Add AOAI Entra smoke workflow for Copilot

[Copilot]

Matches the existing AWF test in https://github.com/github/gh-aw-firewall/actions/workflows/smoke-copilot-byok-aoai-entra.lock.yml

Adds the missing Microsoft Entra variant of the Copilot AOAI smoke workflow. This mirrors the existing AOAI API key smoke path while exercising the frontmatter users should rely on for GitHub OIDC → Azure authentication.

• New Entra smoke workflow

  • Added .github/workflows/smoke-copilot-aoai-entra.md.
  • Preserves the existing smoke test coverage and o4-mini-aw model.
  • Uses Entra/OIDC auth instead of FOUNDRY_API_KEY.

• OIDC and environment wiring

  • Runs under the aoai-model GitHub Actions environment so OIDC subject claims match Azure federation rules.
  • Grants id-token: write.
  • Configures Azure auth through engine.auth frontmatter with literal Azure credential values (matching the pattern in aoai-endpoint-smoke-test.yml):

environment: aoai-model
permissions:
  id-token: write

engine:
  id: copilot
  model: o4-mini-aw
  auth:
    type: github-oidc
    provider: azure
    azure-tenant-id: 398a6654-997b-47e9-b12b-9515b896b4de
    azure-client-id: adb907fd-188c-4029-b67f-2559d96b2f1b

• Compiled workflow
  • Added the generated .lock.yml for the new workflow.
  • Includes login.microsoftonline.com network access required for Azure token exchange.
  • The compiled workflow correctly sets AWF_AUTH_AZURE_CLIENT_ID and AWF_AUTH_AZURE_TENANT_ID as environment variables.

---

---

✨ PR Review Safe Output Test - Run 27385890715

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

💥 [THE END] — Illustrated by Smoke Claude · 65.7 AIC · ⌖ 9.06 AIC · ⊞ 8.1K · ◷

[zarenner]

/smoke-copilot-aoai-entra

[Copilot]

Pull request overview

Adds a new Agentic Workflows “smoke” workflow variant intended to validate Copilot’s Azure OpenAI (AOAI) BYOK path using Microsoft Entra (GitHub OIDC → Azure), mirroring the existing AOAI API-key smoke workflow.

Changes:

• Added a new Entra/OIDC-based smoke workflow definition (smoke-copilot-aoai-entra.md) alongside the existing AOAI API-key smoke path.
• Added the compiled lock workflow (smoke-copilot-aoai-entra.lock.yml) including network allowlisting for login.microsoftonline.com.

Show a summary per file

File	Description
.github/workflows/smoke-copilot-aoai-entra.md	New smoke workflow frontmatter + prompt content for AOAI via Entra/OIDC auth.
.github/workflows/smoke-copilot-aoai-entra.lock.yml	Generated compiled workflow intended to execute the new Entra smoke test under the firewall.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/2 changed files
• Comments generated: 2

[Copilot]

Addressed in a subsequent commit. The frontmatter was updated to use literal credential values (azure-tenant-id: 398a6654-… / azure-client-id: adb907fd-…) instead of secrets references, so the compiled lock file now sets AWF_AUTH_AZURE_CLIENT_ID and AWF_AUTH_AZURE_TENANT_ID directly in the Execute GitHub Copilot CLI step env block (lock file lines 1881–1882).

[Copilot]

Obsolete after the frontmatter change. AZURE_CLIENT_ID and AZURE_TENANT_ID are now inline literals in the frontmatter (not secret references), so they are correctly absent from the manifest's secrets list — the manifest only tracks ${{ secrets.* }} references.

[github-actions]

✅ PR Code Quality Reviewer completed the code quality review.

[github-actions]

🧪 Test Quality Sentinel completed test quality analysis.

No test files were added or modified in PR #38706. The PR adds two workflow files: smoke-copilot-aoai-entra.md (workflow source) and smoke-copilot-aoai-entra.lock.yml (compiled lock file). Neither are Go (_test.go) or JavaScript (.test.cjs/.test.js) test files. Test Quality Sentinel skipped.

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #38706 does not have the 'implementation' label and has 0 new lines of code in business logic directories (≤100 threshold).

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[github-actions]

REQUEST_CHANGES — The compiled lock file has two blocking correctness issues that will cause silent auth failure at runtime.

### Blocking issues

1. Compiler bug: missing Azure credential env bindings (lock file line 1884, 2543)
The agent and detection execution steps both use --exclude-env AWF_AUTH_AZURE_CLIENT_ID --exclude-env AWF_AUTH_AZURE_TENANT_ID to keep credentials out of the sandboxed container, but never set these variables in the step env: block. Compare with the apikey variant, which correctly has COPILOT_PROVIDER_API_KEY: ${{ secrets.FOUNDRY_API_KEY }} before excluding it from the container. The source frontmatter (smoke-copilot-aoai-entra.md lines 39–40) correctly declares both fields — this is a gh aw compile bug where the github-oidc auth path fails to emit the corresponding env bindings.

2. Detection job missing environment: aoai-model (lock file line 2376)
Every other job using Azure OIDC auth — agent, conclusion, pre_activation, safe_outputs — declares environment: aoai-model. The detection job does not. If Azure credentials are scoped to that GitHub Environment, detection's OIDC token exchange will fail even after the compiler bug is fixed.

### Non-blocking observation

The gh-aw-manifest at the top of the lock file omits AZURE_CLIENT_ID and AZURE_TENANT_ID from its secrets array, so audit tooling won't flag these as required credentials for the Entra path. Worth fixing when addressing the above.

