---
title: "🚦 Main Branch: The One Where the Bots Run CI (If You Let Them)"
date: 2026-06-14
author: Andrea Griffiths
language: en
issue: 31
excerpt: "GitHub Actions now lets bot-created PRs run CI with approval, and GitHub Agentic Workflows is in public preview. Plus a Copilot Chromium canvas."
tags: ["github-actions", "agentic-workflows", "github-copilot", "ci-cd", "playwright", "newsletter"]
canonical_url: https://mainbranch.beehiiv.com/p/main-branch-the-one-where-the-bots-run-ci-if-you-let-them-issue-31
---

Hiya friends,

Two ships this week, and they rhyme. GitHub spent the week working out who gets to run things inside Actions: the bots that open your pull requests, and the agents you point at your repo. Both shipped with a gate attached.

## 🚢 What Shipped

### [Bot-created PRs can now run your CI, behind an approval gate](https://github.blog/changelog/2026-06-11-bot-created-pull-requests-can-run-workflows-if-approved)

Until now, a pull request opened by `github-actions[bot]` couldn't trigger your CI/CD workflows, so bot changes could reach merge without your checks ever running. As of June 11, those PRs run the configured workflows once someone with write access approves them. The approval step is deliberate: it keeps generated code from automatically running workflows that might touch secrets. If you live in [Dependabot](https://docs.github.com/en/code-security/dependabot) or [Renovate](https://docs.renovatebot.com), this closes a real gap, and it also means a human clicks before CI moves.

### [GitHub Agentic Workflows landed in public preview](https://github.blog/changelog/2026-06-11-github-agentic-workflows-is-now-in-public-preview/)

You can now run coding agents inside Actions for the reasoning-heavy chores: issue triage, CI failure analysis, doc updates. You write the automation as a Markdown file in plain language, and it compiles to standard Actions YAML, so it runs on your existing runner groups under the policies you already enforce. By default the agent is read-only, sandboxed in a container behind an Agent Workflow Firewall, with a threat-detection job that scans proposed changes before they apply. Quickstart is at `gh.io/gh-aw-quickstart`.

## 📖 What I'm Reading

**[Make the System Work for You](https://www.linkedin.com/pulse/make-system-work-you-scott-berkun-jlibc/) by Scott Berkun**

An excerpt from [Why Design Is Hard](https://scottberkun.com/why-design-is-hard/). Berkun leans on Deming's claim that 94% of an organization's results come from its systems, not the individuals, and argues the smart move is to map how your org actually works instead of fighting it head-on. I keep coming back to the Chesterton's Fence line: don't tear down a process until you understand why it's there.

Worth your time if: you're the person who keeps trying to fix the org by force and burning out for it.

## 🔧 What I'm Using

[Chromium Control Canvas](https://gist.github.com/AndreaGriffiths11/b9ebe41deabdcdd0930954d5542cd918), a GitHub Copilot canvas extension I built. The host app's built-in browser canvas runs on WebKit, so this one launches a real headful Chromium through [Playwright](https://playwright.dev) and gives the agent the full action set (`snapshot`, `click`, `type`). It reuses the [Claw Relay](https://clawrelay.dev) patterns: a persistent profile, a site blocklist, and an audit log. I reach for it when an agent needs a real logged-in Chrome session, like confirming a deploy renders or walking a signup flow, with access scoped and logged.

## ✨ This Week

I've got World Cup fever. Main Branch goes every other week through the summer so I can get some proper downtime. First up is a week in Colombia with my youngest to see family, while my oldest is on the road with [houseband.live](https://houseband.live). Then in July I'm back in Berlin for [WeAreDevelopers World Congress](https://www.wearedevelopers.com/world-congress) (July 8 to 10), glad to catch up with European friends. Last year I led a workshop there building [GitVision](https://github.com/GH-Event-Demos/gitvision-workshop), an app that turns your GitHub commits into AI-curated Eurovision playlists, one Copilot prompt at a time. A year on, I wouldn't hand-prompt it function by function. I'd write the spec once in [Spec Kit](https://www.youtube.com/live/bIioEmT2KEM?si=5XbkQRuv4J1MiQd-) and let the coding agent work the plan and tasks while I steer and review. Back to weekly when summer's over, which conveniently leaves more time for the World Cup.

See you in two weeks.

With gratitude,
Andrea