Simplify the focus of devops health workflows

[JanKrivanek]

Motivation

The size and scope of the repo increased - so limiting the scope of the devops workflows to just the infra stuff

[Copilot]

Pull request overview

This PR narrows the DevOps health workflow suite to focus on repository infrastructure signals (pipelines, infra configuration, and resource usage), removing skill-quality and PR/review tracking from the orchestrator and investigation playbooks.

Changes:

• Removed “quality” and “PR” health checks/playbooks, updating workflow scope text and dispatch rules accordingly.
• Reduced required GitHub permissions/toolsets for the orchestrator and groomer to match the new infra-only focus.
• Updated the shared compiled knowledge (devops-*.lock.md) to reflect the simplified categories and fingerprints.

Show a summary per file

File	Description
docs/agentic-workflows.md	Updates docs to describe the simplified infra-focused health workflow scope/categories.
.github/workflows/devops-health-check.md	Refocuses the orchestrator workflow to pipeline/infra/resource signals; removes PR/quality scope and related permissions/toolsets.
.github/workflows/devops-health-investigate.md	Limits investigation worker inputs/playbook routing to pipeline/infra/resource categories.
.github/workflows/devops-health-groom.md	Removes PR permissions/toolsets now that PR/review health is out of scope.
.github/aw/shared/devops-investigate.lock.md	Removes quality/PR playbooks and strengthens pipeline/infra/resource investigation guidance.
.github/aw/shared/devops-health.lock.md	Removes quality/PR fingerprinting/severity rules and updates dispatch rules/budgeting for the reduced scope.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

docs/agentic-workflows.md:24

• The architecture diagram still says the orchestrator “Dispatches investigation workers (up to 10)”, but the updated dispatch rules now cap investigations at 2 per run. Please update this line to avoid conflicting guidance.

devops-health-check (Orchestrator) ─── runs daily
  ├─ Collects health signals from 3 categories:
  │   Pipeline · Infrastructure · Resources
  ├─ Fingerprints each finding for stable diff tracking
  ├─ Classifies: 🆕 NEW · 📌 EXISTING · ✅ RESOLVED
  ├─ Updates pinned health dashboard issue
  └─ Dispatches investigation workers (up to 10)

• Files reviewed: 6/6 changed files
• Comments generated: 4

[Copilot]

Pull request overview

This PR narrows the “DevOps health” agentic workflows to an infrastructure-focused scope (pipeline, infra configuration, and resource usage), removing skill-quality and PR-review health tracking. It also updates the shared playbooks/fingerprinting guidance and regenerates the compiled .lock.yml workflows accordingly.

Changes:

• Updated the health check + investigation documentation/playbooks to only cover pipeline, infra, and resource findings (removing quality/PR categories).
• Adjusted workflow permissions/toolsets for the orchestrator and groomer to drop PR access, and regenerated compiled lock files with the newer gh-aw compiler.
• Updated shared “compiled knowledge” docs (devops-health.lock.md, devops-investigate.lock.md) to match the new scope and dispatch rules.

Show a summary per file

File	Description
docs/agentic-workflows.md	Updates the high-level documentation to reflect infra-only health checks (but still has a stale dispatch limit reference).
.github/workflows/devops-health-check.md	Refocuses the orchestrator prompt and rules on pipeline/infra/resource signals; removes PR toolset usage.
.github/workflows/devops-health-check.lock.yml	Regenerated compiled workflow reflecting updated scope/toolsets and gh-aw version bump.
.github/workflows/devops-health-investigate.md	Updates worker workflow input semantics/docs to remove quality/PR categories.
.github/workflows/devops-health-investigate.lock.yml	Regenerated compiled worker workflow with updated metadata and toolchain versions.
.github/workflows/devops-health-groom.md	Removes PR permissions/toolset from grooming workflow.
.github/workflows/devops-health-groom.lock.yml	Regenerated compiled groom workflow reflecting updated toolsets and gh-aw version bump.
.github/workflows/close-stale-prs.agent.lock.yml	Regenerated compiled workflow due to compiler/toolchain updates.
.github/aw/shared/devops-investigate.lock.md	Removes quality/PR playbooks and refines pipeline/infra/resource investigation guidance.
.github/aw/shared/devops-health.lock.md	Removes quality/PR fingerprinting and dispatch rules; updates infra/resource catalog and dispatch budget guidance.
.github/aw/actions-lock.json	Updates the pinned action entries to include actions/github-script@v9 and github/gh-aw-actions/setup@v0.68.1.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

docs/agentic-workflows.md:24

• The architecture diagram still says the orchestrator dispatches investigation workers "(up to 10)", but the updated health check workflow now caps dispatches at 2 per run. Please update this line so the docs match the new dispatch budget/guardrail.

devops-health-check (Orchestrator) ─── runs daily
  ├─ Collects health signals from 3 categories:
  │   Pipeline · Infrastructure · Resources
  ├─ Fingerprints each finding for stable diff tracking
  ├─ Classifies: 🆕 NEW · 📌 EXISTING · ✅ RESOLVED
  ├─ Updates pinned health dashboard issue
  └─ Dispatches investigation workers (up to 10)

• Files reviewed: 11/11 changed files
• Comments generated: 1

[Copilot]

The dispatch budget here is capped at 2, but the workflow frontmatter still allows safe-outputs.dispatch-workflow.max: 5. Since safe-outputs is the enforcement layer, consider lowering the safe-output max to 2 as well so the workflow cannot dispatch more investigations than intended (and risk hitting the shared concurrency cancellation issue).