summaryrefslogtreecommitdiff
path: root/.github/workflows
diff options
context:
space:
mode:
authorYuriy Andamasov <yuriy@vyos.io>2026-05-10 22:08:48 +0300
committerYuriy Andamasov <yuriy@vyos.io>2026-05-10 22:08:48 +0300
commitedd903dcb59ab2669f7a96d74c118c897849dd92 (patch)
treee5f403e2436e0a83210a9375a63c26288802736f /.github/workflows
parent678ba25dfdcdf31221bb333fb1b77deb24a4b71d (diff)
downloadvyos-documentation-edd903dcb59ab2669f7a96d74c118c897849dd92.tar.gz
vyos-documentation-edd903dcb59ab2669f7a96d74c118c897849dd92.zip
fix(ci): address Copilot review on PR #1947
Three Copilot findings on the AI Validation workflow: 1. line 46 (cp loop on deleted files): `git diff --name-only` with no filter includes Deleted entries, so the subsequent `xargs -0 ... cp --parents` would fail when a PR deletes (or renames) a `.md`/`.rst` file. Added `--diff-filter=ACMRT` to both name-only diffs so deletions are excluded from the cp source list. Deletions still appear in diff-md.patch (which uses the unfiltered full diff) so Pass 1's --pr-diff input still sees them via the patch hunk. 2. line 103 (reviewer sparse-checkout): The App token was being persisted into reviewer/.git/config as an http extraheader by default. The Pass 2 claude-code-action step has Read/Glob/Grep allowed, so a prompt-injection attempt could exfiltrate the token from the workspace. Added `persist-credentials: false`. The sparse-checkout fetched only branches.json which is a one-shot read, no further git ops needed in this job. 3. line 127 (vyos-1x checkout): Same persist-credentials concern. The vyos-1x clone is read by claude-code-action for Pass 2 source inspection — exactly the step where filesystem read tools are exposed to LLM-driven shell behavior. Added `persist-credentials: false`. The vyos-1x tree is only read after this checkout (`Read,Glob,Grep` over `.vyos-1x/`); we don't run any git commands against it that would need the token. Suppressed-by-Copilot finding (line 64, id-token: write): Pushback. claude-code-action@v1 uses OIDC internally (verified by commit b18a399c on the previously-deployed workflow). Removing this permission breaks the action. Keeping as-is. 🤖 Generated by [robots](https://vyos.io)
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/ai-validation.yml18
1 files changed, 16 insertions, 2 deletions
diff --git a/.github/workflows/ai-validation.yml b/.github/workflows/ai-validation.yml
index 2f13a642..f4a0997a 100644
--- a/.github/workflows/ai-validation.yml
+++ b/.github/workflows/ai-validation.yml
@@ -34,8 +34,12 @@ jobs:
set -euo pipefail
git fetch --depth=1 origin "${{ github.event.pull_request.base.ref }}"
BASE="origin/${{ github.event.pull_request.base.ref }}"
- git diff "$BASE...HEAD" --name-only -z -- 'docs/**/*.md' > changed-md.z
- git diff "$BASE...HEAD" --name-only -z -- 'docs/**/*.rst' > changed-rst.z
+ # --diff-filter=ACMRT excludes Deleted entries so the cp loop below
+ # doesn't try to copy files that no longer exist in the merge ref.
+ # Deletions still appear in diff-md.patch (full diff) but not in
+ # changed-md.txt (which drives the file-copy step).
+ git diff "$BASE...HEAD" --name-only --diff-filter=ACMRT -z -- 'docs/**/*.md' > changed-md.z
+ git diff "$BASE...HEAD" --name-only --diff-filter=ACMRT -z -- 'docs/**/*.rst' > changed-rst.z
tr '\0' '\n' < changed-md.z > changed-md.txt
tr '\0' '\n' < changed-rst.z > changed-rst.txt
git diff "$BASE...HEAD" -- 'docs/**/*.md' > diff-md.patch
@@ -98,6 +102,12 @@ jobs:
repository: VyOS-Networks/vyos-docs-opus-reviewer
ref: ${{ env.REVIEWER_REF }}
token: ${{ steps.app.outputs.token }}
+ # persist-credentials:false stops actions/checkout from writing the
+ # App token into reviewer/.git/config as an http extraheader. Without
+ # this the token would be readable from the workspace by the Pass 2
+ # claude-code-action step (which has Read/Glob/Grep allowed), so a
+ # prompt-injection attempt could exfiltrate it.
+ persist-credentials: false
path: reviewer
sparse-checkout: |
branches.json
@@ -125,6 +135,10 @@ jobs:
path: .vyos-1x
fetch-depth: 1
token: ${{ steps.app.outputs.token }}
+ # Same rationale as the reviewer sparse-checkout above: prevent the
+ # App token from being readable in .vyos-1x/.git/config by the
+ # claude-code-action Pass 2 step.
+ persist-credentials: false
- name: Download reference DB (best-effort)
if: steps.secrets-check.outputs.skip != 'true'