diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-11 11:40:25 +0300 |
|---|---|---|
| committer | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-11 11:40:25 +0300 |
| commit | c1d3149b53a7805d9d3c912ccba66a30688f82ad (patch) | |
| tree | 83a069defa51813e07ca3b6b4dd029df0aeaf451 /.github | |
| parent | 65a00dfcf8742a50f18f29fb674d3ebbd7e0cc7c (diff) | |
| download | vyos-documentation-c1d3149b53a7805d9d3c912ccba66a30688f82ad.tar.gz vyos-documentation-c1d3149b53a7805d9d3c912ccba66a30688f82ad.zip | |
ci(ai-validation): checkout PR merge ref in validate (claude-code-action needs git workspace)
Smoke verify on PR #1977 (run 25659408343 after github_token fix
landed) reached Pass 2 with valid auth but failed at action setup:
fatal: could not open `docs/quick-start.md` for reading: No such
file or directory
fatal: not a git repository (or any of the parent directories): .git
Action failed with error: Command failed:
git fetch origin --depth=20 yuriy/docs-smoke-test-quickstart
The action expects to run inside a git checkout of the PR's repo so
it can `git fetch <head-ref>` and read changed files from the working
directory. Our split-job design checks out vyos-1x, reviewer-src, and
the reviewer-config sparse-checkout into named subdirs but leaves the
workspace root empty (we only have _changed_md/ via artifact download).
Add `actions/checkout` of `refs/pull/<n>/merge` as the FIRST step in
validate. Subsequent steps that create named subdirs (_changed_md/,
.vyos-1x/, reviewer-src/, reviewer/, .reference-db/) coexist with the
docs/scripts/.github content checked out here — no path collisions.
Trust model unchanged:
* persist-credentials: false (no token in fork-content .git/config)
* No shell step executes fork code (no pip/npm/make against the
workspace; Pass 1 runs the trusted reviewer CLI; Pass 2 only uses
allowlisted Read/Glob/Grep/mcp__github_inline_comment + Bash
restricted to `gh pr comment|diff|view`)
* The prepare job continues to provide the canonical bundled
changed-md set via the pr-input artifact; validate now ALSO has
the full PR tree available for cross-reference reads
Mirrored byte-identically across rolling/circinus/sagitta + canonical
follow-up.
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/ai-validation.yml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/.github/workflows/ai-validation.yml b/.github/workflows/ai-validation.yml index 1f810250..fb57543b 100644 --- a/.github/workflows/ai-validation.yml +++ b/.github/workflows/ai-validation.yml @@ -216,6 +216,34 @@ jobs: # by run 25658256103 on PR #1977. id-token: write steps: + # Check out the PR's merge ref into the workspace root. Required by + # anthropics/claude-code-action@v1: the action runs + # `git fetch origin <head-ref>` and reads files like + # `docs/<changed>.md` directly from the working dir during its + # setup. Without this checkout it fails with `fatal: not a git + # repository` + `could not open <file>`. + # + # Trust boundary preserved: + # - persist-credentials: false → no token in fork-content + # .git/config (so fork-controlled file contents that the + # LLM tool calls might read can't exfiltrate a token) + # - No shell step in validate executes fork code (no + # `pip install` / `npm install` / `make` against the + # workspace; Pass 1 runs the trusted reviewer CLI from + # reviewer-src/; Pass 2's allowlisted tools are Read / + # Glob / Grep / mcp__github_inline_comment + Bash + # restricted to `gh pr comment|diff|view`). + # - Subsequent steps create their own subdirs (_changed_md/ + # via artifact download, .vyos-1x/, reviewer-src/, reviewer/, + # .reference-db/) which coexist with the docs/scripts/.github + # content checked out here. + - name: Checkout PR merge ref into workspace (NO credentials) + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: refs/pull/${{ github.event.number }}/merge + persist-credentials: false + fetch-depth: 2 + # Pass secrets via env: rather than inlining ${{ secrets.X }} into the # shell script. GitHub Actions template-expands ${{ ... }} BEFORE bash # parses the script, so a secret containing a single quote, backtick, |
