Harden respond-to-comment.yml against fork PRs

hongyi-chen · oz-agent · hongyi-chen · commit 14107d6cd3a2 · 2026-05-01T14:20:17.000-07:00
Adds a fork-guard step before checkout/agent/push, and pins warpdotdev/oz-agent-action from the floating @v1 tag to a commit SHA in both workflows. Co-Authored-By: Oz <oz-agent@warp.dev>
diff --git a/.github/workflows/respond-to-comment.yml b/.github/workflows/respond-to-comment.yml
@@ -21,6 +21,50 @@ jobs:
       pull-requests: write
       issues: write
     steps:
+      - name: Check PR is not from a fork
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            const { owner, repo } = context.repo;
+            const prNumber = context.payload.issue?.number
+              ?? context.payload.pull_request?.number;
+            if (!prNumber) {
+              core.setFailed('Could not determine PR number from event payload.');
+              return;
+            }
+
+            const { data: pr } = await github.rest.pulls.get({
+              owner,
+              repo,
+              pull_number: prNumber,
+            });
+
+            const headRepo = pr.head?.repo?.full_name;
+            const upstream = `${owner}/${repo}`;
+            if (headRepo !== upstream) {
+              const author = context.payload.comment.user.login;
+              const body = `@${author}: Sorry, I can't run on pull requests from forks for security reasons (this PR's head is \`${headRepo ?? 'unknown'}\`). A maintainer can re-open this as a branch on \`${upstream}\` and I'll be happy to help there.`;
+
+              if (context.eventName === 'pull_request_review_comment') {
+                await github.rest.pulls.createReplyForReviewComment({
+                  owner,
+                  repo,
+                  pull_number: prNumber,
+                  comment_id: context.payload.comment.id,
+                  body,
+                });
+              } else {
+                await github.rest.issues.createComment({
+                  owner,
+                  repo,
+                  issue_number: prNumber,
+                  body,
+                });
+              }
+
+              core.setFailed(`Refusing to run on fork PR (head repo: ${headRepo ?? 'unknown'}).`);
+            }
       - name: Check author permissions
         uses: actions/github-script@v7
         with:
@@ -145,7 +189,7 @@ jobs:
 
             core.setOutput('prompt', prompt);
       - name: Run Oz Agent
-        uses: warpdotdev/oz-agent-action@v1
+        uses: warpdotdev/oz-agent-action@ce1621abf6a8ed8afdd4e4cc994545ede8fe1c6f # v1.0.12
         env:
           GH_TOKEN: ${{ github.token }}
         id: agent
diff --git a/.github/workflows/review-pr.yml b/.github/workflows/review-pr.yml
@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Review PR with Oz agent
-        uses: warpdotdev/oz-agent-action@v1
+        uses: warpdotdev/oz-agent-action@ce1621abf6a8ed8afdd4e4cc994545ede8fe1c6f # v1.0.12
         env:
           GH_TOKEN: ${{ github.token }}
         with:
