Commit 8ed91f0
committed
Merge #152: Add GitHub Copilot agent environment setup workflow
ca533d5 fix: remove sudo from dependency installer invocation (copilot-swe-agent[bot])
fdae848 refactor: improve Copilot workflow based on code review (copilot-swe-agent[bot])
270ecbf fix: correct binary path in Copilot setup workflow (copilot-swe-agent[bot])
5a15b80 feat: add Copilot agent environment setup workflow (copilot-swe-agent[bot])
cd079b2 Initial plan (copilot-swe-agent[bot])
Pull request description:
Configure GitHub Copilot Agent Environment Setup
This PR implements a GitHub Actions workflow that preinstalls all required development dependencies before the Copilot coding agent starts working, ensuring consistent environment setup.
## Implementation Complete ✅
- [x] Understand repository structure and requirements
- [x] Review dependency-installer package documentation
- [x] Review existing workflows for conventions
- [x] Create `.github/workflows/copilot-setup-steps.yml` workflow file
- [x] Fix binary path (workspace target, not package target)
- [x] Address code review feedback (add timeout, simplify toolchain setup)
- [x] Fix sudo issue for cargo-machete installation
- [x] Verify workflow syntax and configuration
- [x] Run linters (all passed)
- [x] Code review completed and addressed
- [x] CodeQL security check passed (0 alerts)
## Workflow Features
**File**: `.github/workflows/copilot-setup-steps.yml`
- Job name: `copilot-setup-steps` (required by GitHub)
- Runner: `ubuntu-latest` (only Ubuntu x64 supported by Copilot)
- Timeout: 30 minutes (consistent with other provision tests)
- Permissions: Minimal (`contents: read`)
- Triggers:
- `workflow_dispatch` - manual testing from Actions tab
- `push` - when workflow file is modified
- `pull_request` - validation before merging
**Steps**:
1. Checkout code using `actions/checkout@v4`
2. Set up Rust toolchain (stable) using `dtolnay/rust-toolchain@stable`
3. Enable Rust cache using `Swatinem/rust-cache@v2`
4. Build dependency-installer binary in release mode
5. Install all dependencies using the binary (handles sudo internally per dependency)
6. Verify all installations succeeded
**Dependencies Installed**:
- cargo-machete (Rust dependency analyzer) - no sudo required
- OpenTofu (infrastructure provisioning) - uses sudo internally
- Ansible (configuration management) - uses sudo internally
- LXD (VM-based testing) - uses sudo internally
## Technical Implementation
- Binary path uses workspace target directory (`target/release/dependency-installer`)
- Build command: `cargo build --release -p torrust-dependency-installer --bin dependency-installer`
- Installation runs WITHOUT sudo; each installer handles privilege escalation internally
- Environment: `DEBIAN_FRONTEND=noninteractive` for non-interactive installation
- Verification: `target/release/dependency-installer check` confirms all tools installed
- Timeout: 30 minutes to prevent hanging builds
## Recent Fix
**Issue**: cargo-machete installation failed with "No such file or directory (os error 2)"
**Root Cause**: Running the entire installer with `sudo` prevented cargo-machete from being installed because the `cargo` command was not in sudo's PATH.
**Solution**: Removed `sudo` from the workflow invocation. The installer binary already handles sudo internally for dependencies that need it (OpenTofu, Ansible, LXD), while cargo-machete doesn't require sudo.
## Quality Checks ✅
- ✅ YAML syntax validated
- ✅ All linters passed (markdown, yaml, toml, cspell, clippy, rustfmt, shellcheck)
- ✅ Binary build verified
- ✅ Code review completed and feedback addressed
- ✅ CodeQL security scan passed (0 alerts)
## Security Summary
No security vulnerabilities detected. The workflow follows security best practices:
- Minimal permissions (`contents: read`)
- Uses official GitHub Actions with version pinning
- Non-interactive installation prevents security prompts
- Timeout prevents resource exhaustion
- Privilege escalation handled appropriately per dependency
<!-- START COPILOT CODING AGENT SUFFIX -->
<details>
<summary>Original prompt</summary>
>
> ----
>
> *This section details on the original issue you should resolve*
>
> <issue_title>Configure GitHub Copilot Agent Environment</issue_title>
> <issue_description>**Parent Epic**: #112 - Refactor and Improve E2E Test Execution
> **Depends On**: #113 - Create Dependency Installation Package for E2E Tests (Issue 1-1)
>
> ## Overview
>
> Create a GitHub Actions workflow file (`.github/workflows/copilot-setup-steps.yml`) that preinstalls all required development dependencies before the Copilot coding agent starts working. This ensures the agent has the same environment as human contributors, improving reliability and speed when working on assigned issues.
>
> ## Objectives
>
> - Create `.github/workflows/copilot-setup-steps.yml` workflow file
> - Configure workflow to build and run dependency-installer binary
> - Install all development dependencies (cargo-machete, OpenTofu, Ansible, LXD)
> - Verify installations are successful
> - Test workflow manually before agent use
>
> ## Key Components
>
> **Workflow Requirements**:
> - Job name MUST be `copilot-setup-steps` (GitHub requirement)
> - Triggers: `workflow_dispatch`, `push`, `pull_request` on workflow file changes
> - Permissions: Minimal (`contents: read`)
> - Runs on: `ubuntu-latest`
>
> **Workflow Steps**:
> 1. Checkout code
> 2. Set up Rust toolchain
> 3. Build dependency-installer binary
> 4. Install all dependencies using the binary
> 5. Verify installations succeeded
>
> ## Why Use Our Binary
>
> - ✅ Consistent with Issue 1-1
> - ✅ Tested (comprehensive tests in Issues 1-1-1 through 1-1-4)
> - ✅ Maintainable (single source of truth)
> - ✅ Idempotent (safe to run multiple times)
> - ✅ Better error handling than bash scripts
>
> ## Acceptance Criteria
>
> - Pre-commit checks pass
> - Workflow file created at correct location
> - Workflow runs successfully when triggered manually
> - All dependencies are installed correctly
> - Copilot agent can use the workflow
>
> ## Time Estimate
>
> 2-3 hours
>
> ## Related Documentation
>
> - Full specification: [docs/issues/120-1-4-configure-github-copilot-agent-environment.md](https://github.com/torrust/torrust-tracker-deployer/blob/main/docs/issues/120-1-4-configure-github-copilot-agent-environment.md)
> - GitHub Docs: [Customizing Copilot Agent Environment](https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment)</issue_description>
>
> ## Comments on the Issue (you are @copilot in this section)
>
> <comments>
> </comments>
>
</details>
- Fixes #120
<!-- START COPILOT CODING AGENT TIPS -->
---
💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
ACKs for top commit:
josecelano:
ACK ca533d5
Tree-SHA512: 9302b5af558a9f597c45a5216217d891a513f8fc37f545b018bde71679577225bb1b382e636313432807662845196deaeb448954a0236821ed9ed72c83e661ab1 file changed
+52
-0
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
0 commit comments