Update the renovate agent so that it fixes the code by itself

[jzbahrai]

Summary | Résumé

Two improvements to the Renovate Agent:

1. Badge confidence detection fix: near-white/white pixels from the mend.io badge PNG are no longer misidentified as "neutral" confidence — the PNG sampling point is also shifted right (0.88→0.93) to better hit the coloured value area.

2. Copilot agentic auto-fix loop: when the renovate-agent updates a dependency and the tests fail, instead of deleting the branch, a draft PR is created and Copilot (via GitHub Agentic Workflows) automatically reads the CI failure logs, fixes the broken code, and re-triggers CI. Once CI goes green the draft PR is promoted to ready-for-review — fully automated, no human intervention required.

Changes

Badge confidence fix (scripts/renovate_agent.py, tests/test_renovate_agent.py)

• _sample_badge_png_color: default frac_x shifted from 0.88 → 0.93 (samples further right into the coloured value area of the badge)
• _confidence_from_color: near-white pixels (R, G, B all > 200) now return None instead of falling through to "neutral" — white means the sampler missed the badge colour region
• New unit tests: test_white_returns_none, test_near_white_returns_none

Automated Copilot fix loop (new workflows)

File	Purpose
scripts/renovate_agent.py	New --create-draft-pr flag: creates a draft PR with renovate-fix-needed label when tests fail
.github/workflows/renovate-agent.yml	Step 8: --cleanup → --create-draft-pr on test failure
.github/workflows/fix-renovate-tests.md	gh-aw agentic workflow: Copilot reads CI logs, edits failing code, pushes fix, removes label
.github/workflows/fix-renovate-tests.lock.yml	Compiled lock file for the above (auto-generated by compile-gh-aw-lock.yml)
.github/workflows/promote-renovate-pr.yml	When CI goes green on a renovate-agent/** branch, converts the draft PR to ready-for-review
.github/workflows/retrigger-ci-after-copilot-fix.yml	When renovate-fix-needed label is removed, pushes an empty commit via PR Bot to re-trigger CI
.github/workflows/compile-gh-aw-lock.yml	Utility: recompiles fix-renovate-tests.lock.yml on GitHub's native Linux when the .md changes

Full automated flow (after merge)

renovate-agent.yml (tests fail)
  → --create-draft-pr  →  Draft PR + labels: [renovate-agent, renovate-fix-needed]
                              ↓  (pull_request: labeled)
           fix-renovate-tests.lock.yml (Copilot reads CI logs, edits code, pushes fix)
                remove-labels [renovate-fix-needed]
                              ↓  (pull_request: unlabeled)
           retrigger-ci-after-copilot-fix.yml → PR Bot empty commit → CI re-triggers
                              ↓  (workflow_run: Python tests completed: success)
           promote-renovate-pr.yml → gh pr ready → PR ready for human review

Test instructions | Instructions pour tester la modification

Badge fix

poetry run pytest tests/test_renovate_agent.py -k "confidence" -v

Should see test_white_returns_none and test_near_white_returns_none pass.

Agentic fix loop (end-to-end)

Prerequisites (one-time setup):

# 1. COPILOT_GITHUB_TOKEN — a fine-grained PAT with no scopes from an account
#    with a Copilot licence (used only to authenticate to the Copilot LLM API)
gh secret set COPILOT_GITHUB_TOKEN --repo cds-snc/notification-api

# 2. Create the label that triggers the agentic workflow
gh label create "renovate-fix-needed" \\
  --color "E11D48" \\
  --description "Copilot agentic workflow will fix the failing tests" \\
  --repo cds-snc/notification-api

Trigger a test run:

1. Merge this PR to main
2. Go to Actions → Renovate Agent → Run workflow (or wait for Monday 08:00 UTC)
3. If a dependency update is found and tests fail:
   • A draft PR will appear on renovate-agent/<package>-<version>-<date>
   • The renovate-fix-needed label will be applied
   • Actions → "Fix Renovate Agent Test Failures" will start
   • Copilot reads the CI logs and pushes a fix commit within ~20 min
   • The label is removed, an empty commit triggers CI again
   • Once CI is green, the PR is promoted to ready-for-review automatically

Manual dry-run (without waiting for a real failure):

# Create a test branch with a deliberate test failure, open a draft PR,
# then add the label manually to trigger the agentic workflow:
gh pr create --draft --title "[renovate-agent] test" --head your-test-branch
gh pr edit <number> --add-label "renovate-fix-needed"

Then watch Actions → "Fix Renovate Agent Test Failures".

Release Instructions | Instructions pour le déploiement

None — no database migrations, no config changes, no service restarts required.

The two secrets above (COPILOT_GITHUB_TOKEN and the renovate-fix-needed label) must exist in the repo before the fix loop can activate.

[Copilot]

Pull request overview

Updates the Renovate agent’s mend.io badge confidence detection to avoid treating white/near-white pixels as “neutral”, and adjusts the sampling point to better hit the coloured value area.

Changes:

• Adjust badge PNG sampling default frac_x from 0.88 to 0.93.
• Treat near-white sampled pixels as “no confidence detected” (None) rather than “neutral”.
• Add unit tests covering white/near-white behavior in _confidence_from_color.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
scripts/renovate_agent.py	Tweaks PNG sampling location and updates badge-colour→confidence mapping to ignore near-white samples.
tests/test_renovate_agent.py	Adds regression tests ensuring white/near-white pixels map to None.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.