Add weekday agentic workflow for maintainer activity email digest

[Copilot]

This adds a GitHub Agentic Workflow that generates a daily weekday maintainer digest for repository activity and delivers it by email. The report covers new issues, merged PRs, and open blockers, with explicit guidance to attribute bot-authored activity to responsible humans.

• Workflow added: daily maintainer digest

  • Introduced .github/workflows/daily-maintainer-activity-report.md with fuzzy weekday scheduling (daily on weekdays).
  • Configured read-only GitHub access via tools.github.toolsets: [default] for repository activity summarization.

• Custom safe output for email delivery

  • Added safe-outputs.jobs.send_daily_maintainer_report to send the digest through SMTP using repository secrets.
  • Implemented payload extraction from GH_AW_AGENT_OUTPUT and explicit subject/body validation before send.

• Prompt contract for report quality

  • Defined required sections in email output (New Issues, Pull Requests Merged, Open Blockers, Notes).
  • Added deterministic blocker-label matching guidance and explicit human-attribution priority for bot-authored PR activity.
  • Uses noop when there is no reportable activity.

• Repository metadata update

  • Updated .gitattributes to mark *.lock.yml workflow artifacts as generated and resolve merge conflicts with merge=ours, with an inline note to recompile on conflicts.

on:
  schedule: daily on weekdays
tools:
  github:
    toolsets: [default]
safe-outputs:
  noop:
  jobs:
    send_daily_maintainer_report:
      inputs:
        subject: { required: true, type: string }
        body: { required: true, type: string }

[Copilot]

Pull request overview

Adds a new GitHub Agentic Workflow to generate a weekday maintainer activity digest (issues/merged PRs/blockers) and deliver it via SMTP, plus marks the compiled lock file as generated.

Changes:

• Introduces an agentic workflow source (.md) and compiled workflow (.lock.yml) for a scheduled weekday maintainer email digest.
• Implements a safe-output job (send_daily_maintainer_report) that extracts validated subject/body from GH_AW_AGENT_OUTPUT and sends via SMTP.
• Updates .gitattributes to treat *.lock.yml as generated and apply a merge strategy.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/daily-maintainer-activity-report.md	Defines the agentic workflow prompt contract and the safe-output email delivery job.
.github/workflows/daily-maintainer-activity-report.lock.yml	Compiled GitHub Actions workflow generated from the .md source.
.gitattributes	Marks workflow lock files as generated and sets merge behavior for *.lock.yml.

[Copilot]

Setting merge=ours for generated *.lock.yml files can silently keep an outdated lock file when the corresponding .md prompt file changes in another branch, leading to a merged state where the lock file no longer matches the source (and the workflow’s stale-lock-file check may fail at runtime). Safer options are to (1) avoid merge=ours and resolve conflicts by regenerating the lock file, or (2) enforce regeneration in CI so mismatches can’t land.

Suggested change

	# Agentic workflow lock files are generated artifacts; keep ours and recompile on conflicts.
	.github/workflows/*.lock.yml linguist-generated=true merge=ours
	# Agentic workflow lock files are generated artifacts; resolve conflicts by regenerating them.
	.github/workflows/*.lock.yml linguist-generated=true

[Copilot]

Using fixed heredoc delimiters (__SUBJECT__ / __BODY__) when writing to $GITHUB_OUTPUT can break output parsing (or allow output injection) if the subject/body ever contains those sentinel strings. Generate a unique delimiter per run (e.g., from uuidgen/openssl rand) and use that delimiter for both fields to make this robust.

Suggested change

	{
	echo "subject<<__SUBJECT__"
	echo "$subject"
	echo "__SUBJECT__"
	echo "body<<__BODY__"
	echo "$body"
	echo "__BODY__"
	delimiter=$(uuidgen)
	{
	echo "subject<<$delimiter"
	echo "$subject"
	echo "$delimiter"
	echo "body<<$delimiter"
	echo "$body"
	echo "$delimiter"

[Copilot]

REPORT_SUBJECT is inserted into an email header; if the agent output includes a newline/carriage return, Python’s EmailMessage will raise and the job will fail. Consider normalizing the subject to a single line (e.g., strip \r/\n, collapse whitespace, and optionally enforce a max length) as part of the validation in the payload extraction step.

Suggested change

	subject=$(echo "$item" | jq -r '.subject')
	body=$(echo "$item" | jq -r '.body')
	if [ -z "$subject" ] || [ "$subject" = "null" ]; then
	echo "Missing subject in send_daily_maintainer_report output."
	exit 1
	fi
	raw_subject=$(echo "$item" | jq -r '.subject')
	body=$(echo "$item" | jq -r '.body')
	if [ -z "$raw_subject" ] || [ "$raw_subject" = "null" ]; then
	echo "Missing subject in send_daily_maintainer_report output."
	exit 1
	fi
	subject=$(printf '%s' "$raw_subject" | tr '\r\n' ' ' | sed 's/[[:space:]]\+/ /g; s/^ //; s/ $//')
	subject="${subject:0:255}"
	if [ -z "$subject" ]; then
	echo "Subject in send_daily_maintainer_report output must contain non-whitespace characters."
	exit 1
	fi

[sonarqubecloud]

Quality Gate failed

Failed conditions
6 Security Hotspots

See analysis details on SonarQube Cloud