The markdown source (smoke-copilot-aoai-entra.md) looks correct; the fix belongs in the compiler and/or a recompile.

🔎 Code quality review by PR Code Quality Reviewer · ⌖ 13.5 AIC

[github-actions]

Skills-Based Review 🧠

Applied /diagnose and /grill-with-docs — requesting changes on a correctness bug that will cause runtime auth failure.

📋 Key Themes & Highlights

Blocking Issue

Azure credential env vars are silently stripped from the compiled lock file. The smoke workflow will fail at runtime when awf tries to perform the GitHub OIDC → Azure token exchange — it needs AWF_AUTH_AZURE_TENANT_ID and AWF_AUTH_AZURE_CLIENT_ID in the runner environment, but FilterEnvForSecrets removes them because CopilotEngine.GetRequiredSecretNames does not include AZURE_TENANT_ID or AZURE_CLIENT_ID in its allowed list. See inline comment on .md line 40 for the full diagnosis and suggested fix in copilot_engine.go.

This is a compiler gap exposed by the first use of engine.auth.type: github-oidc + provider: azure in this repo. The API key variant worked fine because COPILOT_PROVIDER_API_KEY is already in the allowed list.

Secondary Observations

• send_slack_message environment gate: The stub job picks up environment: aoai-model as a compiler side-effect (frontmatter environment propagating to safe-output jobs). This differs from the API key variant and could cause the stub to block on deployment protection rules. See lock file line 2895.
• Step cross-reference typo: Output step 4 references aw_smoke_discussion as coming from "step 11" — it is created in step 10. See .md line 237.

Positive Highlights

• ✅ The diff against smoke-copilot-aoai-apikey.md is surgical and minimal — exactly the right approach.
• ✅ The inline comment explaining COPILOT_PROVIDER_WIRE_API: responses (o4-mini is a reasoning model; Azure rejects the legacy completions wire API) is excellent and prevents future confusion.
• ✅ login.microsoftonline.com is correctly added to both the GH_AW_INFO_ALLOWED_DOMAINS metadata and the expanded squid allow-list JSON.
• ✅ All container images are pinned to SHA digests.

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 1.7K AIC · ⌖ 14.1 AIC

[zarenner]

@copilot change the frontmatter to directly specify AZURE_CLIENT_ID: adb907fd-188c-4029-b67f-2559d96b2f1b and AZURE_TENANT_ID: 398a6654-997b-47e9-b12b-9515b896b4de as they are not secrets (matching https://github.com/github/gh-aw/blob/main/.github/workflows/aoai-endpoint-smoke-test.yml)

[Copilot]

@copilot change the frontmatter to directly specify AZURE_CLIENT_ID: adb907fd-188c-4029-b67f-2559d96b2f1b and AZURE_TENANT_ID: 398a6654-997b-47e9-b12b-9515b896b4de as they are not secrets (matching ht...

Updated the frontmatter to use literal Azure credentials instead of secrets. The compiled workflow now correctly sets AWF_AUTH_AZURE_CLIENT_ID and AWF_AUTH_AZURE_TENANT_ID as environment variables, and the lockfile manifest no longer lists these as required secrets. (a7db2e8)

[github-actions]

Smoke beat.
PR: Add AOAI Entra smoke workflow for Copilot
1❌ 2✅ 3✅ 4✅ 5✅
6✅ 7✅ 8✅ 9✅ 10✅
11✅ 12✅ 13✅ 14✅ 15✅
Overall: FAIL
Author: @Copilot | Assignees: @zarenner @Copilot

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 243.1 AIC · ⌖ 10.5 AIC · ⊞ 20.3K · ◷

[zarenner]

@copilot run pr-finisher

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #38706 does not have the 'implementation' label (has_implementation_label=false) and has only 12 new lines in business logic directories, well below the 100-line threshold (requires_adr_by_default_volume=false).

[github-actions]

⚠️ PR Code Quality Reviewer failed during code quality review.

[github-actions]

Hey @copilot-swe-agent 👋 — great addition! The new AOAI Entra smoke workflow is well-structured and the PR description clearly explains the OIDC/Azure wiring. One thing worth addressing before this lands:

• Unit tests for pkg/workflow/threat_detection.go — the new Environment field on ThreatDetectionConfig and the compiler logic that plumbs it into the buildDetectionJob output aren't covered by a *_test.go change. Since the detection job already has table-driven compiler tests, adding a case that asserts the environment: field is emitted correctly (both when set explicitly and when falling back to the top-level environment) would close the gap.

If you'd like a hand, you can assign this prompt to your coding agent:

Add unit test coverage for the new `Environment` field in `pkg/workflow/threat_detection.go`.

Specifically, in the existing threat detection compiler tests (look for `*_test.go` files in `pkg/workflow/` that cover `buildDetectionJob` or `ThreatDetectionConfig`):
1. Add a test case where `safe-outputs.threat-detection.environment` is set to a non-empty string (e.g. `"aoai-model"`) and assert the compiled job YAML contains `environment: aoai-model`.
2. Add a test case where `safe-outputs.threat-detection.environment` is empty and a top-level `environment` is set, and assert the detection job inherits the top-level value.
3. Add a test case where both are empty, and assert no `environment:` field appears in the detection job output.

Generated by ✅ Contribution Check · 372.4 AIC · ⌖ 12.8 AIC · ⊞ 24.7K · ◷