A team wants a repository-local workflow in inventory-service that validates Copilot-created pull requests for that repository only. The workflow should run when pull requests target main, should read repository contents, and should not request write access to issues or pull requests. Which option completes the workflow?
name: validate-repository-scoped-agent-pr
on:
(Missing value 1):
branches:
- main
permissions:
contents: (Missing value 2)
pull-requests: (Missing value 3)
issues: none
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Confirm repository scope
run: |
test "${{ github.repository }}" = "octo-org/inventory-service"
npm ci
npm testChoose an answer
Tap an option to check your answer.
Correct answer: Missing value 1 = pull_request Missing value 2 = read Missing value 3 = read.
Why this is the answer
The correct option configures the workflow to run on pullrequest events targeting the main branch, which aligns with the requirement to validate pull requests. Setting contents: read grants the necessary permission to read repository contents for actions like actions/checkout@v4 and running npm ci and npm test. pull-requests: read is sufficient for the workflow to access pull request metadata without needing to modify them. Incorrect options: push would trigger on pushes, not pull requests. write permissions are not needed for this validation. workflowdispatch requires manual triggering, not automatic PR validation. write permissions are not needed. mergegroup triggers for merge queues, not general pull request validation. none for contents would prevent actions/checkout.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed