feat(workflows): trigger AW Dependabot PR reviewer after PR Validation

[katriendg]

Description

Rewired the AW Dependabot PR Review workflow to fire after the PR Validation orchestrator finishes instead of racing it on pull_request events, replaced the agent persona's unreachable in-sandbox validation commands with a deterministic Validation Signal rubric, and pruned 11 dead bash allow-list entries from the AWF firewall sandbox.

Motivation. PR #577 exposed a structural problem: the agent persona instructed execution of uv, pytest, npm ci, terraform, and go inside the AWF firewall sandbox, but those binaries live on the host runner and are never mounted into the container. The agent reported ⚠️ Validation skipped: Python/uv toolchain unavailable — misleading output that obscured actual advisory value. Concurrently, the pull_request trigger meant the agent could commit to a verdict before slow CI surfaces (training pytest, terraform tests) finalized, producing approvals that disagreed with later-red merge gates.

Additional note:

This change is an experimental phase to learn optimal solutions with the current AWF capabilities. The long-term solution may involve re-enabling in-agent validation if AWF supports additional host mounts, or it may involve a more complex multi-agent choreography with a dedicated validation agent. This is the reason for why we related the Issue ID to #579 instead of closing it as a direct fix.

Type of Change

• 🐛 Bug fix (non-breaking change fixing an issue)
• ✨ New feature (non-breaking change adding functionality)
• 💥 Breaking change (fix or feature causing existing functionality to change)
• 📚 Documentation update
• 🏗️ Infrastructure change (Terraform/IaC)
• ♻️ Refactoring (no functional changes)

Component(s) Affected

• infrastructure/terraform/prerequisites/ - Azure subscription setup
• infrastructure/terraform/ - Terraform infrastructure
• infrastructure/setup/ - OSMO control plane / Helm
• workflows/ - Training and evaluation workflows
• training/ - Training pipelines and scripts
• docs/ - Documentation

Testing Performed

• Terraform plan reviewed (no unexpected changes)
• Terraform apply tested in dev environment
• Training scripts tested locally with Isaac Sim
• OSMO workflow submitted successfully
• Smoke tests passed (smoke_test_azure.py)

Documentation Impact

• No documentation changes needed
• Documentation updated in this PR
• Documentation issue filed

Bug Fix Checklist

Complete this section for bug fix PRs. Skip for other contribution types.

• Linked to issue being fixed
• Regression test included, OR
• Justification for no regression test:

Checklist

• My code follows the project conventions
• Commit messages follow conventional commit format
• I have performed a self-review
• Documentation impact assessed above
• No new linting warnings introduced

---

Changes

Trigger migration: pull_request → workflow_run

The workflow previously fired on pull_request events with path filters for dependency manifests. This meant the agent ran in parallel with CI and could finalize its verdict before slow check suites completed — producing approvals that later contradicted red merge gates.

• Switched the trigger to workflow_run after the PR Validation orchestrator completes, so the agent has final per-job pass/fail conclusions before reasoning about the PR.
• Added a resolve-pr step using actions/github-script@v9 that extracts the Dependabot PR context from the workflow_run payload. The step implements two-tier PR resolution (direct from workflow_run.pull_requests → search API fallback for forks) and exports PR_VALIDATION_CONCLUSION, PR_NUMBER, PR_HEAD_SHA, and other context as environment variables.
• Removed bots:, reaction:, and status-comment: frontmatter keys (not applicable under workflow_run context).
• Simplified concurrency from per-PR grouping to per-workflow singleton — consistent with workflow_run semantics where pull_request.number is not in the event payload.
• Updated activation and pre-activation if: conditions to validate workflow_run.event == 'pull_request' with fork guards via repository.id and !(repository.fork).
• Added # zizmor: ignore[dangerous-triggers] annotations at the trigger and activation condition with justification that the trigger is secured with role and fork validation.

Persona rewrite: Validation Execution → Validation Signal

The old "Validation Execution" section instructed the agent to run uv sync, pytest, ruff check, npm ci, terraform validate, and go vet inside the AWF firewall sandbox. Those binaries are installed on the host runner but never mounted into the sandbox container — every invocation failed, producing the misleading ⚠️ Validation skipped banner observed in PR #577.

• Replaced the entire section with Validation Signal anchored on three sources: deterministic CI check-run conclusions, static manifest reasoning, and advisory enrichment.
• Added a Surface to Check Run Map table mapping 10 surfaces (dataviewer-frontend, python-runtime variants, terraform, gomod, docker, github-actions) to their authoritative CI check run names.
• Added Static Impact Reasoning with five manifest-level checks the sandbox can do safely: Isaac Sim ABI guard (numpy>=1.26.0,<2.0.0), torch/tensordict/onnxruntime-gpu flagging, dataviewer peer-dep conflict detection via npm view, terraform provider changelog scraping via web-fetch, and go module direct major quoting.
• Rewrote Verdict Adjustment to key off PR_VALIDATION_CONCLUSION — green CI with clean static reasoning may upgrade to APPROVE; red CI forces COMMENT with failing check-run names and URLs. The Isaac Sim ABI guard is "sticky": a numpy 2.x bump keeps the verdict at COMMENT regardless of CI.
• Added a ## Trigger Posture section to the workflow prompt documenting the workflow_run model, exported env vars, and sandbox constraints.
• Expanded Step-by-Step from 4 to 6 steps — added context resolution and CI signal reading as steps 1–2. Explicit instruction to never skip enrichment on red CI so maintainers can triage grouped PRs.

Bash allow-list cleanup

• Removed 11 dead entries from the tools.bash: allow-list that invoked uv, pytest, npm ci, terraform, and go — all unreachable inside the AWF firewall container.
• Added 2 targeted entries: cat training/rl/requirements.txt and cat training/rl/scripts/train.sh to support the Isaac Sim ABI guard static check.

Permissions and lifecycle cleanup

• Dropped discussions: write, issues: write, and pull-requests: write from the activation job (no longer needed without the reaction/comment steps).
• Added actions: read to both activation and copilot jobs (required for check-run queries).
• Removed the eyes-reaction, body-computation, workflow-run-comment, and conclusion-notification steps — the workflow_run trigger has no direct PR event to react to.

Related Issues

Related to #579

Notes

• The lock file (.github/workflows/aw-dependabot-pr-review.lock.yml) was recompiled via gh aw compile, which changes metadata hashes and heredoc delimiters throughout — these are mechanical changes, not hand-edits.
• The review will now appear 5–15 minutes later than the old pull_request trigger (after CI completes), but the trade-off is accurate CI signal in every review.
• The agent retains its advisory-only posture (APPROVE or COMMENT, never REQUEST_CHANGES) and its safe-output caps (5 inline comments, 1 review, 2 add-comments).

Follow-up Tasks

• Observe the workflow for one full Dependabot cycle to confirm the resolve-pr step correctly resolves PRs from the workflow_run payload.
• Consider adding the docker ecosystem to .github/dependabot.yml — the persona's docker surface row currently never fires because no Dockerfile entries are configured.
• Investigate whether future AWF releases support mounting additional host directories into the sandbox, which would re-enable in-agent validation as a complementary signal.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 0343af0.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.56%. Comparing base (d77c167) to head (0343af0).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #580      +/-   ##
==========================================
+ Coverage   63.91%   66.56%   +2.65%     
==========================================
  Files         250      262      +12     
  Lines       15409    16639    +1230     
  Branches     2163     2301     +138     
==========================================
+ Hits         9848    11076    +1228     
  Misses       5274     5274              
- Partials      287      289       +2     

Flag	Coverage Δ		*Carryforward flag
pester	83.13% <ø> (ø)		Carriedforward from d77c167
pytest-data-pipeline	100.00% <ø> (ø)		Carriedforward from d77c167
pytest-dataviewer	65.12% <ø> (ø)		Carriedforward from d77c167
pytest-dm-tools	100.00% <ø> (ø)		Carriedforward from d77c167
pytest-evaluation	99.83% <ø> (?)
pytest-fuzz	4.97% <ø> (ø)		Carriedforward from d77c167
pytest-inference	0.00% <ø> (ø)		Carriedforward from d77c167
pytest-training	82.14% <ø> (ø)		Carriedforward from d77c167
vitest	51.08% <ø> (ø)		Carriedforward from d77c167

*This pull request uses carry forward flags. Click here to find out more.
see 12 files with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bindsi]

Fantastic, you are the best 🙏

[katriendg]

Fantastic, you are the best 🙏

Thanks for your review @bindsi. The current approach is really an experimentation as we learn more about AW features, and its evolution. Could also completely fail on me once I merge this one 😆 But giving it a try!