From a42f052c0b0413257910e89645a71ade56e648e3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 21 Feb 2026 04:40:48 +0000 Subject: [PATCH 1/2] Exclude pr-review-fork from dogfood sync Add pr-review-fork to excluded workflows and clarify skipped workflows require manual sync. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- scripts/dogfood.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/dogfood.sh b/scripts/dogfood.sh index 725b91c4..336e6df9 100755 --- a/scripts/dogfood.sh +++ b/scripts/dogfood.sh @@ -20,6 +20,7 @@ cd "$REPO_ROOT" EXCLUDED_WORKFLOWS=( "flaky-test-triage" "issue-triage-pr" + "pr-review-fork" ) echo "Syncing workflow files..." @@ -36,7 +37,7 @@ for f in gh-agent-workflows/*/example.yml; do done if [[ "$skip" == "true" ]]; then rm -f ".github/workflows/trigger-$dir.yml" - echo " ✗ gh-agent-workflows/$dir/example.yml (excluded)" + echo " ✗ gh-agent-workflows/$dir/example.yml (excluded — manual sync required)" continue fi sed 's|uses: elastic/ai-github-actions/\(.*\)@v0|uses: ./\1|; s|^name: |name: Trigger |' "$f" \ From 635f488aaaf5700b84779c608439697a80158a60 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Fri, 20 Feb 2026 22:51:56 -0600 Subject: [PATCH 2/2] Exclude pr-review-fork from dogfood sync and remove active workflow (#309) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: strawgate <6384545+strawgate@users.noreply.github.com> --- .github/workflows/trigger-pr-review-fork.yml | 39 -------------------- 1 file changed, 39 deletions(-) delete mode 100644 .github/workflows/trigger-pr-review-fork.yml diff --git a/.github/workflows/trigger-pr-review-fork.yml b/.github/workflows/trigger-pr-review-fork.yml deleted file mode 100644 index df366198..00000000 --- a/.github/workflows/trigger-pr-review-fork.yml +++ /dev/null @@ -1,39 +0,0 @@ -# ⚠️ SECURITY WARNING — READ BEFORE USING -# -# This workflow uses the `pull_request_target` trigger so that it runs in the -# context of the *base* repository and has access to repository secrets. -# That makes it work for pull requests from forks, which do NOT have access -# to secrets when triggered by the standard `pull_request` event. -# -# RISKS ON PUBLIC REPOSITORIES -# • `pull_request_target` grants access to secrets even for untrusted forks. -# • If you add `setup-commands` that execute code from the pull request, a -# malicious fork could exfiltrate your secrets. -# • The agent itself does NOT check out PR code — it reads the diff via the -# GitHub API — so it is safe in the default configuration. Any change to -# `setup-commands` that runs fork code breaks that guarantee. -# -# RECOMMENDATION -# • Only use this trigger on PRIVATE repositories, or on public repositories -# where every contributor is explicitly trusted. -# • Never pass `setup-commands` that check out or execute code from the PR. -# • Prefer the standard `pull_request` trigger (pr-review/example.yml) for -# public repositories. -name: Trigger PR Review (Fork) -on: - pull_request_target: - types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled] - -permissions: - contents: read - issues: read - pull-requests: write - -jobs: - run: - if: >- - github.event.pull_request.draft == false && - !contains(github.event.pull_request.labels.*.name, 'skip-auto-pr-review') - uses: ./.github/workflows/gh-aw-pr-review.lock.yml - secrets: - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}