docs: surface upload-artifact for attachment-style safe outputs

[Copilot]

Instruction docs currently emphasize issue/comment/PR safe outputs but under-signal that upload-artifact can serve as an attachment channel for arbitrary generated data. This update makes artifact-based attachments explicit and documents unarchived delivery for direct consumption.

• Safe-output guidance expanded

  • Added upload-artifact alongside create-issue, add-comment, and create-pull-request in workflow-authoring guidance.
  • Updated “write operations” language to include attachment/artifact uploads wherever safe-output behavior is described.

• Attachment semantics clarified

  • Documented upload-artifact as suitable for attachment-style arbitrary data, not only temporary report bundles.
  • Clarified that allow.skip-archive: true enables direct-file downloads (no unzip step).

• Instruction coverage aligned across files

  • Updated core and task-specific instruction docs (github-agentic-workflows.md, create-agentic-workflow.md, update-agentic-workflow.md, create-shared-agentic-workflow.md, safe-outputs.md) to keep recommendations consistent.

safe-outputs:
  add-comment:
  upload-artifact:
    allow:
      skip-archive: true

[github-actions]

Hey @app/copilot-swe-agent 👋 — great work surfacing the upload-artifact attachment channel in the safe-output docs! The changes are well-scoped across the relevant instruction files and the description clearly explains the intent.

One small flag from the automated checklist:

• No test files changed — the diff only touches .github/aw/*.md docs. If there are any snapshot or integration tests that exercise instruction-file content (e.g. linting, rendering, or schema validation tests), it's worth checking whether they need updating too. If no such tests exist, this note can be safely ignored.

If you'd like to address this automatically, you can assign the following prompt to a coding agent:

Check whether any tests in the repository validate or reference the instruction files under .github/aw/ (e.g. snapshot tests, lint checks, or schema validation). If such tests exist, update them to reflect the new `upload-artifact` safe-output guidance added in .github/aw/safe-outputs.md, .github/aw/github-agentic-workflows.md, .github/aw/create-agentic-workflow.md, .github/aw/create-shared-agentic-workflow.md, and .github/aw/update-agentic-workflow.md.

Generated by ✅ Contribution Check · ● 8.5M · ◷

[pelikhan]

@copilot review allow.skip-archive ... skip-archive should be top level on upload-artifact schema

[Copilot]

@copilot review allow.skip-archive ... skip-archive should be top level on upload-artifact schema

Updated in ecb4435: switched upload-artifact examples/guidance from allow.skip-archive to top-level skip-archive across the instruction docs.

[Copilot]

Pull request overview

Updates agentic workflow authoring docs to explicitly recommend safe-outputs: upload-artifact as an attachment-style output channel, and documents skip-archive for unarchived downloads.

Changes:

• Expanded “safe output” guidance across authoring/update prompts to include upload-artifact for attachment-style outputs.
• Updated safe-outputs documentation to position artifacts as suitable for arbitrary downloadable deliverables (not just temporary bundles).
• Added frontmatter examples enabling upload-artifact with skip-archive: true for direct-file consumption.

Show a summary per file

File	Description
.github/aw/update-agentic-workflow.md	Adds upload-artifact to safe-output guidance and shows an example enabling skip-archive.
.github/aw/safe-outputs.md	Updates upload-artifact description and configuration example to emphasize attachment-style outputs and skip-archive.
.github/aw/github-agentic-workflows.md	Updates canonical workflow template/frontmatter example to include upload-artifact with skip-archive.
.github/aw/create-shared-agentic-workflow.md	Adds upload-artifact to the “common safe outputs” list for shared components.
.github/aw/create-agentic-workflow.md	Expands security and workflow-authoring guidance to include artifact/attachment uploads via safe-outputs.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

.github/aw/safe-outputs.md:560

• skip-archive only disables zip archiving for single-file uploads (per shared config docs and reference). The current wording implies it applies to any upload and may mislead readers into expecting multi-file bundles to download uncompressed. Please clarify the single-file limitation here (and in the paragraph below).

      defaults:                       # Optional: default values injected when agent omits a field
        if-no-files: "ignore"         # "error" or "ignore" when no files match (default: "error")
      skip-archive: true              # Optional: allow direct file uploads without zipping

Uploads files as run-scoped GitHub Actions artifacts. Artifacts are temporary and tied to the workflow run, automatically cleaned up when they expire. Agents call upload_artifact with a name, path, and optional retention_days. Use this for temporary downloadable artifacts and attachment-style arbitrary data (for example when a comment/issue should link to a generated file bundle). Set skip-archive: true when downloads should be served as direct files without uncompressing. Use upload-asset instead when you need stable embeddable URLs (images/charts in GitHub content).

• dispatch-workflow: - Trigger other workflows with inputs

</details>


- **Files reviewed:** 5/5 changed files
- **Comments generated:** 4