Skip to main content

Using Agentic Workflows

Agentic Workflows are AI-powered repository automations that run coding agents in GitHub Actions. Defined in markdown with natural language instructions, they enable event-triggered and scheduled automation with built-in guardrails and security-first design.

What are Agentic Workflows?

Agentic Workflows combine:
  • Natural Language Instructions - Describe what you want in plain English
  • GitHub Actions Integration - Run on standard GitHub infrastructure
  • AI Coding Agents - Powered by GitHub Copilot
  • Security Guardrails - Safe outputs, least-privilege permissions
  • Event Triggers - Schedules, slash commands, issue/PR events
Agentic Workflows differ from regular GitHub Actions:
  • Traditional Actions: YAML with explicit steps and commands
  • Agentic Workflows: Markdown with natural language goals + AI execution

Workflow Structure

Each workflow is a single .md file: 
---
name: Daily Issues Report
description: 'Generates daily summary of open issues'
on:
  schedule:
    - cron: '0 9 * * *'  # 9 AM daily
permissions:
  issues: write
  contents: read
safe-outputs:
  - summary
---

# Daily Issues Report

## Instructions

Analyze all open issues in this repository and create a summary issue with:

1. Total count of open issues
2. Issues by label
3. Oldest issues (>30 days old)
4. Issues without assignees
5. Recommended priorities

Post the summary as a new issue titled "Daily Issues Summary - [DATE]".
  • name (required): Human-readable workflow name
  • description (required): Brief description in single quotes
  • on (required): Trigger events (schedule, issues, workflow_dispatch, etc.)
  • permissions (required): Least-privilege GitHub token permissions
  • safe-outputs (optional): Whitelisted output variables
  • File naming: Lowercase with hyphens (e.g., daily-report.md)

Installing Workflows

1

Install gh aw CLI

Install the GitHub CLI extension:
gh extension install github/gh-aw
Verify installation:
gh aw --version
2

Copy workflow file

Download a workflow from the workflows/ directory or create your own:
# Copy to .github/workflows/
cp daily-issues-report.md .github/workflows/
3

Compile to GitHub Actions

Generate the .lock.yml file:
gh aw compile --validate
This creates daily-issues-report.lock.yml from daily-issues-report.md.
4

Commit both files

Commit the .md and .lock.yml files:
git add .github/workflows/daily-issues-report.*
git commit -m "Add daily issues report workflow"
git push
Important: Always commit both the .md source and .lock.yml compiled files. Only .yml, .yaml, and .lock.yml files are blocked - .md files are required.

Workflow Triggers

Workflows can respond to various GitHub events:
Run workflows on a cron schedule:
on:
  schedule:
    - cron: '0 9 * * *'    # Daily at 9 AM
    - cron: '0 0 * * MON'  # Every Monday at midnight
Use Cases:
  • Daily status reports
  • Weekly metrics summaries
  • Monthly contributor reports
  • Automated maintenance tasks

Workflow Examples from the Repository

Purpose: Generate daily summary of open issues
---
name: Daily Issues Report
description: 'Generates daily summary of open issues'
on:
  schedule:
    - cron: '0 9 * * *'
permissions:
  issues: write
  contents: read
---

# Daily Issues Report

Analyze all open issues and create a summary with:
- Total count by label
- Oldest issues (>30 days)
- Issues without assignees

Post as a new issue titled "Daily Summary - [DATE]".
View Full Source

CLI Commands

Manage workflows with the gh aw CLI: 
# Compile .md to .lock.yml
gh aw compile --validate

# Compile specific file
gh aw compile daily-issues-report.md

Creating Your Own Workflows

1

Define the goal

Start with a clear automation goal:
  • What task should be automated?
  • When should it run?
  • What outputs are needed?
2

Create workflow file

---
name: My Workflow
description: 'Brief description'
on:
  schedule:
    - cron: '0 9 * * *'
permissions:
  issues: write
  contents: read
safe-outputs:
  - summary
---

# My Workflow

## Instructions

Describe what the workflow should do in natural language...

1. First step
2. Second step
3. Expected output
3

Set minimal permissions

Use least-privilege principle:
permissions:
  issues: write       # Only if creating/updating issues
  contents: read      # Read-only repo access
  pull-requests: read # Only if reading PRs
4

Define safe outputs

Whitelist any workflow outputs:
safe-outputs:
  - summary
  - report_url
  - status
5

Compile and test

# Validate
gh aw compile --validate my-workflow.md

# Test locally (if supported)
gh aw test my-workflow.md

# Commit and push
git add .github/workflows/my-workflow.*
git commit -m "Add workflow"
git push

Best Practices

  • Be specific about expected outcomes
  • Break down complex tasks into steps
  • Specify output format (issue, comment, file)
  • Include examples when helpful
Good:
Generate a report with:
1. List of issues by label
2. Oldest 5 issues with links
3. Recommended next actions

Post as a new issue titled "Weekly Report - [DATE]".
Bad:
Summarize issues and post report.
Only request permissions you actually need:
# Good - specific permissions
permissions:
  issues: write
  contents: read

# Bad - overly broad
permissions:
  contents: write
  issues: write
  pull-requests: write
  actions: write
Include instructions for edge cases:
## Instructions

Generate daily report:

1. If no issues exist, post "No open issues"
2. If >100 issues, group by milestone
3. If rate limit hit, create partial report with note
  • Commit both .md and .lock.yml files
  • Use descriptive commit messages
  • Test workflows before deploying to production
  • Review workflow runs regularly

Security Considerations

Important: Agentic Workflows run with your repository’s permissions. Follow these security guidelines:
Always use minimal required permissions:
# Only what you need
permissions:
  issues: read  # Not write if only reading
  contents: read  # Not write unless modifying files
Whitelist outputs to prevent data leakage:
safe-outputs:
  - public_summary  # OK to expose
  # Never include: secrets, tokens, private data
Describe validation in instructions:
## Instructions

Before processing input:
1. Validate input format
2. Sanitize user-provided data
3. Check input length limits
4. Reject if suspicious patterns detected
  • Review workflow execution logs
  • Monitor for unexpected behavior
  • Track API rate limit usage
  • Set up alerts for failures

Troubleshooting

  • Check frontmatter YAML is valid
  • Verify all required fields are present
  • Run gh aw validate workflow.md
  • Check for syntax errors in markdown
  • Verify .lock.yml file exists and is committed
  • Check cron syntax for scheduled workflows
  • Ensure permissions are set correctly
  • Review GitHub Actions logs
  • Grant required permissions in frontmatter
  • Check GitHub token scopes
  • Verify repository settings allow Actions
  • Review branch protection rules
  • Refine natural language instructions
  • Add more specific steps
  • Include examples of expected format
  • Test with smaller scope first

Common Use Cases

  • Daily/weekly issue reports
  • Stale issue/PR identification
  • Dependency update checks
  • License compliance scanning
  • Broken link detection

Build docs developers (and LLMs) love

Get started for freeTalk to us