Skip to content

Propagate integration-test model credentials to issue-triage repro#5443

Merged
moonbox3 merged 1 commit into
microsoft:mainfrom
moonbox3:improve-triage-workflow
Apr 23, 2026
Merged

Propagate integration-test model credentials to issue-triage repro#5443
moonbox3 merged 1 commit into
microsoft:mainfrom
moonbox3:improve-triage-workflow

Conversation

@moonbox3

Copy link
Copy Markdown
Contributor

Summary

Extends the Issue Triage workflow so the reproduce step can execute generated Python that calls a real language model, using the same credentials already proven in the integration test workflow — without those secrets ever entering the agent prompt.

  • Scope the triage job to the integration GitHub Environment and add id-token: write permission.
  • Add an azure/login@v2 OIDC step to establish an AAD session for Azure OpenAI and Foundry callers (DefaultAzureCredential picks this up automatically — no API key to leak).
  • On the Reproduce reported issue step only, inject the OpenAI / Azure OpenAI / Foundry / Anthropic env vars (keys from secrets, model ids/endpoints from vars) that mirror python-integration-tests.yml. The spam-gate step keeps its minimal environment.

A companion change in moonbox3/agent-dashboard@main updates repro_instructions so the agent must construct clients from env-based constructors and must never print/log secrets or inline credentials as literals.

Test plan

  • Trigger the workflow manually via workflow_dispatch against a known-good bug issue and confirm the integration environment's reviewer gate appears before execution.
  • Verify Azure CLI Login step succeeds and the Reproduce reported issue job has the expected env vars.
  • Confirm the agent's generated repro code constructs an Azure OpenAI / OpenAI / Foundry client without any hardcoded credential literals and the call against the real provider succeeds.
  • Inspect job logs for any accidental secret exposure; GH masking should catch exact matches.

Scopes the triage job to the integration GitHub Environment, adds
the azure/login OIDC step, and exposes the same OpenAI / Azure
OpenAI / Foundry / Anthropic env vars the integration test
workflow uses. This lets the triage agent write repro code that
constructs model clients from the environment without any secrets
entering the agent prompt or generated-code literals.

Azure OpenAI and Foundry continue to authenticate via AAD
(DefaultAzureCredential), so there is no API key to leak for
those providers.
Copilot AI review requested due to automatic review settings April 23, 2026 12:00
@moonbox3 moonbox3 merged commit fbbc2eb into microsoft:main Apr 23, 2026
21 checks passed

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Extends the Issue Triage GitHub Actions workflow so the “Reproduce reported issue” step can run generated Python against real model providers using the same environment-scoped credentials used by the integration test workflows.

Changes:

  • Adds id-token: write permission and scopes the triage job to the integration GitHub Environment.
  • Adds an azure/login@v2 OIDC step to establish Azure authentication for Azure OpenAI / Foundry via DefaultAzureCredential.
  • Injects model provider environment variables (OpenAI, Azure OpenAI, Foundry, Anthropic) into the repro step.

Comment on lines +130 to +136
- name: Azure CLI Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

Copilot AI Apr 23, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Azure CLI login runs before the spam gate and will execute even when the spam gate later blocks. Since Azure auth is only needed for the repro step, gate this step on the spam decision (and/or move it to just before "Reproduce reported issue") to avoid establishing an Azure session unnecessarily and to keep pre-repro execution as low-privilege as possible.

Copilot uses AI. Check for mistakes.
Comment on lines +186 to +194
FOUNDRY_PROJECT_ENDPOINT: ${{ vars.FOUNDRY_PROJECT_ENDPOINT }}
FOUNDRY_MODEL: ${{ vars.FOUNDRY_MODEL }}
FOUNDRY_AGENT_NAME: ${{ vars.FOUNDRY_AGENT_NAME }}
FOUNDRY_AGENT_VERSION: ${{ vars.FOUNDRY_AGENT_VERSION }}
FOUNDRY_MODELS_ENDPOINT: ${{ vars.FOUNDRY_MODELS_ENDPOINT || '' }}
FOUNDRY_MODELS_API_KEY: ${{ secrets.FOUNDRY_MODELS_API_KEY || '' }}
FOUNDRY_EMBEDDING_MODEL: ${{ vars.FOUNDRY_EMBEDDING_MODEL || '' }}
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
ANTHROPIC_CHAT_MODEL: ${{ vars.ANTHROPIC_CHAT_MODEL_ID }}

Copilot AI Apr 23, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description says the repro step env vars mirror python-integration-tests.yml, but the Foundry set is missing FOUNDRY_IMAGE_EMBEDDING_MODEL (present in the integration workflow). If repro code ever exercises image embedding via Foundry, this will fail; either add the missing variable here or update the description to reflect the intended subset.

Copilot uses AI. Check for mistakes.
Comment on lines 11 to +14
permissions:
contents: read
issues: write
id-token: write

Copilot AI Apr 23, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

id-token: write is granted at the workflow level, which also applies to the team_check job even though it doesn't use OIDC. For least-privilege, consider moving id-token: write to jobs.triage.permissions (or only the job(s) that call azure/login) and keeping workflow-level permissions minimal.

Copilot uses AI. Check for mistakes.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 4 | Confidence: 91%

✓ Correctness

This PR adds Azure OIDC authentication and model-provider environment variables to the issue triage workflow. The changes are structurally correct: id-token: write is required for the azure/login@v2 OIDC flow, the environment: integration grants access to environment-scoped secrets/variables, and the env vars are properly scoped to the repro step. No correctness bugs found.

✓ Security Reliability

This PR adds Azure OIDC login and model-provider credentials to the issue-triage workflow for the repro step. The OIDC pattern (azure/login@v2 with federated credentials) is the recommended approach. The environment: integration gate is a good security control. The workflow currently triggers only on workflow_dispatch, meaning a privileged user must manually invoke it, which limits exposure. One minor improvement: the id-token: write permission is granted at workflow level, giving it to the team_check job which doesn't need it—scoping it to the triage job would follow least-privilege. The multiple API keys (OpenAI, Anthropic, Foundry) are passed as environment variables to a step that ultimately processes user-authored issue content for repro; the DevFlow scripts are in a private repo so the sanitization boundary cannot be verified here, but the layered controls (manual trigger, environment protection, spam gate) provide reasonable defense in depth.

✓ Test Coverage

This PR modifies a GitHub Actions workflow file (.github/workflows/issue-triage.yml) to add Azure OIDC login and model-provider environment variables for the issue triage pipeline. These are CI/CD infrastructure changes — workflow YAML files are not covered by unit tests in this repository. The scripts they invoke (classify_issue_spam.py, trigger_issue_repro.py) reside in a private devflow repo and are outside the scope of this PR. No application code or testable logic was added or changed in this repository, so there is no missing test coverage to flag.

✗ Design Approach

This change widens the trust boundary of issue triage in two important ways. First, it binds the whole triage job to the privileged integration environment and performs Azure login before the existing spam gate, so every non-team issue—including ones later rejected as spam—now gets access to environment-backed credentials and an Azure identity. Second, the repro step now exports a broad set of model-provider secrets into the environment specifically for generated repro code to consume, which is a much broader exposure than selecting a single provider through trusted workflow logic.

Flagged Issues

  • The repro step injects all configured provider credentials into the generated reproduction environment, coupling issue-driven code execution to the full secret set instead of the minimum provider actually needed.

Suggestions

  • Replace the broad secret injection with trusted provider selection outside the generated repro code, then pass only the single credential set required for that run.

Automated review by moonbox3's agents

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants