Add allow-unsafe-pr-checkout: true for fork PR checkouts#1275
Conversation
actions/checkout@v7 refuses to check out fork PR code from a pull_request_target workflow without this flag. This mirrors the fix applied to registration-service in codeready-toolchain/registration-service#600. Co-authored-by: Cursor <cursoragent@cursor.com>
|
WalkthroughThis PR modifies a GitHub Actions workflow file, adding the ChangesWorkflow Checkout Configuration
Estimated code review effort: 1 (Trivial) | ~3 minutes Suggested labels: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/publish-components-for-e2e-tests.yml (1)
24-31: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick winHarden the unsafe fork checkout path (.github/workflows/publish-components-for-e2e-tests.yml:24-31,46-53). This job checks out untrusted PR code and then runs the publish action with
TEST_QUAY_TOKEN; addpersist-credentials: falseto both checkout steps and an explicit least-privilegepermissions:block.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/publish-components-for-e2e-tests.yml around lines 24 - 31, The PR checkout path in the workflow is too permissive for untrusted fork code, especially before running the publish action with TEST_QUAY_TOKEN. Update both checkout steps in the workflow to set persist-credentials to false, and add an explicit permissions block on the job with the minimum GitHub token access needed for the checkout and publish steps. Use the existing checkout steps and the publish action invocation as the anchors for the change.Source: Linters/SAST tools
🧹 Nitpick comments (1)
.github/workflows/publish-components-for-e2e-tests.yml (1)
25-31: 🧹 Nitpick | 🔵 TrivialSibling repos may need the same fix.
The linked-repository research shows
member-operator,api,toolchain-common, andtoolchain-e2ehave an identicalpublish-components-for-e2e-tests.ymlworkflow usingactions/checkout@v7for fork PR checkout withoutallow-unsafe-pr-checkout, so those workflows may now be failing under the new v7 default-refusal behavior if they're triggered by fork PRs. Worth confirming whether the same fix needs to be rolled out there.Also applies to: 47-53
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/publish-components-for-e2e-tests.yml around lines 25 - 31, The fork-PR checkout in publish-components-for-e2e-tests.yml is relying on actions/checkout@v7 without the explicit unsafe checkout override, which can break when the workflow runs on pull_request_target. Update the checkout step in this workflow to keep the explicit allow-unsafe-pr-checkout setting, and verify the same pattern in the sibling publish-components-for-e2e-tests.yml workflows for member-operator, api, toolchain-common, and toolchain-e2e so they all use the same fork-checkout configuration.Source: Linked repositories
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In @.github/workflows/publish-components-for-e2e-tests.yml:
- Around line 24-31: The PR checkout path in the workflow is too permissive for
untrusted fork code, especially before running the publish action with
TEST_QUAY_TOKEN. Update both checkout steps in the workflow to set
persist-credentials to false, and add an explicit permissions block on the job
with the minimum GitHub token access needed for the checkout and publish steps.
Use the existing checkout steps and the publish action invocation as the anchors
for the change.
---
Nitpick comments:
In @.github/workflows/publish-components-for-e2e-tests.yml:
- Around line 25-31: The fork-PR checkout in
publish-components-for-e2e-tests.yml is relying on actions/checkout@v7 without
the explicit unsafe checkout override, which can break when the workflow runs on
pull_request_target. Update the checkout step in this workflow to keep the
explicit allow-unsafe-pr-checkout setting, and verify the same pattern in the
sibling publish-components-for-e2e-tests.yml workflows for member-operator, api,
toolchain-common, and toolchain-e2e so they all use the same fork-checkout
configuration.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 61e64d5a-4bd5-4cda-8880-85b9ff0caff5
📒 Files selected for processing (1)
.github/workflows/publish-components-for-e2e-tests.yml
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
codeready-toolchain/registration-service(manual)codeready-toolchain/member-operator(manual)codeready-toolchain/api(manual)codeready-toolchain/toolchain-common(manual)codeready-toolchain/host-operator(manual)codeready-toolchain/toolchain-e2e(manual)
📜 Review details
⏰ Context from checks skipped due to timeout. (2)
- GitHub Check: test
- GitHub Check: GolangCI Lint
⚠️ CI failures not shown inline (2)
GitHub Actions: publish-components-for-e2e-tests / 0_Build & push operator bundles & dashboard image for e2e tests.txt: Add allow-unsafe-pr-checkout: true for fork PR checkouts
Conclusion: failure
##[group]Run actions/checkout@v7
with:
ref: fix-actions-checkout-fork
repository: fbm3307/host-operator
fetch-depth: 0
***REDACTED***
ssh-strict: true
ssh-user: git
persist-credentials: true
clean: true
sparse-checkout-cone-mode: true
fetch-tags: false
show-progress: true
lfs: false
submodules: false
set-safe-directory: true
allow-unsafe-pr-checkout: false
env:
GOPATH: /tmp/go
##[endgroup]
##[error]Refusing to check out fork pull request code from a 'pull_request_target' workflow. This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner access. Fetching and executing a fork's code in that trusted context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' on the actions/checkout step.
GitHub Actions: publish-components-for-e2e-tests / Build & push operator bundles & dashboard image for e2e tests: Add allow-unsafe-pr-checkout: true for fork PR checkouts
Conclusion: failure
##[group]Run actions/checkout@v7
with:
ref: fix-actions-checkout-fork
repository: fbm3307/host-operator
fetch-depth: 0
***REDACTED***
ssh-strict: true
ssh-user: git
persist-credentials: true
clean: true
sparse-checkout-cone-mode: true
fetch-tags: false
show-progress: true
lfs: false
submodules: false
set-safe-directory: true
allow-unsafe-pr-checkout: false
env:
GOPATH: /tmp/go
##[endgroup]
##[error]Refusing to check out fork pull request code from a 'pull_request_target' workflow. This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner access. Fetching and executing a fork's code in that trusted context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' on the actions/checkout step.
🧰 Additional context used
🪛 zizmor (1.26.1)
.github/workflows/publish-components-for-e2e-tests.yml
[warning] 46-53: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🔀 Multi-repo context
Linked repositories findings
codeready-toolchain/registration-service
.github/workflows/publish-components-for-e2e-tests.yml:25-31,47-53already usesactions/checkout@v7withallow-unsafe-pr-checkout: trueon both PR checkout paths.- This is the same pattern as the PR change, so it looks like an existing repo-level precedent.
codeready-toolchain/member-operator
.github/workflows/publish-components-for-e2e-tests.yml:25-29,46-49usesactions/checkout@v7forpull_request_targetandissue_commentcheckouts, but the shell search did not showallow-unsafe-pr-checkoutin this repo output.- If this workflow is still intended to support fork PRs, it may hit the same
actions/checkout@v7restriction.
codeready-toolchain/api
.github/workflows/publish-components-for-e2e-tests.yml:25-29,46-49also usesactions/checkout@v7in the same PR/issue-comment flow, with noallow-unsafe-pr-checkoutshown in the search results.- Similar potential exposure to the same checkout behavior.
codeready-toolchain/toolchain-common
.github/workflows/publish-components-for-e2e-tests.yml:25-29,46-49matches the same pattern and likewise showed noallow-unsafe-pr-checkoutin the search results.- Same potential fork-PR checkout issue.
codeready-toolchain/toolchain-e2e
.github/workflows/publish-components-for-e2e-tests.yml:28-29,48-49usesactions/checkout@v7in the same event-driven flow, with noallow-unsafe-pr-checkoutshown.- This repo appears to share the same workflow shape and may need the same fix if it is used for fork PRs.
|
@fbm3307: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fbm3307, MatousJobanek The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1f40f9c
into
codeready-toolchain:master



actions/checkout@v7 refuses to check out fork PR code from a pull_request_target workflow without this flag. This mirrors the fix applied to registration-service in codeready-toolchain/registration-service#600.
Summary by CodeRabbit