Add tool-version-upgrade skill for GitHub CLI and Bicep CLI#7458
Open
Add tool-version-upgrade skill for GitHub CLI and Bicep CLI#7458
Conversation
Adds a Copilot skill that automates upgrading bundled CLI tool versions. Supports GitHub CLI (cli/cli) and Bicep CLI (Azure/bicep) with safety gates, mandatory user confirmation, clean branch creation from origin/main, and staged-file verification. Fixes #7457 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
vhvb1989
requested review from
danieljurek,
jongio,
rajeshkamal5050,
tg-msft and
wbreza
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Copilot workflow skill (tool-version-upgrade) to automate upgrading the pinned/bundled versions of GitHub CLI and Bicep CLI in azd, including the associated issue/branch/PR workflow and safety gates.
Changes:
- Added a new skill definition (
SKILL.md) describing the end-to-end upgrade flow (detect tool, fetch latest release, confirm, create issue/branch/PR). - Added a shared reference document for the “clean branch from origin/main + stage-only-expected-files” workflow.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/skills/tool-version-upgrade/SKILL.md | Defines the tool upgrade skill, including per-tool files to update and the guarded workflow steps. |
| .github/skills/tool-version-upgrade/references/tool-upgrade-workflow.md | Provides shared, reusable workflow guidance referenced by the skill. |
jongio
reviewed
Apr 3, 2026
Member
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
Issues to address:
- SKILL.md:83 - version tag not validated as strict semver before injection into source/YAML
- SKILL.md:154 - tracking issue created before build validation; failures leave orphan issues
- SKILL.md:203 - git checkout -b fails if branch exists from a previous run
Minor: Step 4 doesn't handle current > latest (downgrade scenario).
The safety gates (mandatory confirmation, clean branch, explicit staging) are well designed.
- Validate version as strict semver after stripping v prefix; reject pre-release tags (jongio) - Move issue creation after build succeeds to prevent orphan issues on build/staging failure (jongio) - Delete stale branch from previous cancelled run before creating new branch (jongio) - Handle current > latest case (downgrade detection) with warning and stop (jongio) - Use two -m flags for git commit instead of literal newline (copilot-reviewer) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
Author
|
/check-enforcer override |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new Copilot skill (
tool-version-upgrade) that automates upgrading bundled CLI tool versions (GitHub CLI and Bicep CLI) in azd.Fixes #7457
Motivation
Every time GitHub CLI or Bicep CLI releases a new version, we manually check the latest release, create an issue, update version references in source code (and CI workflows for Bicep), and open a PR. This skill automates that entire workflow.
What the skill does
cli/cliorAzure/bicepviaghCLIorigin/mainwith dirty-state and staged-files verificationSafety features
origin/main, not the current branch; aborts on dirty working treegit add -A); verifies nothing unexpected is stagedFiles updated per tool
cli/azd/pkg/tools/github/github.gocli/azd/pkg/tools/bicep/bicep.go+.github/workflows/lint-bicep.ymlFiles added
.github/skills/tool-version-upgrade/SKILL.md.github/skills/tool-version-upgrade/references/tool-upgrade-workflow.md