GitHub Copilot Setup: From Zero to Hero in Your Repository
10 Sep 2025 | github copilot ai devops productivity automationIntroduction
So you’ve heard about GitHub Copilot and you’re ready to supercharge your development workflow? Excellent choice! But hold on there, speed racer. Before you start having AI write your entire codebase (and inevitably blame it when things go sideways), let’s take a methodical approach to setting up Copilot properly in your repository.
This isn’t just about enabling Copilot and calling it a day. We’re talking about creating a thoughtful, well-configured environment that maximizes productivity while maintaining security and code quality. Think of this as your “Copilot onboarding checklist” – because nothing says professional like having your AI assistant properly trained from day one.
Step 1: Ensure Your Team Has Copilot Licenses
Before we dive into the fun configuration stuff, let’s handle the boring-but-essential part: making sure everyone on your team actually has access to Copilot. Because nothing kills momentum like half your team watching the other half get AI assistance while they’re still manually typing console.log.
Individual vs Organization Licenses
If you’re working in an organization, you’ll want to set up GitHub Copilot Business or Enterprise. This gives you centralized management, policy controls, and the ability to exclude specific content from Copilot’s training.
For individual developers or small teams, GitHub Copilot Individual might be sufficient, but you’ll miss out on the organizational controls we’ll discuss later.
Verifying Access
Once licenses are assigned, have your team members verify their access by checking their GitHub Copilot settings page. This page will show:
- Their current license type (Individual, Business, or Enterprise)
- Available features based on their subscription
- Organization policies that may affect their usage
After confirming their license, they should:
- Install the GitHub Copilot extension in their IDE
- Authenticate with their GitHub account
- Test with a simple code completion in your repository
Step 2: Set Up Custom Instructions Files
Here’s where things get interesting. Custom instructions are like giving Copilot a crash course in “how we do things around here.” Think of it as onboarding documentation, but for your AI assistant.
Creating Your Base Instructions
The easiest way to get started? Have Copilot write your initial custom instructions file. Meta, right? Here’s how:
- Create a
.github/copilot-instructions.mdfile in your repository - Ask Copilot to help you create instructions based on your project type and coding standards, or use the auto-generation feature to analyze your codebase and generate instructions
<!-- .github/copilot-instructions.md -->
# Custom Instructions for [Your Project Name]
## Project Overview
This is a [describe your project - web app, API, library, etc.] built with [tech stack].
## Coding Standards
- Use TypeScript for all new JavaScript code
- Follow ESLint configuration in this repository
- Prefer functional programming patterns where appropriate
- Write comprehensive JSDoc comments for all public APIs
- Use descriptive variable names (no single-letter variables except for loops)
## Architecture Guidelines
- Follow the established folder structure in /src
- Keep components small and focused on single responsibilities
- Use dependency injection for better testability
- Implement proper error handling and logging
## Testing Requirements
- Write unit tests for all business logic
- Use Jest for testing framework
- Aim for 80%+ code coverage
- Include integration tests for API endpoints
## Security Considerations
- Never hardcode secrets or API keys
- Validate all user inputs
- Use parameterized queries for database operations
- Follow OWASP security guidelines
Pro Tips for Custom Instructions
- Be specific: Instead of “write good code,” specify your exact conventions
- Include examples: Show Copilot what “good” looks like in your codebase
- Update regularly: As your project evolves, so should your instructions
- Version control: Keep your instructions in the repo so they evolve with your code
You can also check out the awesome-copilot repository for inspiration and community-contributed instruction templates.
Step 3: Configure Content Exclusion
Not everything in your repository should be fair game for Copilot’s suggestions. Some things are sacred, some are sensitive, and some are just plain weird legacy code that you don’t want Copilot learning from (we all have that one file from 2018 that “temporarily” handles edge cases).
Repository-Level Content Exclusions
Content exclusions in GitHub Copilot are configured through your repository settings, not through a file. Here’s how to set them up:
- Go to your repository’s Settings tab
- Navigate to Code security and analysis
- Find the GitHub Copilot section
- Configure content exclusions using path patterns
You can exclude files and directories using glob patterns like:
*.env*- All environment filesconfig/secrets.yml- Specific sensitive configuration filessrc/legacy/- Legacy code directoriestest/fixtures/- Test data that might contain sensitive informationdocs/archive/- Archived documentation
Organization-Level Exclusions
If you’re using Copilot Business or Enterprise, you can also configure organization-level content exclusions that apply across all repositories in your organization.
Step 4: Create Reusable Prompt Files
Prompt files are like having a collection of expert consultants on speed dial. Instead of typing out complex instructions every time, you can create reusable prompts for common tasks.
Setting Up .github/prompts/
Create a .github/prompts/ directory and organize your prompts by purpose:
.github/prompts/
├── code-review.md
├── documentation.md
├── testing.md
├── refactoring.md
└── security-review.md
Example Prompt Files
Code Review Prompt (.github/prompts/code-review.md):
---
title: "Code Review Assistant"
description: "Comprehensive code review focusing on best practices, security, and performance"
---
Please review the selected code for:
1. **Code Quality**
- Adherence to project coding standards
- Proper error handling
- Code readability and maintainability
2. **Performance**
- Potential bottlenecks
- Memory usage optimization
- Algorithm efficiency
3. **Security**
- Input validation
- SQL injection vulnerabilities
- XSS prevention
- Authentication and authorization
4. **Best Practices**
- Design patterns usage
- SOLID principles
- DRY principle compliance
Provide specific suggestions with code examples where applicable.
Testing Assistant Prompt (.github/prompts/testing.md):
---
title: "Test Generation Assistant"
description: "Generate comprehensive tests for the selected code"
---
Generate unit tests for the selected code that include:
1. **Happy Path Tests**
- Normal operation scenarios
- Expected inputs and outputs
2. **Edge Cases**
- Boundary conditions
- Empty/null inputs
- Maximum/minimum values
3. **Error Handling**
- Invalid inputs
- Network failures
- Database errors
4. **Mock Requirements**
- External dependencies
- API calls
- Database interactions
Use our project's testing framework and follow established patterns in the existing test suite.
Step 6: Set Up agents.md
---
title: "Code Review Assistant"
description: "Comprehensive code review focusing on best practices, security, and performance"
---
Please review the selected code for:
1. **Code Quality**
- Adherence to project coding standards
- Proper error handling
- Code readability and maintainability
2. **Performance**
- Potential bottlenecks
- Memory usage optimization
- Algorithm efficiency
3. **Security**
- Input validation
- SQL injection vulnerabilities
- XSS prevention
- Authentication and authorization
4. **Best Practices**
- Design patterns usage
- SOLID principles
- DRY principle compliance
Provide specific suggestions with code examples where applicable.
Testing Assistant Prompt (.github/prompts/testing.md):
---
title: "Test Generation Assistant"
description: "Generate comprehensive tests for the selected code"
---
Generate unit tests for the selected code that include:
1. **Happy Path Tests**
- Normal operation scenarios
- Expected inputs and outputs
2. **Edge Cases**
- Boundary conditions
- Empty/null inputs
- Maximum/minimum values
3. **Error Handling**
- Invalid inputs
- Network failures
- Database errors
4. **Mock Requirements**
- External dependencies
- API calls
- Database interactions
Use our project's testing framework and follow established patterns in the existing test suite.
Step 5: Configure Custom Chat Modes
Custom chat modes in VS Code allow you to create specialized “personalities” for Copilot Chat, each with specific instructions and focus areas. Think of them as having different expert consultants available at the click of a button.
