cc @elastic/observablt-ci
Recent workflow changes introduced documentation drift in the GH-AW triage/dependency workflow docs. The docs still describe an old token/job model and do not describe the new follow-up relabel jobs required to emit installation-token labeled events.
Changes Requiring Documentation Updates
1. Obsolete mint-gh-aw-github-token / GH_AW_GITHUB_TOKEN model in workflow docs
Commit(s): 78d57e1
What changed (code):
.github/workflows/gh-aw-dependency-review.yml now runs dependency-review directly and adds signal-dependency-review-followups; no mint-gh-aw-github-token job remains (.github/workflows/gh-aw-dependency-review.yml:18-108)..github/workflows/gh-aw-resource-not-accessible-by-integration-triage.yml now runs triage directly and adds signal-res-not-accessible-triage-followups; no mint-gh-aw-github-token job remains (.github/workflows/gh-aw-resource-not-accessible-by-integration-triage.yml:20-267)..github/workflows/gh-aw-security-triage.yml now runs triage directly and adds signal-security-triage-followups; no mint-gh-aw-github-token job remains (.github/workflows/gh-aw-security-triage.yml:19-166).
Documentation currently out of date:
docs/workflows/gh-aw-dependency-review.md:41-42 still documents a mint-gh-aw-github-token job.docs/workflows/gh-aw-resource-not-accessible-by-integration-triage.md:13,17,21,35 still documents mint job + GH_AW_GITHUB_TOKEN model.docs/workflows/gh-aw-security-triage.md:13,17,21,35 still documents mint job + GH_AW_GITHUB_TOKEN model.
Documentation impact:
These docs describe the wrong auth/job topology, making runbook/debug behavior inaccurate for contributors.
2. Missing documentation of new follow-up relabel signaling behavior
Commit(s): 78d57e1
What changed (code):
- Added follow-up jobs that mint ephemeral tokens and remove/re-add readiness labels so downstream workflows receive installation-token
labeled events:
signal-dependency-review-followups (.github/workflows/gh-aw-dependency-review.yml:59-108)signal-res-not-accessible-triage-followups (.github/workflows/gh-aw-resource-not-accessible-by-integration-triage.yml:221-267)signal-security-triage-followups (.github/workflows/gh-aw-security-triage.yml:110-166)
Documentation currently missing this behavior:
docs/workflows/gh-aw-dependency-review.mddocs/workflows/gh-aw-resource-not-accessible-by-integration-triage.mddocs/workflows/gh-aw-security-triage.md
Documentation impact:
Label-driven downstream routing behavior is not accurately documented, so operators cannot reliably understand why follow-up workflows are (or are not) triggered.
Suggested Actions
What is this? | From workflow: Observability Agentic Workflow Entrypoint
Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.
cc
@elastic/observablt-ciRecent workflow changes introduced documentation drift in the GH-AW triage/dependency workflow docs. The docs still describe an old token/job model and do not describe the new follow-up relabel jobs required to emit installation-token
labeledevents.Changes Requiring Documentation Updates
1. Obsolete
mint-gh-aw-github-token/GH_AW_GITHUB_TOKENmodel in workflow docsCommit(s): 78d57e1
What changed (code):
.github/workflows/gh-aw-dependency-review.ymlnow runsdependency-reviewdirectly and addssignal-dependency-review-followups; nomint-gh-aw-github-tokenjob remains (.github/workflows/gh-aw-dependency-review.yml:18-108)..github/workflows/gh-aw-resource-not-accessible-by-integration-triage.ymlnow runs triage directly and addssignal-res-not-accessible-triage-followups; nomint-gh-aw-github-tokenjob remains (.github/workflows/gh-aw-resource-not-accessible-by-integration-triage.yml:20-267)..github/workflows/gh-aw-security-triage.ymlnow runs triage directly and addssignal-security-triage-followups; nomint-gh-aw-github-tokenjob remains (.github/workflows/gh-aw-security-triage.yml:19-166).Documentation currently out of date:
docs/workflows/gh-aw-dependency-review.md:41-42still documents amint-gh-aw-github-tokenjob.docs/workflows/gh-aw-resource-not-accessible-by-integration-triage.md:13,17,21,35still documents mint job +GH_AW_GITHUB_TOKENmodel.docs/workflows/gh-aw-security-triage.md:13,17,21,35still documents mint job +GH_AW_GITHUB_TOKENmodel.Documentation impact:
These docs describe the wrong auth/job topology, making runbook/debug behavior inaccurate for contributors.
2. Missing documentation of new follow-up relabel signaling behavior
Commit(s): 78d57e1
What changed (code):
labeledevents:signal-dependency-review-followups(.github/workflows/gh-aw-dependency-review.yml:59-108)signal-res-not-accessible-triage-followups(.github/workflows/gh-aw-resource-not-accessible-by-integration-triage.yml:221-267)signal-security-triage-followups(.github/workflows/gh-aw-security-triage.yml:110-166)Documentation currently missing this behavior:
docs/workflows/gh-aw-dependency-review.mddocs/workflows/gh-aw-resource-not-accessible-by-integration-triage.mddocs/workflows/gh-aw-security-triage.mdDocumentation impact:
Label-driven downstream routing behavior is not accurately documented, so operators cannot reliably understand why follow-up workflows are (or are not) triggered.
Suggested Actions
docs/workflows/gh-aw-dependency-review.md, remove references tomint-gh-aw-github-token/cross-job token output and document the actualdependency-review+signal-dependency-review-followupsflow.docs/workflows/gh-aw-resource-not-accessible-by-integration-triage.md, replace mint-job/GH_AW_GITHUB_TOKENtext with the current triage job contract and documentsignal-res-not-accessible-triage-followupsrelabel behavior.docs/workflows/gh-aw-security-triage.md, replace mint-job/GH_AW_GITHUB_TOKENtext with the current triage job contract and documentsignal-security-triage-followupsrelabel behavior.id-token: write) rather than a dedicated pre-triage/pre-review mint job.What is this? | From workflow: Observability Agentic Workflow Entrypoint
Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.