.6/5.3
By teaearlgraycold 2026-02-0822:241 reply Opus has also clearly been trained to clear the context fairly often through the plan/code/plan cycle.
By catlifeonmars 2026-02-0913:29 Is it training, or prompting from the CLI?
By root_axis 2026-02-0822:03 > brute-forcing renames with string replacement
That's their strategy for everything the training data can't solve. This is the main reason the autonomous agent swarm approach doesn't work for me. 20 bucks in tokens just obliterated with 5 agents exchanging hallucinations with each-other. It's way too easy for them to amplify each other's mistakes without a human to intervene.
Totally. Surely the IDE’s like antigravity are meant to give the LLM more tools to use for eg refactoring or dependency management? I haven’t used it but seems a quick win to move from token generation to deterministic tool use.
By port11 2026-02-0820:38 As if. I’ve had Gemini stuck on AG because it couldn’t figure out how to use only one version of React. I managed to detect that the build failed because 2 versions of React were being used, but it kept saying “I’ll remove React version N”, and then proceeding to add a new dependency of the latest version. Loops and loops of this. On a similar note AG really wants to parse code with weird grep commands that don’t make any sense given the directory context.
By avereveard 2026-02-090:17 Worse still I created a mcp with refactoring tools and symbol based editing but because it's a) of of distribution for llm b) agent get their own heavy handed system prompts all the goodies get ignored
By threecheese 2026-02-0821:411 reply For the first, I think maintaining package-add instructions is table stakes, we need to be opinionated here. Agents are typically good at following them, if not you can fall over to a Makefile that does everything.
For the second, I totally agree. I continue to hope that agents will get better at refactoring, and I think using LSPs effectively would make this happen. Claude took dozens of minutes to perform a rename which Jetbrains would have executed perfectly in like five seconds. Its approach was to make a change, run the tests, do it again. Nuts.
By catlifeonmars 2026-02-0913:311 reply Does the agent have a way to interact with the lsp?
By onionisafruit 2026-02-0914:451 reply I don’t know about other lsps, but gopls has an -mcp flag that makes it run an mcp server. There’s also a jetbrains plugin for claude that gives claude the ability to use a subset of your jetbrains IDE’s features.
I usually have both of those configured when using claude on Go repos, and I still have the same frustrations as the comments above. Gopls has symbol search, but claude almost always uses grep to find uses instead.
By catlifeonmars 2026-02-1014:05 Didn’t know about the go lsp builtin mcp server. That’s neat!
Does preventing the agent from using a shell help at all with the grep issue?
By kittbuilds 2026-02-0823:04 [dead]
They are trying to fix it using this comment but cancelled mid way. Not sure why.
By onionisafruit 2026-02-0820:051 reply Ha, they used my comment in the prompt. I love it.
By resquawk 2026-02-0822:26 Thanks! We fixed this in another PR. Appreciate the feedback
By awesome_dude 2026-02-0821:59 This is more evidence of my core complaint with AI (and why it's not AGI at this point)
The AI hasn't understood what's going on, instead it has pattern matched strings and used those patterns to create new strings that /look/ right, but fail upon inspection.
(The human involved is also failing my Turing test... )
I like how it accumulated 3 such replacements before finally getting fixed as a reaction to this comment with PR 14543[0], but after review, two "fix unit tests" commits were added, one of which replaces claude with copilot and the second one messing up the docs markdown, getting merged after that. Agentic workflows are the battle...
By onionisafruit 2026-02-102:26 I’m glad they are dogfooding this in public because it is a good indicator to stay far far away
By Lucasoato 2026-02-0821:03 It is so important to use specific prompts for package upgrading.
Think about what a developer would do: - check the latest version online; - look at the changelog; - evaluate if it’s worth to upgrade or an intermediate may be alright in case of code update are necessary;
Of course, the keep these operations among the human ones, but if you really want to automate this part (and you are ready to pay its consequences) you need to mimic the same workflow. I use Gemini and codex to look for package version information online, it checks the change logs from the version I am to the one I’d like to upgrade, I spawn a Claude Opus subagent to check if in the code something needs to be upgraded. In case of major releases, I git clone the two packages and another subagents check if the interfaces I use changed. Finally, I run all my tests and verify everything’s alright.
Yes, it might not still be perfect, but neither am I.
By pnvdr 2026-02-097:53 Kinda reminds of secure sleep command in GitHub actions
By huevosabio 2026-02-0816:536 reply Github should focus on getting their core offerings in shape first.
I stopped using GH actions when I ran into this issue: https://github.com/orgs/community/discussions/151956#discuss...
That was almost a year ago and to this date I still get updates of people falling into the same issue.
By lloydatkinson 2026-02-0816:57 This reminds me slightly of some copilot nonsense I get. I don’t use copilot. Every few days when I’m on the GitHub homepage the copilot chat input (which I don’t want on my homepage anyway) tells me it’s disabled because I’ve used up my monthly limit of copilot.
I literally do not use it, and no my account isn’t compromised. Trying to trick people into paying? Seems cartoonishly stupid but…
By raxxorraxor 2026-02-0910:09 I cannot recommend Gitea enough. It is easy to install, can be very well integrated into the usual corporate Microsoft networks (ldap/adfs) and has very simple workers, which just reliably execute the actions defined in the .gitea folder of your repository. Installing workers is an extra step, but you don't really need a PhD to get it running.
You can build a very efficient and reliable CI pipeline this way and you are not dependent on third parties at all. The interface is mostly 1:1 Github. Just the bullshit is ripped out.
By pydry 2026-02-0817:04 Well, this behavior makes sense. They're a bluechip trying to maintain the illusion that theyre a growth stock juuuust a little bit longer.
By SkyPuncher 2026-02-0817:356 reply Ah, the critical problem dilemma. Some percentage of free users become paid users, but the free users take up an unreasonable amount of your time/energy/support.
The solution seems simple. Buy their product.
By huevosabio 2026-02-0818:151 reply I don't follow, we pay them for the actions and everything and still ran into this issue.
That's why it's an issue.
What's the issue, as you see it?
I've quoted the response on that ticket below. Is there something you disagree with? The "issue" is that usage exceeds the amount that's been paid. The solution sounds pretty simple: pay for your usage. Is your experience different somehow?
> If usage is exceeded, you need to add a payment method and set a spending limit (you can even set it to $0 if you don’t want to allow extra charges).
> If you don’t want to add billing, you’ll need to wait until your monthly quota resets (on the first day of the next month).
Edit: also, one of the other comments says this:
> If you’re experiencing this issue, there are two primary potential causes:
> Your billing information is incorrect. Please update your payment method and ensure your billing address is correct.
> You have a budget set for Actions that is preventing additional spend. Refer to Billing & Licensing > Budgets.
By huevosabio 2026-02-091:54 I paid or tried to for the extra billing, I followed all the instructions and still got the same error. Attempts to get help land you in that catch-all issue.
Its a problem with their own systems and it's easier to role out your own alternative than to get a handle of a support person.
By wasmainiac 2026-02-0819:33 > The solution seems simple. Buy their product.
Buying half baked software would probably encourage this. Quarter baked software!
By elAhmo 2026-02-0912:44 GitHub made more things free than in the past after MS acquisition, so this is driven by them, not just by users, making your 'buy their product' not really viable in this case.
I remember having to pay to have private repos in the past, but I guess MS didn't want my money and now I am a free user. If they offer stuff for free, doesn't mean it should be unreliable and best effort.
By catlifeonmars 2026-02-0913:37 Looks like the issue linked above affected both paid and free users.
By vikkymelani 2026-02-0822:45 [dead]
"In shape" in what sense? This is just hitting the limits of a free account, and the message clearly states that.
> people falling into the same issue.
Every SaaS provider with a free tier has this issue. How do you suggest it should be addressed?
By huevosabio 2026-02-091:57 As I stated above, the problem is that even when I tried to pay, it was still failing under the same error.
I don't mind paying for software, I hate paying for half-assed, unsupported software.
By catlifeonmars 2026-02-0913:43 This affected (probably still affects) paid and free tier users. There’s obviously some corrupt state for some accounts on the backend. As stated in the issue, if you are successfully able to engage support they’re gonna run a script to get your account unstuck. I’m reading between the lines a bit, but that seems to be the gist of it.
By nozzlegear 2026-02-0822:27 I've been a paying Github user for years now, and as an open source maintainer who uses Github Actions, I'm annoyed that my money has been funding AI bullshit instead of fixes and improvements for their core offering.
By onionisafruit 2026-02-0817:181 reply This is an extension for the gh cli that takes markdown files as input and creates github actions workflow files from them. Not just any workflow files, but 1000-line beasts that you'll need an LLM to explain what they do.
I tried out `gh aw init` and hit Y at the wrong prompt. It created a COPILOT_GITHUB_TOKEN on the github repo I happened to be in presumably with a token from my account. That's something that really should have an extra confirmation.
Thanks, this has been changed (no use of local token) and there are now extra confirmations too.
By catlifeonmars 2026-02-0913:44 Is this thing production ready?
