Skip to content

Commit 25246ab

Browse files
authored
Harden Claude workflow permission gate (#190)
1 parent 27315f6 commit 25246ab

1 file changed

Lines changed: 92 additions & 1 deletion

File tree

.github/workflows/claude.yml

Lines changed: 92 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,104 @@ on:
1111
types: [submitted]
1212

1313
jobs:
14-
claude:
14+
authorize_claude_actor:
1515
if: |
1616
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
1717
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
1818
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
1919
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
2020
runs-on: ubuntu-latest
21+
permissions:
22+
contents: read
23+
outputs:
24+
authorized: ${{ steps.permission-gate.outputs.authorized }}
25+
steps:
26+
- name: Verify actor can run Claude
27+
id: permission-gate
28+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
29+
with:
30+
script: |
31+
const owner = context.repo.owner;
32+
const repo = context.repo.repo;
33+
const permissionByLogin = new Map();
34+
35+
function claudeRequester() {
36+
if (
37+
context.eventName === 'issue_comment' ||
38+
context.eventName === 'pull_request_review_comment'
39+
) {
40+
return context.payload.comment?.user?.login;
41+
}
42+
43+
if (context.eventName === 'pull_request_review') {
44+
return context.payload.review?.user?.login;
45+
}
46+
47+
if (context.eventName === 'issues') {
48+
return context.payload.issue?.user?.login;
49+
}
50+
51+
return null;
52+
}
53+
54+
async function hasWriteAccessFor(username) {
55+
if (!username) {
56+
return false;
57+
}
58+
59+
if (permissionByLogin.has(username)) {
60+
return permissionByLogin.get(username);
61+
}
62+
63+
let hasWriteAccess = false;
64+
try {
65+
const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
66+
owner,
67+
repo,
68+
username
69+
});
70+
hasWriteAccess = ['admin', 'write'].includes(permission.permission);
71+
} catch (error) {
72+
core.warning(
73+
`Unable to verify ${username} write permission for Claude; ` +
74+
`treating the Claude request as untrusted: ${error.message || error}`
75+
);
76+
}
77+
78+
permissionByLogin.set(username, hasWriteAccess);
79+
return hasWriteAccess;
80+
}
81+
82+
const actor = context.actor;
83+
const requester = claudeRequester();
84+
85+
if (!requester) {
86+
core.setOutput('authorized', 'false');
87+
core.setFailed('Unable to run Claude because the requester could not be determined.');
88+
return;
89+
}
90+
91+
if (!(await hasWriteAccessFor(actor))) {
92+
core.setOutput('authorized', 'false');
93+
core.setFailed(`Unable to run Claude because ${actor} does not have write/admin repository permission.`);
94+
return;
95+
}
96+
97+
if (!(await hasWriteAccessFor(requester))) {
98+
core.setOutput('authorized', 'false');
99+
core.setFailed(
100+
`Unable to run Claude because requester ${requester} does not have write/admin repository permission.`
101+
);
102+
return;
103+
}
104+
105+
core.setOutput('authorized', 'true');
106+
core.info(`Authorized ${actor} and Claude requester ${requester} to run Claude.`);
107+
108+
claude:
109+
needs: authorize_claude_actor
110+
if: needs.authorize_claude_actor.outputs.authorized == 'true'
111+
runs-on: ubuntu-latest
21112
permissions:
22113
contents: read
23114
pull-requests: write

0 commit comments

Comments
 (0)