Address PR #101 review feedback from copilot-pull-request-reviewer

This commit addresses all 4 review comments from
#101 (review)

---

## .github/workflows/codegen-check.yml

### Review comment (line 128): --ref "$BRANCH" will fail for PRs that don't contain the workflow file
Copilot said: `gh workflow run` with `--ref "$BRANCH"` requires
`codegen-agentic-fix.lock.yml` to exist on the PR branch. Dependabot
or codegen-only PRs branched before this workflow was added won't have
it, causing "workflow not found".

Fix applied: Removed `--ref "$BRANCH"` from the `gh workflow run` call.
GitHub now resolves the workflow file from main (default branch). The
target branch is already passed via `-f branch="$BRANCH"` input.

### Review comment (line 95): Downstream steps run even when regen push fails
Copilot said: `continue-on-error: true` on the push step means
downstream steps (mvn verify, agentic fix trigger) run against a
branch that doesn't have the regenerated code, so the agent can't
reproduce the failure.

Fix applied: Added a new step "Fail if regenerated files could not be
pushed" that exits with a clear error message and manual fix
instructions when the push is rejected (Dependabot read-only token,
fork PRs). Gated Java setup, mvn verify, and agentic fix trigger on
`steps.push-regen.outcome == 'success'`.

## .github/workflows/update-copilot-dependency.yml

### Review comment (line 211): Same --ref "$BRANCH" issue as codegen-check.yml
Copilot said: Same dispatch-from-PR-branch problem.

Fix applied: Removed `--ref "$BRANCH"` from the `gh workflow run` call,
identical to the codegen-check.yml fix.

## .github/workflows/codegen-agentic-fix.md

### Review comment (line 85): mvn verify output truncated by tail -100
Copilot said: `mvn verify 2>&1 | tail -100` hides root compilation
errors that appear early in the log. The agent may loop unproductively
without seeing the actual cause.

Fix applied: Changed both `mvn verify` invocations (Step 1 reproduce
and Step 2 verify) from `tail -100` to `tee /tmp/mvn-verify.log`.
Added guidance telling the agent to check the full log file for root
causes. Recompiled the lockfile with `gh aw compile`.

## .github/workflows/codegen-agentic-fix.lock.yml

Recompiled via `gh aw compile` to reflect the updated .md instructions.

Signed-off-by: Ed Burns <edburns@microsoft.com>

.github/workflows/codegen-agentic-fix.md

@@ -82,9 +82,11 @@ mvn --version
 Run `mvn verify` to see the current errors:
 
 ```bash
-mvn verify 2>&1 | tail -100
+mvn verify 2>&1 | tee /tmp/mvn-verify.log
 ```
 
+Review the full log at `/tmp/mvn-verify.log` if the tail output is insufficient. The earliest errors are often the root cause.
+
 If `mvn verify` succeeds (exit code 0), there is nothing to fix. Call the `noop` safe-output with message "mvn verify already passes on branch ${{ inputs.branch }}. No fixes needed." and stop.
 
 ### Step 2: Analyze and fix (up to 3 attempts)
@@ -111,9 +113,11 @@ For each attempt:
 
 4. **Verify the fix:**
    ```bash
-   mvn verify 2>&1 | tail -100
+   mvn verify 2>&1 | tee /tmp/mvn-verify.log
    ```
 
+   If the output is long, check `/tmp/mvn-verify.log` for the full error details — root causes often appear early in the log.
+
 5. If `mvn verify` passes, proceed to Step 3.
    If it fails and you have attempts remaining, go back to sub-step 1.
 

.github/workflows/codegen-check.yml

@@ -85,16 +85,23 @@ jobs:
           Auto-committed by codegen-check workflow."
           git push origin "HEAD:$HEAD_REF"
 
+      - name: Fail if regenerated files could not be pushed
+        if: steps.push-regen.outcome == 'failure'
+        run: |
+          echo "::error::Could not push regenerated files to the PR branch. This is expected for Dependabot PRs (read-only token) and fork PRs."
+          echo "To fix: check out this PR branch locally, run 'cd scripts/codegen && npm run generate', commit, and push."
+          exit 1
+
       - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
-        if: steps.check-changes.outputs.changed == 'true' && github.event_name == 'pull_request'
+        if: steps.push-regen.outcome == 'success'
         with:
           java-version: "17"
           distribution: "microsoft"
           cache: "maven"
 
       - name: Run mvn verify
         id: mvn-verify
-        if: steps.check-changes.outputs.changed == 'true' && github.event_name == 'pull_request'
+        if: steps.push-regen.outcome == 'success'
         continue-on-error: true
         env:
           COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
@@ -113,7 +120,7 @@ jobs:
 
       - name: Trigger agentic fix workflow
         id: trigger-fix
-        if: steps.error-summary.outputs.has_errors == 'true'
+        if: steps.error-summary.outputs.has_errors == 'true' && steps.push-regen.outcome == 'success'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
@@ -122,7 +129,6 @@ jobs:
           ERROR_SUMMARY=$(cat /tmp/error-summary.txt)
 
           gh workflow run codegen-agentic-fix.lock.yml \
-            --ref "$BRANCH" \
             -f branch="$BRANCH" \
             -f pr_number="$PR_NUMBER" \
             -f error_summary="$ERROR_SUMMARY"

.github/workflows/update-copilot-dependency.yml

@@ -205,7 +205,6 @@ jobs:
         run: |
           ERROR_SUMMARY=$(cat /tmp/error-summary.txt)
           gh workflow run codegen-agentic-fix.lock.yml \
-            --ref "$BRANCH" \
             -f branch="$BRANCH" \
             -f pr_number="$PR_NUMBER" \
             -f error_summary="$ERROR_SUMMARY"