Drop trusted-script snapshot; run scripts directly from main checkout

Author: trask

.github/scripts/pr-triage/README.md

@@ -23,10 +23,10 @@ Invariants (see the comments at the top of each entry-point file):
   from a malicious PR build script.
 * `copilot-worker` must never invoke `./gradlew` or any other PR-controlled
   build tooling. PR build files would otherwise see `COPILOT_GITHUB_TOKEN`.
-* `poster` runs only trusted code snapshotted from the default branch
-  (`$RUNNER_TEMP/pr-triage-trusted`). It never executes anything from the
-  PR working tree, so `gh pr checkout` is safe even though the otelbot
-  token is in scope.
+* `poster` runs only trusted code from the default-branch checkout in
+  `$GITHUB_WORKSPACE`. It never executes anything from the PR working
+  tree, so it is safe to handle the otelbot token even though it
+  applies a bundle produced by a worker job.
 * `/fix` hands off between the two workers via a CI bundle written to
   `out_dir/ci-bundle/` plus a `needs-copilot.txt` marker. The
   copilot-worker downloads that artifact and runs Copilot on the bundle;

.github/workflows/pr-triage-comments.yml

@@ -58,11 +58,6 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Snapshot trusted PR triage scripts
-        run: |
-          mkdir -p "$RUNNER_TEMP/pr-triage-trusted"
-          cp -r .github/scripts/pr-triage/. "$RUNNER_TEMP/pr-triage-trusted/"
-
       - name: Check out PR into a separate directory
         env:
           GH_TOKEN: ${{ github.token }}
@@ -105,7 +100,7 @@ jobs:
           # always succeed even when the worker fails before writing any
           # outputs of its own.
           touch "$RUNNER_TEMP/work/.placeholder"
-          python3 "$RUNNER_TEMP/pr-triage-trusted/worker_gradle.py" --out-dir "$RUNNER_TEMP/work"
+          python3 .github/scripts/pr-triage/worker_gradle.py --out-dir "$RUNNER_TEMP/work"
 
       - name: Upload gradle work bundle
         if: always()
@@ -137,11 +132,6 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Snapshot trusted PR triage scripts
-        run: |
-          mkdir -p "$RUNNER_TEMP/pr-triage-trusted"
-          cp -r .github/scripts/pr-triage/. "$RUNNER_TEMP/pr-triage-trusted/"
-
       - name: Check out PR into a separate directory
         env:
           GH_TOKEN: ${{ github.token }}
@@ -182,7 +172,7 @@ jobs:
           # The script operates on the PR tree at $PR_TRIAGE_REPO_ROOT.
           mkdir -p "$RUNNER_TEMP/work"
           touch "$RUNNER_TEMP/work/.placeholder"
-          python3 "$RUNNER_TEMP/pr-triage-trusted/worker_copilot.py" --out-dir "$RUNNER_TEMP/work"
+          python3 .github/scripts/pr-triage/worker_copilot.py --out-dir "$RUNNER_TEMP/work"
 
       - name: Run copilot-phase worker (fix)
         if: needs.authorize-command.outputs.command == 'fix'
@@ -195,7 +185,7 @@ jobs:
           # The script operates on the PR tree at $PR_TRIAGE_REPO_ROOT.
           mkdir -p "$RUNNER_TEMP/work"
           touch "$RUNNER_TEMP/work/.placeholder"
-          python3 "$RUNNER_TEMP/pr-triage-trusted/worker_copilot.py" \
+          python3 .github/scripts/pr-triage/worker_copilot.py \
             --out-dir "$RUNNER_TEMP/work" \
             --in-dir "$RUNNER_TEMP/gradle-in"
 
@@ -228,11 +218,6 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Snapshot trusted PR triage scripts
-        run: |
-          mkdir -p "$RUNNER_TEMP/pr-triage-trusted"
-          cp -r .github/scripts/pr-triage/. "$RUNNER_TEMP/pr-triage-trusted/"
-
       - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         id: otelbot-token
         with:
@@ -262,4 +247,4 @@ jobs:
         env:
           GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
           PR_TRIAGE_REPO_ROOT: ${{ github.workspace }}
-        run: python3 "$RUNNER_TEMP/pr-triage-trusted/poster.py" --in-dir "$RUNNER_TEMP/work"
+        run: python3 .github/scripts/pr-triage/poster.py --in-dir "$RUNNER_TEMP/work"