mirror of
https://github.com/github/awesome-copilot.git
synced 2026-07-15 10:25:18 +00:00
36b30eb113
* Add tm7-threat-model skill for valid TM7 file generation Adds a skill that generates valid Microsoft Threat Modeling Tool (.tm7) files using the correct WCF DataContractSerializer format, with a minimal reference file. Includes STRIDE threat generation workflow and a checklist of common serialization mistakes that corrupt .tm7 files. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review: sanitize reference model, fix dangling refs, move to assets - Move example-minimal.tm7 into assets/ per repo convention (aaronpowell). - Remove personal/corporate metadata from the reference model (Owner, Contributors, ChangedBy domain account, project names). - Make the reference model self-contained: add a second stencil so the data flow and threat SourceGuid/TargetGuid/FlowGuid all resolve to real elements. - Fix SKILL.md threat contract (KeyValueOfstringThreatpc_P0_PhOB with b:-prefixed KnowledgeBase fields) to match the bundled reference. - Reconcile guidance: MetaInformation/Notes/KnowledgeBase are valid schema elements and must be preserved; only SecurityGaps/Mitigations are invalid. - Regenerate docs/README.skills.md and normalize line endings to LF. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address 2nd review: correct KnowledgeBase placement, valid TypeIds, z:Id uniqueness - Document KnowledgeBase as a top-level sibling after ThreatMetaData (not embedded) - Update skeleton to show <ThreatMetaData/>, sibling <KnowledgeBase>, and <Profile> - Replace TypeIds absent from the bundled KB: AzureCosmosDB -> AzureSQLDB, HumanUser -> Mobile, GenericDataFlow -> Request - Require z:Id uniqueness across the file in the common-mistakes checklist Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: exclude *.tm7 exports from codespell MTM DataContract .tm7 exports embed base64 icon blobs whose substrings (oT, bu, wth, mKe, ...) trigger codespell false positives. Skip *.tm7, matching the existing convention for binary/asset files. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: prasad <prasaddharaskar@gmail.com> Co-authored-by: Aaron Powell <me@aaron-powell.com>
⚡ Agentic Workflows
Agentic Workflows are AI-powered repository automations that run coding agents in GitHub Actions. Defined in markdown with natural language instructions, they enable event-triggered and scheduled automation with built-in guardrails and security-first design.
How to Contribute
See CONTRIBUTING.md for guidelines on how to contribute new workflows, improve existing ones, and share your use cases.
How to Use Agentic Workflows
What's Included:
- Each workflow is a single
.mdfile with YAML frontmatter and natural language instructions - Workflows are compiled to
.lock.ymlGitHub Actions files viagh aw compile - Workflows follow the GitHub Agentic Workflows specification
To Install:
- Install the
gh awCLI extension:gh extension install github/gh-aw - Copy the workflow
.mdfile to your repository's.github/workflows/directory - Compile with
gh aw compileto generate the.lock.ymlfile - Commit both the
.mdand.lock.ymlfiles
To Activate/Use:
- Workflows run automatically based on their configured triggers (schedules, events, slash commands)
- Use
gh aw run <workflow>to trigger a manual run - Monitor runs with
gh aw statusandgh aw logs
When to Use:
- Automate issue triage and labeling
- Generate daily status reports
- Maintain documentation automatically
- Run scheduled code quality checks
- Respond to slash commands in issues and PRs
- Orchestrate multi-step repository automation
| Name | Description | Triggers |
|---|---|---|
| Daily Issues Report | Generates a daily summary of open issues and recent activity as a GitHub issue | schedule |
| OSPO Contributors Report | Monthly contributor activity metrics across an organization's repositories. | schedule, workflow_dispatch |
| OSPO Organization Health Report | Comprehensive weekly health report for a GitHub organization. Surfaces stale issues/PRs, merge time analysis, contributor leaderboards, and actionable items needing human attention. | schedule, workflow_dispatch |
| OSPO Stale Repository Report | Identifies inactive repositories in your organization and generates an archival recommendation report. | schedule, workflow_dispatch |
| OSS Release Compliance Checker | Analyzes a target repository against open source release requirements and posts a detailed compliance report as an issue comment. | issues, workflow_dispatch |
| Relevance Check | Slash command to evaluate whether an issue or pull request is still relevant to the project | slash_command, roles |
| Relevance Summary | Manually triggered workflow that summarizes all open issues and PRs with a /relevance-check response into a single issue | workflow_dispatch |
| Weekly Comment Sync | Weekly workflow that finds stale code comments or README snippets, makes text-only synchronization updates, and opens a draft pull request when changes are needed. | schedule, workflow_dispatch |