GitHub Agentic Workflows

GitHub Agentic Workflows

88 pointsby mooreds2026. 2. 8.51 comments
원문 보기 (github.github.io)
AI/MLDevOpsWeb

요약

GitHub Agentic Workflows는 GitHub Actions 내에서 실행되는 자동화된 리포지토리 에이전트 시스템을 도입하여, 이슈 분류, CI 실패 분석, 문서 유지보수와 같은 작업을 마크다운으로 정의할 수 있게 합니다. 이러한 워크플로우는 샌드박스 실행, 기본적으로 읽기 전용 권한, 안전한 출력 처리 등 보안 우선 접근 방식을 강조하며 여러 AI 엔진을 지원합니다.

댓글 (53)

microflash3시간 전
Soon: AgentHub Git Workflows
throwup2383시간 전
At which point the AI figures out its easier to just switch to jj
aaronharnly2시간 전
WorkHub Agent Gitflows?
onionisafruit2시간 전
Copilot Hub Enterprise With Copilot
TZubiri3시간 전
Not confirmed that it's by Github, phishy domain.
embedding-shape3시간 전
Very weird of them to not use github.com but instead use the domain they otherwise use for non-github/user content. Phishy indeed, and then people/companies go ahead and blame users for not taking care/checking, yet banks and more continuously deploy stuff in a way to train users to disregard those things.
rendx3시간 전
Agreed, but looks like it: https://github.com/github/gh-aw
throwup2383시간 전
Why is it phishy? Github.io has been the domain they use for all GH pages for a long time with subdomains mapping to GH usernames. It’s standard practice to separate user generated content from the main domain so that it doesn’t poison SEO.
hmokiguess2시간 전
How is it not confirmed? GitHub cannot use their own product? Them using GitHub pages changes something? I don’t get it
lemonlime2273시간 전
Alternative, less phishy link: https://github.com/github/gh-aw

This is on GitHub's official account. For some reason GitHub is deploying this on GitHub pages without a different domain?

eddythompson803시간 전
Why would that be phishy? They own the GitHub org on GitHub, hence github.github.io. I always thought it was a neat recursive/dogfood type thing even if not really that deep. Like when Reddit had /r/reddit.com or twitter having @twitter
hmokiguess2시간 전
So them using their own product makes it phishy? I don’t get it

It’s not like someone else can or could own this link, could they?

SkyPuncher54분 전
Looks like a pre-release product. This is to lower the branding and reputational risk.
dcchuck40분 전
This is a github pages feature. Given an account with the name "example", they can publish static pages to example.github.io

So this being from github.github.io implies it's published by the "github" account on github.

ewuhic3시간 전
Go: check

YAML: check

Markdown: check

Wrong level of abstraction: check

Shit slop which will be irrelevant in less than a year time: check

Manager was not PIP'd: check

clarkdale3시간 전
I feel like this solution hallucinated the concept of Workflow Lock File (.lock.yml), which is not available in Github Actions. This is a missing feature that would solve the security risk of changing git tag references when calling to actions like utility@v1
acedTrex2시간 전
You can already hardcode the sha of a given workflow in the ref, and arguably should do that anyways.
woodruffw2시간 전
I think in this context they mean “lock” as in “these are the generated contents corresponding to your source markdown,” not as in “this is a lockfile.” But I think that’s a pretty confusing overlap for them to have introduced, given that a lack of strong dependency pinning is a significant ongoing pain point in GHA.
abracos3시간 전
Link to github.com: https://github.github.com/gh-aw/
[삭제된 댓글]
sidpatil2시간 전
Does this products directly compete with GitHub Models [1]?

[1] https://github.com/marketplace?type=models

simonw2시간 전
I think it makes use of GitHub models.
woodruffw2시간 전
I find this confusing: I can see the value in having an LLM assist you in developing a CI/CD workflow, but why would you want one involved in any continuous degree with your CI/CD? Perhaps it’s not as bad as that given that there’s a “compilation” phase, but the value add there isn’t super clear either (why would I check in both the markdown and the generated workflow; should I always regenerate from the markdown when I need changes, etc.).

Given GitHub’s already lackluster reputation around security in GHA, I think I’d like to see them address some of GHA’s fundamental weaknesses before layering additional abstractions atop it.

zozbot2342시간 전
> I find this confusing: I can see the value in having an LLM assist you in developing a CI/CD workflow, but why would you want one involved in any continuous degree with your CI/CD?

The sensible case for this is for delivering human-facing project documentation, not actual code. (E.g. ask the AI agent to write its own "code review" report after looking at recent commits.) It's implemented using CI/CD solutions under the hood, but not real CI/CD.

mickdarling1시간 전
I use an LLM behavior test to see if the semantic responses from LLMs using my MCP server match what I expect them to. This is beyond the regex tests, but to see if there's a semantic response that's appropriate. Sometimes the LLMs kick back an unusual response that technically is a no, but effectively is a yes. Different models can behave semantically different too.

If I had a nice CI/CD workflow that was built into GitHub rather than rolling my own that I have running locally, that might just make it a little more automatic and a little easier.

blibble1시간 전
> but why would you want one involved in any continuous degree with your CI/CD

because helping you isn't the goal

the goal is to generate revenue by consuming tokens

and a never ending swarm of "AI" "agents" is a fantastic way to do that

enmyj2시간 전
GitHub fix your uptime then come talk to me about agentic workflows
mickdarling2시간 전
It looks like it does have an MCP Gateway https://github.com/github/gh-aw-mcpg so I may see how well it works with my MCP server. One of the components mine makes are agent elements with my own permissioning, security, memory, and skills. I put explicit programatic hard stops on my agents if they do something that is dangerous or destructive.

As for the domain, this is the same account that has been hosting Github projects for more than a decade. Pretty sure it is legit. Org ID is 9,919 from 2008.

CuriouslyC1시간 전
Stuffing agents somewhere they don't belong rather than making the system work better with the agents people already use. Obvious marketing driven cash grab.
[삭제된 댓글]
tuananh1시간 전
since generation is not deterministic, how do they verify the lock file?
onionisafruit1시간 전
The generation of the workflow file from the input markdown file is deterministic. It's what the agent does when running the workflow that is non-deterministic.
siva71시간 전
Somehow i want to ask what's the actual job of those former software engineers. Agents everywhere, on your local machine, in the pipeline, on the servers, and they are doing everything. Yes, the specs also.
samuelknight1시간 전
Someone still has orchestrate the shit show. Like a captain at the helm in the middle of a storm.

Or you can be full accelerationist and give an agent the role of standing up all the agents. But then you need someone with the job of being angry when they get a $7000 cloud bill.

ivanjermakov1시간 전
What is the job of a truck driver, if it's the truck that delivers goods?
huevosabio1시간 전
Github should focus on getting their core offerings in shape first.

I stopped using GH actions when I ran into this issue: https://github.com/orgs/community/discussions/151956#discuss...

That was almost a year ago and to this date I still get updates of people falling into the same issue.

lloydatkinson1시간 전
This reminds me slightly of some copilot nonsense I get. I don’t use copilot. Every few days when I’m on the GitHub homepage the copilot chat input (which I don’t want on my homepage anyway) tells me it’s disabled because I’ve used up my monthly limit of copilot.

I literally do not use it, and no my account isn’t compromised. Trying to trick people into paying? Seems cartoonishly stupid but…

pydry1시간 전
Well, this behavior makes sense. They're a bluechip trying to maintain the illusion that theyre a growth stock juuuust a little bit longer.
SkyPuncher57분 전
Ah, the critical problem dilemma. Some percentage of free users become paid users, but the free users take up an unreasonable amount of your time/energy/support.

The solution seems simple. Buy their product.

onionisafruit1시간 전
This is an extension for the gh cli that takes markdown files as input and creates github actions workflow files from them. Not just any workflow files, but 1000-line beasts that you'll need an LLM to explain what they do.

I tried out `gh aw init` and hit Y at the wrong prompt. It created a COPILOT_GITHUB_TOKEN on the github repo I happened to be in presumably with a token from my account. That's something that really should have an extra confirmation.

julius-fx1시간 전
I’d appreciate if they fix the log viewer in GH actions. That would have a larger impact, by far.
rootnod31시간 전
Ah yes, lovely. That's what I want in my CI/CD...hallucinations that then churn through I don't know how many tokens trying to "fix it".
SkyPuncher52분 전
The landing page doesn't make it clear to me what value this is providing to me (as a user). I see all of these things that I can theoretically do, but I don't see (1) actual examples of those things (2) how this specific agentic workflow helps.
snowstormsun44분 전
Surely this won't be a security nightmare.
qwertox41분 전
I want to see where we're at in 2 years, because these last couple of months have been pretty chaotic (but in a good sense) in terms of agents doing things with other agents. I think this is the real wake-up-call, that these dumb and error-prone agents can do self-correcting teamwork, which they will hopefully do for us.

Two years, then we'll know if and how this industry has completely been revolutionized.

By then we'd probably have an AGI emulator, emulated through agents.

onionisafruit39분 전
I noticed this unusual line in go.mod and got curious why it is using replace for this (typically you would `go get github.com/Masterminds/semver/v3@v3.4.0` instead).

  replace github.com/Masterminds/semver/v3 => github.com/Masterminds/semver/v3 v3.4.0
I found this very questionable PR[0]. It appears to have been triggered by dependabot creating an issue for a version upgrade -- which is probably unnecessary to begin with. The copilot agent then implemented that by adding a replace statement, which is not how you are supposed to do this. It also included some seemingly-unrelated changes. The copilot reviewer called out the unrelated changes, but the human maintainer apparently didn't notice and merged anyway.

There is just so much going wrong here.

[0] https://github.com/github/gh-aw/pull/4469

kaicianflone38분 전
This is a solid step forward on execution safety for agentic workflows. Permissions, sandboxing, MCP allowlists, and output sanitization all matter. But the harder, still unsolved problem is decision validation, not execution constraints. Most real failures come from agents doing authorized but wrong things with high confidence. Hallucinations, shallow agreement, or optimizing for speed while staying inside the permission box.

I’m working on an open source project called consensus-tools that sits above systems like this and focuses on that gap. Agents do not just act, they stake on decisions. Multiple agents or agents plus humans evaluate actions independently, and bad decisions have real cost. This reduces guessing, slows risky actions, and forces higher confidence for security sensitive decisions. Execution answers what an agent can do. Consensus answers how sure we are that it should do it.