-
Notifications
You must be signed in to change notification settings - Fork 3
feat: PR security checks — suspicious paths, committer identity, auto-merge override #1109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
3433fb8
feat: PR security checks — suspicious paths, committer identity, auto…
myakove 8b8bc6f
feat: add mandatory security checks, /security-override command, requ…
myakove a7ff7aa
fix: address Qodo findings
myakove 8c51a3a
fix: expand auto-merge override, add config sanitization tests, docum…
myakove 3b59b06
fix: re-raise CancelledError in disable_automerge, validate mandatory…
myakove af567d4
fix: respect security-override label in auto-merge override
myakove 539802c
fix: avoid 'token' keyword in log message triggering sensitive data mask
myakove 3e20b25
refactor: replace security-override label with check run pass, restor…
myakove 79077a3
fix: use latest check run to prevent override bypass via stale checks
myakove cfb4653
fix: prevent stuck security checks and auto-merge comment spam
myakove 6a561c5
refactor: merge duplicate override output dicts in issue_comment_handler
myakove b4d7199
fix: validate security_mandatory as boolean and check comment author …
myakove 80dddd8
fix: use all API users for auto-merge comment dedup to handle token r…
myakove b276a46
Merge branch 'main' into feat/issue-1106-pr-security-checks
myakove 4ac55ae
fix: validate committer-identity-check boolean + guard security-overr…
myakove File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.