Setting Up Chat Modes
Custom chat modes are configured in your VS Code settings. You can set them up at the user, workspace, or folder level. Here’s how to create them:
- Open VS Code Settings (Cmd/Ctrl + ,)
- Search for “copilot chat modes”
- Edit your
settings.jsonfile to add custom modes
Example Chat Mode Configuration
Add this to your .vscode/settings.json file in your repository:
{
"github.copilot.chat.customModes": {
"security": {
"description": "Security-focused code analysis",
"instructions": "You are a security expert. Focus exclusively on identifying vulnerabilities, security best practices, and potential threats. Always check for OWASP Top 10 vulnerabilities, input validation issues, and authentication/authorization problems. Provide specific remediation steps."
},
"performance": {
"description": "Performance optimization specialist",
"instructions": "You are a performance optimization expert. Analyze code for bottlenecks, memory usage, algorithm efficiency, and scalability issues. Suggest specific optimizations with benchmarks when possible."
},
"testing": {
"description": "Test generation and quality assurance",
"instructions": "You are a testing expert. Generate comprehensive test suites including unit tests, integration tests, edge cases, and error scenarios. Follow testing best practices and ensure good coverage."
},
"documentation": {
"description": "Technical documentation specialist",
"instructions": "You are a technical writer. Create clear, comprehensive documentation including API docs, README files, code comments, and user guides. Focus on clarity and completeness."
}
}
}
Using Chat Modes
Once configured, you can access your custom chat modes in VS Code:
- Open Copilot Chat (Ctrl/Cmd + Shift + I)
- Click the mode selector at the top of the chat panel
- Choose your custom mode (security, performance, testing, etc.)
- Your conversations will now use that mode’s specific instructions
For more detailed information, check out the VS Code Custom Chat Modes documentation.
Step 6: Set Up agents.md
The agents.md file is your central hub for defining specialized AI agents within your repository. Think of it as your AI team roster, where each agent has specific expertise and responsibilities.
Creating Your Agents Configuration
Create .github/agents.md:
# Repository AI Agents
## Available Agents
### @code-reviewer
**Specialty**: Code quality and best practices
**Description**: Provides comprehensive code reviews focusing on maintainability, performance, and adherence to project standards.
**Prompt**: Use the code-review.md prompt file and apply our project coding standards.
### @security-expert
**Specialty**: Security analysis and vulnerability assessment
**Description**: Analyzes code for security vulnerabilities and provides hardening recommendations.
**Prompt**: Focus exclusively on security aspects using OWASP guidelines and our security policies.
### @performance-optimizer
**Specialty**: Performance analysis and optimization
**Description**: Identifies performance bottlenecks and suggests optimizations.
**Prompt**: Analyze code for performance issues, memory usage, and algorithmic efficiency.
### @test-generator
**Specialty**: Test creation and coverage analysis
**Description**: Generates comprehensive test suites and analyzes test coverage.
**Prompt**: Create tests following our testing patterns in /tests and aim for 80%+ coverage.
### @docs-writer
**Specialty**: Documentation and API documentation
**Description**: Generates and maintains project documentation.
**Prompt**: Create clear, comprehensive documentation following our style guide in /docs.
## Usage Examples
- `@code-reviewer Please review this new feature implementation`
- `@security-expert Analyze this authentication module for vulnerabilities`
- `@performance-optimizer Can you optimize this data processing function?`
- `@test-generator Generate unit tests for this service class`
- `@docs-writer Create API documentation for these endpoints`
Best Practices for Agent Design
- Clear Specialization: Each agent should have a distinct purpose
- Consistent Naming: Use descriptive, memorable names
- Detailed Instructions: Include specific prompts and context for each agent
- Regular Updates: Keep agent definitions current with your project needs
Step 7: Configure MCP (Model Context Protocol) Servers
MCP servers extend Copilot’s capabilities by connecting it to external tools and data sources. This is where you can really customize Copilot to understand your specific infrastructure and workflows.
Understanding MCP
Model Context Protocol (MCP) is GitHub’s standard for connecting AI models to external tools and data sources. Think of it as a bridge between Copilot and your existing tools.
Common MCP Use Cases
- Database Integration: Query your databases directly from Copilot
- API Documentation: Real-time access to API specifications
- Monitoring Systems: Get metrics and logs without leaving your IDE
- Issue Tracking: Interact with Jira, Linear, or GitHub Issues
- Cloud Resources: Manage AWS, Azure, or GCP resources
Setting Up Basic MCP Configuration
Create .github/copilot-mcp.json:
{
"mcpServers": {
"database": {
"command": "node",
"args": ["./scripts/mcp-database-server.js"],
"env": {
"DATABASE_URL": "${DATABASE_URL}"
}
},
"monitoring": {
"command": "python",
"args": ["./scripts/mcp-monitoring-server.py"],
"env": {
"MONITORING_API_KEY": "${MONITORING_API_KEY}"
}
}
}
}
Example MCP Server Implementation
Here’s a simple example of a custom MCP server for accessing project metrics:
// scripts/mcp-metrics-server.js
const { MCPServer } = require('@github/mcp-sdk');
const server = new MCPServer({
name: 'project-metrics',
version: '1.0.0'
});
server.addTool({
name: 'get_build_status',
description: 'Get the current build status for the project',
handler: async () => {
// Integrate with your CI/CD system
const status = await fetchBuildStatus();
return {
status: status.state,
lastBuild: status.timestamp,
url: status.url
};
}
});
server.addTool({
name: 'get_deployment_info',
description: 'Get current deployment information',
handler: async () => {
// Integrate with your deployment system
const deployment = await fetchDeploymentInfo();
return {
environment: deployment.env,
version: deployment.version,
health: deployment.health
};
}
});
server.start();
Advanced Configuration Tips
Environment-Specific Instructions
Create different instruction sets for different environments:
.github/copilot-instructions/
├── development.md
├── staging.md
└── production.md
Team-Specific Agents
Design agents for different team roles:
### @frontend-specialist
**Team**: Frontend developers
**Focus**: React, CSS, accessibility, performance
### @backend-specialist
**Team**: Backend developers
**Focus**: APIs, databases, security, scalability
### @devops-specialist
**Team**: DevOps engineers
**Focus**: Infrastructure, deployment, monitoring
Integration with CI/CD
Add Copilot configuration validation to your CI pipeline:
# .github/workflows/copilot-config-check.yml
name: Validate Copilot Configuration
on: [push, pull_request]
jobs:
validate-config:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate Copilot Instructions
run: |
# Check for required instruction files
test -f .github/copilot-instructions.md
test -f .github/agents.md
# Validate JSON configurations
python -m json.tool .github/copilot-mcp.json
Summary and Key Takeaways
Setting up GitHub Copilot properly isn’t just about getting AI suggestions – it’s about creating a thoughtful, secure, and productive development environment. Here’s your action plan:
Immediate Actions
- Verify licensing for all team members
- Create basic custom instructions (start simple, iterate)
- Set up content exclusions to protect sensitive data
- Establish a prompts library for common tasks
Next Steps
- Define specialized agents for your team’s workflow
- Configure custom chat modes for different contexts
- Explore MCP integrations for your existing tools
- Regular review and updates of your configuration
Long-term Success
- Monitor usage patterns and adjust configurations accordingly
- Collect team feedback on what’s working and what isn’t
- Stay updated with new Copilot features and capabilities
- Share best practices across your organization
Final Pro Tip
Remember, Copilot is a tool, not a replacement for good engineering practices. Your custom instructions and configurations should reinforce your team’s values around code quality, security, and maintainability. The goal isn’t to let AI write all your code – it’s to make your team more productive while maintaining (or improving) your standards.
Now go forth and configure! Your future self (and your teammates) will thank you for taking the time to set things up properly from the start. Because nothing says “professional developer” like having an AI assistant that actually understands your codebase and follows your team’s conventions.
Happy coding, and may your AI suggestions always compile on the first try!
Additional Resources: