A team wants a GitHub Actions workflow that labels Copilot-created pull requests based on path risk. Changes under docs/** should be treated as low risk. Changes under src/auth/**, infra/deploy/**, or compliance/** should be marked for human intervention before privileged workflows or merge decisions. Which option completes the workflow?
name: classify-agent-risk
on:
(Missing value 1):
types: [opened, synchronize, reopened]
permissions:
contents: read
pull-requests: read
issues: write
jobs:
classify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Detect changed files
id: changes
uses: dorny/paths-filter@v3
with:
filters: |
low:
- 'docs/**'
high:
- 'src/auth/**'
- 'infra/deploy/**'
- 'compliance/**'
- name: Apply high-risk label
if: steps.changes.outputs.high == 'true'
run: |
gh pr edit "${{ github.event.pull_request.number }}" \
--add-label "(Missing value 2)"
env:
GH_TOKEN: ${{ github.token }}
- name: Apply low-risk label
if: steps.changes.outputs.high != 'true' && steps.changes.outputs.low == 'true'
run: |
gh pr edit "${{ github.event.pull_request.number }}" \
--add-label "(Missing value 3)"
env:
GH_TOKEN: ${{ github.token }}Choose an answer
Tap an option to check your answer.
Correct answer: Missing value 1 = pull_request Missing value 2 = human-review-required Missing value 3 = agent-low-risk.
Why this is the answer
The correct answer identifies the appropriate trigger and labels. Missing value 1 should be pullrequest because the workflow needs to run when a pull request is opened, synchronized (updated), or reopened, which is explicitly stated by types: [opened, synchronize, reopened]. push, workflowdispatch, and schedule are incorrect as they do not trigger on pull request activity. Missing value 2 should be human-review-required. The problem statement specifies that changes under src/auth/, infra/deploy/, or compliance/ (which are defined as high risk in the dorny/paths-filter step) should be marked for human intervention. Missing value 3 should be agent-low-risk. The problem states that changes under docs/ should be treated as low risk, and this step applies when high risk is not detected but low risk is. The other label options like security-approved, compliance-bypass, deploy-ready, and agent-automerge do not align with the risk classification described.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed