diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-10 22:08:48 +0300 |
|---|---|---|
| committer | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-10 22:08:48 +0300 |
| commit | edd903dcb59ab2669f7a96d74c118c897849dd92 (patch) | |
| tree | e5f403e2436e0a83210a9375a63c26288802736f /.github/workflows | |
| parent | 678ba25dfdcdf31221bb333fb1b77deb24a4b71d (diff) | |
| download | vyos-documentation-edd903dcb59ab2669f7a96d74c118c897849dd92.tar.gz vyos-documentation-edd903dcb59ab2669f7a96d74c118c897849dd92.zip | |
fix(ci): address Copilot review on PR #1947
Three Copilot findings on the AI Validation workflow:
1. line 46 (cp loop on deleted files):
`git diff --name-only` with no filter includes Deleted entries, so
the subsequent `xargs -0 ... cp --parents` would fail when a PR
deletes (or renames) a `.md`/`.rst` file. Added
`--diff-filter=ACMRT` to both name-only diffs so deletions are
excluded from the cp source list. Deletions still appear in
diff-md.patch (which uses the unfiltered full diff) so Pass 1's
--pr-diff input still sees them via the patch hunk.
2. line 103 (reviewer sparse-checkout):
The App token was being persisted into reviewer/.git/config as
an http extraheader by default. The Pass 2 claude-code-action
step has Read/Glob/Grep allowed, so a prompt-injection attempt
could exfiltrate the token from the workspace. Added
`persist-credentials: false`. The sparse-checkout fetched only
branches.json which is a one-shot read, no further git ops
needed in this job.
3. line 127 (vyos-1x checkout):
Same persist-credentials concern. The vyos-1x clone is read by
claude-code-action for Pass 2 source inspection — exactly the
step where filesystem read tools are exposed to LLM-driven
shell behavior. Added `persist-credentials: false`. The vyos-1x
tree is only read after this checkout (`Read,Glob,Grep` over
`.vyos-1x/`); we don't run any git commands against it that
would need the token.
Suppressed-by-Copilot finding (line 64, id-token: write):
Pushback. claude-code-action@v1 uses OIDC internally (verified by
commit b18a399c on the previously-deployed workflow). Removing
this permission breaks the action. Keeping as-is.
🤖 Generated by [robots](https://vyos.io)
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/ai-validation.yml | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/.github/workflows/ai-validation.yml b/.github/workflows/ai-validation.yml index 2f13a642..f4a0997a 100644 --- a/.github/workflows/ai-validation.yml +++ b/.github/workflows/ai-validation.yml @@ -34,8 +34,12 @@ jobs: set -euo pipefail git fetch --depth=1 origin "${{ github.event.pull_request.base.ref }}" BASE="origin/${{ github.event.pull_request.base.ref }}" - git diff "$BASE...HEAD" --name-only -z -- 'docs/**/*.md' > changed-md.z - git diff "$BASE...HEAD" --name-only -z -- 'docs/**/*.rst' > changed-rst.z + # --diff-filter=ACMRT excludes Deleted entries so the cp loop below + # doesn't try to copy files that no longer exist in the merge ref. + # Deletions still appear in diff-md.patch (full diff) but not in + # changed-md.txt (which drives the file-copy step). + git diff "$BASE...HEAD" --name-only --diff-filter=ACMRT -z -- 'docs/**/*.md' > changed-md.z + git diff "$BASE...HEAD" --name-only --diff-filter=ACMRT -z -- 'docs/**/*.rst' > changed-rst.z tr '\0' '\n' < changed-md.z > changed-md.txt tr '\0' '\n' < changed-rst.z > changed-rst.txt git diff "$BASE...HEAD" -- 'docs/**/*.md' > diff-md.patch @@ -98,6 +102,12 @@ jobs: repository: VyOS-Networks/vyos-docs-opus-reviewer ref: ${{ env.REVIEWER_REF }} token: ${{ steps.app.outputs.token }} + # persist-credentials:false stops actions/checkout from writing the + # App token into reviewer/.git/config as an http extraheader. Without + # this the token would be readable from the workspace by the Pass 2 + # claude-code-action step (which has Read/Glob/Grep allowed), so a + # prompt-injection attempt could exfiltrate it. + persist-credentials: false path: reviewer sparse-checkout: | branches.json @@ -125,6 +135,10 @@ jobs: path: .vyos-1x fetch-depth: 1 token: ${{ steps.app.outputs.token }} + # Same rationale as the reviewer sparse-checkout above: prevent the + # App token from being readable in .vyos-1x/.git/config by the + # claude-code-action Pass 2 step. + persist-credentials: false - name: Download reference DB (best-effort) if: steps.secrets-check.outputs.skip != 'true' |
