A repository uses Copilot to prepare pull requests that may update application code. The validation workflow should run on pull requests into main, read repository contents, and comment only when the guardrail script detects a policy violation. The job should not receive repository write permissions beyond pull request comments. Which option completes the workflow?
name: agent-guardrail-check
on:
(Missing value 1):
branches:
- main
permissions:
contents: read
(Missing value 2): write
jobs:
guardrail:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run guardrail validation
run: ./scripts/check-agent-boundaries.sh
- name: Comment on policy violation
if: failure()
(Missing value 3): gh pr comment "$PR_NUMBER" --body "Guardrail validation failed. Human review is r
equired."
env:
GH_TOKEN: ${{ github.token }}
PR_NUMBER: ${{ github.event.pull_request.number }}Choose an answer
Tap an option to check your answer.
Correct answer: Missing value 1 = pull_request Missing value 2 = pull-requests Missing value 3 = run.
Why this is the answer
The pullrequest event trigger (Missing value 1) is correct because the workflow needs to run specifically when a pull request is opened or updated, as stated in the requirement "run on pull requests into main." The pull-requests: write permission (Missing value 2) is necessary to allow the workflow to comment on the pull request, fulfilling the requirement to "comment only when the guardrail script detects a policy violation." The run keyword (Missing value 3) is used to execute shell commands directly within a step, such as the gh pr comment command for commenting on the pull request. Incorrect options: workflowdispatch would require manual triggering. issues permission is for managing issues, not pull request comments. push would trigger on pushes to the branch, not specifically pull requests. contents: write would grant excessive permissions beyond commenting. pullrequesttarget has security implications and is not needed here. actions permission is for managing GitHub Actions, not PR comments. uses, with, and env are not used for executing shell commands directly in this context.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed