microsoft/amplifier-app-actions

microsoft/amplifier-app-actions

Description: AI-powered GitHub Actions for automated issue triage and PR review

Language: Python

License: MIT

Stars: 0

Forks: 0

Open issues: 0

Created: 2026-05-20T20:12:05Z

Pushed: 2026-06-03T15:22:14Z

Default branch: main

Fork: no

Archived: no

README:

amplifier-app-actions

AI-assisted issue triage, PR review, and investigation that runs directly inside GitHub Actions, powered by Amplifier. Drop in a workflow, point it at a purpose-built bundle, and your repo gets an agent that classifies issues, reviews diffs, and posts findings — no extra infrastructure needed.

Quick start

Add ANTHROPIC_API_KEY as a repository secret (Settings → Secrets and variables → Actions), then copy the workflow below.

Issue triage

No actions/checkout needed — the agent reads the event payload directly.

# .github/workflows/issue-triage.yml
name: Issue Triage

on:
issues:
types: [opened]

permissions:
issues: write
contents: read

jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: microsoft/amplifier-app-actions@main
with:
bundle: git+https://github.com/microsoft/amplifier-app-actions@main#subdirectory=bundles/issue-triage.bundle.md
prompt: A new issue was opened. Triage it.
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

PR review

actions/checkout with fetch-depth: 0 is required so the agent can read the full diff.

# .github/workflows/pr-review.yml
name: PR Review

on:
pull_request:
types: [opened]

permissions:
pull-requests: write
contents: read

jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: microsoft/amplifier-app-actions@main
with:
bundle: git+https://github.com/microsoft/amplifier-app-actions@main#subdirectory=bundles/pr-review.bundle.md
prompt: A pull request was opened. Review it.
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

> Security warning: Never use pull_request_target in workflows that call this action. pull_request_target runs with write permissions in the context of the base branch and can expose secrets to untrusted code from a fork. Use pull_request only. See Preventing pwn requests.

How it works

When a workflow triggers, the action runs an Amplifier agent session against the GitHub event (issue opened, PR opened, comment created, etc.). You supply exactly one instruction source — an inline prompt, a prompt_source file, a recipe_source YAML, or an attractor_source pipeline — plus a bundle that gives the agent its tools and context. The agent reads the event, does its work, and posts a comment and/or label back to GitHub.

Three ways to drive it

a. Default: let the bundle do it (recommended)

The specialized bundles — issue-triage, pr-review, and investigate — come pre-loaded with battle-tested guidance for their job. A one-line prompt is all you need; the bundle supplies the expertise. This is how the [setup agent](#get-help-setting-up) configures a new repo.

> Important: These bundles are not built-in aliases — setting bundle: to a bare name such as issue-triage, pr-review, or investigate will not work. Always reference them via their full git+https:// URI.

Issue triage (no checkout needed):

- uses: microsoft/amplifier-app-actions@main
with:
bundle: git+https://github.com/microsoft/amplifier-app-actions@main#subdirectory=bundles/issue-triage.bundle.md
prompt: A new issue was opened. Triage it.
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

PR review (actions/checkout required):

- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: microsoft/amplifier-app-actions@main
with:
bundle: git+https://github.com/microsoft/amplifier-app-actions@main#subdirectory=bundles/pr-review.bundle.md
prompt: A pull request was opened. Review it.
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

Issue investigation (triggered by /investigate comment, actions/checkout required):

- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: microsoft/amplifier-app-actions@main
with:
bundle: git+https://github.com/microsoft/amplifier-app-actions@main#subdirectory=bundles/investigate.bundle.md
prompt: |
A contributor requested investigation of this issue.
Read the issue from the GitHub event context, examine the repository
code, and post your findings as a comment.
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

b. Custom prompt

Write your own instructions as an inline string or a file in your repo.

`prompt:` (inline) — best for short, self-contained instructions. No checkout needed when using an inline prompt with no local file dependencies.

- uses: microsoft/amplifier-app-actions@main
with:
prompt: |
Review the issue title and body.
Add one of these labels: bug, feature-request, question, documentation.
Post a brief acknowledgment comment.
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

`prompt_source:` (file path or `git+https://` URI) — best for longer prompts you want to version-control separately. For a local path, it is resolved from $GITHUB_WORKSPACE; pass a git+https:// URI to fetch from another repo without a checkout step.

- uses: actions/checkout@v4
- uses: microsoft/amplifier-app-actions@main
with:
prompt_source: .github/amplifier/triage-prompt.md
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

c. Attractor pipeline (attractor_source:)

For multi-step triage or review, point attractor_source: at a Graphviz .dot file that defines a pipeline. The action executes the pipeline via the loop-pipeline orchestrator — it does not simply load the file as context.

How an attractor run works:

• The bundle: input is ignored — the built-in attractor-pipeline bundle is always used.
• The GitHub event becomes the pipeline's goal.
• Each node runs as a separate child session; analysis nodes can read code and call tools.
• One node must be designated as the commenter by setting llm_provider="anthropic-commenter" on it; only that node can post comments and labels.

actions/checkout is required for a local path (the .dot file lives in your repo); use a git+https:// URI to skip the checkout step.

- uses: actions/checkout@v4
- uses:…