This toolkit includes 25 AI-powered GitHub Actions workflows. They automate code review, documentation, issue triage, security scanning, and more — all powered by GitHub Copilot CLI.
Location: templates/workflows/
dx-toolkit (source) Your Repository
┌──────────────────────┐ copy ┌────────────────────┐
│ templates/workflows/ │ ──────────► │ .github/workflows/ │
│ pr-code-reviewer │ │ pr-code-reviewer │
│ smart-labeler │ │ smart-labeler │
│ ... │ │ ... │
└──────────────────────┘ └────────────────────┘
Each workflow is self-contained — you copy it directly to your repo's .github/workflows/ folder. No cross-repo references needed. You own the file and can customize triggers, inputs, and steps directly.
All workflows use the default AI model (claude-sonnet-4) and can be customized by editing the workflow file directly.
pr-code-reviewer.yml
Triggers: pull_request (opened, synchronize)
What it does: AI-powered code review that analyzes PR diffs for bugs, security issues, performance problems, and best practice violations. Leaves inline review comments.
pr-size-checker.yml
Triggers: pull_request (opened, synchronize)
What it does: Warns about oversized PRs, suggests how to break them down, adds size labels (size/S, size/M, size/L, size/XL), and leaves comments for large PRs.
continuous-docs.yml
Triggers: pull_request (opened, synchronize)
What it does: Analyzes PR code changes, detects documentation drift (outdated README, missing API docs), auto-fixes documentation, and pushes a commit to the PR branch.
smart-labeler.yml
Triggers: issues (opened, edited), pull_request (opened, edited)
What it does: Analyzes issue/PR content to assign appropriate labels, removes incorrect ones, and creates new labels when the existing set is insufficient.
issue-quality-enhancer.yml
Triggers: issues (opened)
What it does: Auto-improves issue titles and bodies — translates to English, adds structure, emoji prefixes, code references, and labels. Makes every issue high-quality regardless of the author's experience.
duplicate-issue-detector.yml
Triggers: issues (opened)
What it does: Detects potential duplicate issues using AI analysis, labels duplicates, and adds a comment linking to the original issue.
first-contributor-welcome.yml
Triggers: pull_request_target (opened), issues (opened)
What it does: Welcomes first-time contributors with a personalized message, assigns labels (e.g., first-contribution), and provides helpful resources and guidelines.
copilot-suggester.yml
Triggers: schedule (first day of each month at 9:00 UTC)
What it does: Scans the entire codebase and generates improvement suggestions across categories: security, performance, refactoring, testing, documentation, architecture, configuration, bugs, maintainability, UX, and README.
security-scanner.yml
Triggers: schedule (Wednesday 6:00 UTC)
What it does: AI-powered security analysis that scans for vulnerabilities, misconfigurations, exposed secrets, and best practice violations. Optionally creates issues for findings.
release-notes-generator.yml
Triggers: release (created)
What it does: Auto-generates comprehensive release notes from merged PRs and commits between two tags. Groups changes by category, highlights breaking changes, and lists contributors.
stale-issue-manager.yml
Triggers: schedule (Monday 9:00 UTC)
What it does: Identifies stale issues using AI analysis (not just age), nudges maintainers with context-aware messages, and optionally closes truly abandoned issues.
label-beautifier.yml
Triggers: schedule (quarterly, first day every 3 months at 9:00 UTC)
What it does: Modernizes all repository labels — adds emoji prefixes, consistent colors, and descriptions. Supports dry-run mode to preview changes.
auto-changelog.yml
Triggers: release (created)
What it does: Generates a changelog from merged PRs and commits between releases. Groups entries by type (features, fixes, chores) and formats them for readability.
dependency-update-checker.yml
Triggers: schedule (weekly)
What it does: Scans for outdated dependencies across your project and creates issues for updates. Detects the package manager automatically or accepts a manual override.
broken-link-checker.yml
Triggers: push to main (markdown files)
What it does: Scans documentation files for broken internal and external links, then reports them as annotations or comments.
license-compliance.yml
Triggers: pull_request
What it does: Checks dependency licenses against configurable allow/deny lists. Fails the check if a dependency uses a denied license and comments with details.
code-coverage-report.yml
Triggers: pull_request
What it does: Runs your test suite, generates a coverage report, and comments on the PR with a coverage summary. Fails if coverage drops below the threshold.
conventional-commit-checker.yml
Triggers: pull_request
What it does: Validates that the PR title and all commits follow the Conventional Commits specification. Comments with specific violations and fix suggestions.
auto-assign-reviewers.yml
Triggers: pull_request (opened)
What it does: AI assigns reviewers based on file ownership and recent commit history. Picks the people most familiar with the changed code.
branch-cleanup.yml
Triggers: pull_request (closed) + schedule (weekly)
What it does: Deletes merged and stale branches that haven't seen activity. Respects exclusion patterns so protected branches stay untouched.
container-image-scanner.yml
Triggers: pull_request (Dockerfile changes)
What it does: Builds the container image and scans it with Trivy for vulnerabilities. Comments on the PR with findings grouped by severity.
monorepo-change-detector.yml
Triggers: pull_request
What it does: Detects which packages changed in a monorepo and outputs the affected list. Downstream jobs can use this to run only the relevant builds and tests.
api-docs-generator.yml
Triggers: push to main (API files)
What it does: Generates API documentation from source code annotations and type definitions. Pushes the updated docs to the repository.
todo-tracker.yml
Triggers: push to main
What it does: Finds TODO and FIXME comments in the codebase and creates or updates GitHub issues for each one. Closes issues when the comment is removed.
wiki-docs-sync.yml
Triggers: pull_request closed (merged to main)
What it does: When a PR is merged, analyzes the diff and touched files, clones the repository's GitHub Wiki, and creates or updates wiki pages to reflect the changes. Maintains a standard wiki structure (Home, Architecture, API Reference, Configuration, Changelog, etc.) and comments on the merged PR with a summary of wiki updates.
All workflows require:
- GitHub Copilot CLI — Installed automatically via
curl -fsSL https://gh.io/copilot-install | bash GH_TOKENsecret — A Personal Access Token with appropriate permissions (repo,issues,pull_requests)- Concurrency control — Every workflow defines a concurrency group to prevent parallel runs on the same PR/issue
- Timeout — Every job has
timeout-minutesset to prevent runaway jobs
See Installation for detailed setup instructions.
- Start small: Install
pr-code-reviewerandsmart-labelerfirst — they provide the most immediate value - Customize triggers: Edit the workflow's
on:section to match your branching strategy - Model selection: Change the default model by editing the
MODELenv variable in the workflow file - Monitor costs: AI-powered workflows consume Copilot API quota — monitor usage in your GitHub settings
- Concurrency: The built-in concurrency groups prevent double-runs, but check your org's concurrent job limits