A repository allows Copilot coding agent to work from assigned issues and open draft pull requests. The team wants a validation workflow that runs whenever the agent-created pull request is opened, updated, or marked ready for review. The workflow should validate the pull request without granting unnecessary write permissions. Which option completes the workflow?
name: validate-agent-pr
on:
(Missing value 1):
types:
- opened
- synchronize
- ready_for_review
permissions:
contents: (Missing value 2)
pull-requests: read
jobs:
validate:
runs-on: ubuntu-latest
steps:
- (Missing value 3): actions/checkout@v4
- name: Run tests
run: npm ci && npm testChoose an answer
Tap an option to check your answer.
Correct answer: Missing value 1 = pull_request Missing value 2 = read Missing value 3 = uses.
Why this is the answer
The correct answer completes the workflow to validate agent-created pull requests securely. Missing value 1 is pullrequest because the workflow needs to trigger on events related to pull requests being opened, updated (synchronize), or marked ready for review. push triggers on code pushes, not PR lifecycle events. workflowdispatch allows manual triggering. pullrequesttarget is for workflows that need to run in the context of the base repository and often requires more elevated permissions, which isn't necessary here. Missing value 2 is read for contents permissions. The workflow only needs to read the repository's contents to run tests, not modify them. Granting write would provide unnecessary permissions, violating the principle of least privilege. Missing value 3 is uses. This keyword is used to specify an action to run, such as actions/checkout@v4, which checks out the repository's code. run is used for executing shell commands.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed