Merge pull request #3 from e271828-/codex/security-gha-pr-token-exfil

Harden external-PR workflows and restrict command triggers

Author: e271828-

.github/workflows/e2e-external-phase-1.yml

@@ -10,7 +10,9 @@ jobs:
     # If reviewed by a repo(/org) owner
     if: |
       github.event.pull_request.author_association != 'MEMBER'
-      && github.event.review.author_association == 'MEMBER'
+      && (
+        contains(fromJson('["OWNER", "MEMBER"]'), github.event.review.author_association)
+      )
       && github.event.review.state == 'approved'
       && contains(github.event.review.body, '/e2e')
     runs-on: ubuntu-latest

.github/workflows/e2e-external-phase-2.yml

@@ -83,10 +83,6 @@ jobs:
 
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          # Important: use the commit that was reviewed. GitHub is making sure
-          # that this is race-condition-proof
-          ref: ${{ steps.extract_commit.outputs.COMMIT_ID }}
 
       - name: Install uv
         uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5.4.1

.github/workflows/e2e-private-link-in-pr.yml

@@ -10,6 +10,9 @@ jobs:
     if: |
       github.event.issue.pull_request
       && contains(github.event.comment.body, '/invite')
+      && (
+        contains(fromJson('["OWNER", "MEMBER"]'), github.event.comment.author_association)
+      )
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -42,6 +45,9 @@ jobs:
     if: |
       github.event.issue.pull_request
       && contains(github.event.comment.body, '/invite')
+      && (
+        contains(fromJson('["OWNER", "MEMBER"]'), github.event.comment.author_association)
+      )
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write