Skip to content

[product-manager-impersonator] Reuse existing COPILOT_GITHUB_TOKEN in quick setup reruns #1251

Description

@github-actions

Feature Idea

Summary: Make scripts/quick-setup.sh reuse an already-configured COPILOT_GITHUB_TOKEN secret by default, and only prompt/write a new token when explicitly requested.

Why a Customer Would Want This

Teams frequently rerun quick setup to add workflows or refresh triggers. Today reruns can still require token handling even when the repository already has COPILOT_GITHUB_TOKEN, which adds friction to an otherwise fast onboarding/update path.

Rough Implementation Sketch

  • Add a repo-secret existence check before the token prompt/write path (for example via gh secret list --repo "$repo").
  • If COPILOT_GITHUB_TOKEN already exists, skip prompt + gh secret set and print a clear "reusing existing secret" message.
  • Add an opt-in flag (for example --force-secret-update) to intentionally rotate/reset the secret when desired.
  • Keep existing --skip-secret and --dry-run behavior intact.

Why It Won't Be That Hard

This is a small, isolated enhancement in one script (scripts/quick-setup.sh) with centralized option parsing and a single secret-management block, so the change is mostly a conditional branch plus a new flag and help text.

Evidence

  • scripts/quick-setup.sh:L23-L30 documents existing flags; there is no secret-reuse or force-update mode.
  • scripts/quick-setup.sh:L215-L251 enters secret handling whenever --skip-secret is false, and writes the secret with gh secret set.
  • scripts/quick-setup.sh:L241-L243 errors in non-interactive mode when no env token is set, even though a repo secret may already exist.
  • README.md:L37-L39 positions quick setup as streamlined end-to-end install, so reducing rerun friction aligns with product expectations.
  • Related but distinct existing ideas: #809 (permission preflight), #888 (existing-file overwrite policy), #1220 (first-run checklist).

Note

🔒 Integrity filter blocked 43 items

The following items were blocked because they don't meet the GitHub integrity level.

  • #1175 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #359 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #505 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #476 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #1067 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #704 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #694 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #684 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #547 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #153 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #424 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #239 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #459 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #600 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #1175 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #1128 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • ... and 27 more items

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

What is this? | From workflow: Trigger Product Manager Impersonator

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions