[no-ci] CI: stop trusting public read permission in restricted paths guard#2105
Conversation
…guard Use the live pull request API for author association and treat collaborator read permission as untrusted because public repositories report read access for any GitHub user.
This commit is for testing the collaborator permission check and must be reverted before merge: 1. Changes trigger from pull_request_target to pull_request so this branch's workflow definition runs instead of main's. 2. Adds a dummy change to cuda_bindings/pyproject.toml to trigger the restricted-paths detection. REVERT THIS COMMIT BEFORE MERGE. Made-with: Cursor
rwgk
added
bug
github-actions
Bot
added
the
cuda.bindings
leofang
left a comment
leofang
left a comment
There was a problem hiding this comment.
Trust model tightening looks correct and well-reasoned. Walked through the key edge cases (org MEMBER with read-only perm, outside COLLABORATOR with write, FIRST_TIME_CONTRIBUTOR) — all handled properly by the two-tier check. One minor inline note, otherwise LGTM.
|
Thanks @leofang! |
|
Tested via this dummy PR: The workflow worked as intended: Copy-pasting the Summary view: Restricted Paths Guard Completed Author: rwgkunplugged Author association: NONE Collaborator permission: read Touches restricted paths: true Restricted paths: cuda_bindings/, cuda_python/ Trusted signals: (none) Label action: added Comment action: posted Matched restricted paths: cuda_bindings/pyproject.toml Manual follow-up: No trusted signal was found, so Needs-Restricted-Paths-Review is required. |
This comment has been minimized.
This comment has been minimized.
1 similar comment
|
2 participants
Reference: #2104
Summary
This PR fixes the restricted-paths guard trust check so public repository
readpermission is no longer treated as a collaborator/trust signal.The guard now:
author_associationon restricted-path PRsMEMBERandOWNERauthor associationstriage,write,maintain, andadminreadas untrusted, because public repositories can reportreadfor any GitHub userBackground
Earlier versions of
restricted-paths-guard.ymlusedgithub.event.pull_request.author_associationfrom the workflow event payload. That value turned out to be stale or unreliable for some fork PRs, so PR #1930 switched the workflow to the collaborator permission API.PR #2010 later expanded the trusted collaborator permissions to include
read, after seeing a false positive for an internal/collaborator author whose permission was reported asread.Issue #2104 captures the follow-up discovery: on a public repository, the collaborator permission API can return
readfor users who are not repository collaborators. For example, a first-time external contributor can get effectivereadaccess simply because the repository is public.This PR keeps the useful part of the previous workaround, but tightens the trust model:
author_associationis queried fromGET /repos/{owner}/{repo}/pulls/{pull_number}instead of using the event payloadreadfromGET /repos/{owner}/{repo}/collaborators/{username}/permissionis no longer trustedTesting via reverted temporary commits