From a1e9d109e5537dcad35bda2c557a49af85caf0a3 Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Thu, 25 Jun 2026 21:49:23 -0400 Subject: [PATCH] security: add job-level if-guard to example stubs (gate comment trigger by actor) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per a Gadfly self-review finding (kimi-k2.7-code): an issue_comment can start a secret-bearing run before the in-container allowed-users check. Add a workflow if: that only lets trusted actors trigger via comment (PR/dispatch already trusted); keep GADFLY_ALLOWED_USERS as the belt-and-suspenders layer. README documents it + the default-branch caveat for comment triggers. (Docs/examples only — paths-ignored, no image rebuild.) Co-Authored-By: Claude Opus 4.8 (1M context) EOF --- README.md | 11 +++++++++++ examples/adversarial-review.yml | 7 +++++++ examples/endpoint-aliases.yml | 7 +++++++ examples/local-ollama.yml | 7 +++++++ examples/openai-compatible.yml | 7 +++++++ 5 files changed, 39 insertions(+) diff --git a/README.md b/README.md index ba0a5bc..2658ab3 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,17 @@ A model's provider is the spec's first segment (`m1pro/…` → `m1pro`), or `GA (Pushing new commits does *not* auto-re-review — comment `@gadfly review` after pushing fixes. This keeps usage down.) +> **Comment trigger needs the workflow on your default branch.** Gitea runs `issue_comment` +> workflows from the **default branch**, so `@gadfly review` only works once this stub is +> merged to `main` (the `pull_request` auto-trigger works from the PR branch immediately). +> +> **Security:** the example stubs gate the comment trigger with a job-level +> `if: github.event_name != 'issue_comment' || github.actor == ''` so an untrusted +> commenter can't start a secret-bearing run — edit it to your maintainers and keep it in +> sync with `GADFLY_ALLOWED_USERS` (the in-container check). `@gadfly review` is plain-text +> matched (configurable via `GADFLY_TRIGGER_PHRASE`), so no bot account is required; comments +> post as `gitea-actions`. + ## How it's packaged ``` diff --git a/examples/adversarial-review.yml b/examples/adversarial-review.yml index f03674f..ed488bd 100644 --- a/examples/adversarial-review.yml +++ b/examples/adversarial-review.yml @@ -33,6 +33,13 @@ concurrency: jobs: review: + # Security: only trusted users may trigger a secret-bearing run via a PR + # comment (pull_request + workflow_dispatch are already trusted). Replace the + # username(s) below with your maintainers — keep them in sync with + # GADFLY_ALLOWED_USERS (the in-container belt-and-suspenders check). + if: >- + github.event_name != 'issue_comment' + || github.actor == 'your-username' runs-on: ubuntu-latest timeout-minutes: 30 steps: diff --git a/examples/endpoint-aliases.yml b/examples/endpoint-aliases.yml index 62bc09f..a1eba46 100644 --- a/examples/endpoint-aliases.yml +++ b/examples/endpoint-aliases.yml @@ -32,6 +32,13 @@ concurrency: jobs: review: + # Security: only trusted users may trigger a secret-bearing run via a PR + # comment (pull_request + workflow_dispatch are already trusted). Replace the + # username(s) below with your maintainers — keep them in sync with + # GADFLY_ALLOWED_USERS (the in-container belt-and-suspenders check). + if: >- + github.event_name != 'issue_comment' + || github.actor == 'your-username' runs-on: ubuntu-latest timeout-minutes: 30 steps: diff --git a/examples/local-ollama.yml b/examples/local-ollama.yml index 42c5818..20712a9 100644 --- a/examples/local-ollama.yml +++ b/examples/local-ollama.yml @@ -28,6 +28,13 @@ concurrency: jobs: review: + # Security: only trusted users may trigger a secret-bearing run via a PR + # comment (pull_request + workflow_dispatch are already trusted). Replace the + # username(s) below with your maintainers — keep them in sync with + # GADFLY_ALLOWED_USERS (the in-container belt-and-suspenders check). + if: >- + github.event_name != 'issue_comment' + || github.actor == 'your-username' runs-on: ubuntu-latest timeout-minutes: 30 steps: diff --git a/examples/openai-compatible.yml b/examples/openai-compatible.yml index b2a6d82..3217458 100644 --- a/examples/openai-compatible.yml +++ b/examples/openai-compatible.yml @@ -30,6 +30,13 @@ concurrency: jobs: review: + # Security: only trusted users may trigger a secret-bearing run via a PR + # comment (pull_request + workflow_dispatch are already trusted). Replace the + # username(s) below with your maintainers — keep them in sync with + # GADFLY_ALLOWED_USERS (the in-container belt-and-suspenders check). + if: >- + github.event_name != 'issue_comment' + || github.actor == 'your-username' runs-on: ubuntu-latest timeout-minutes: 30 steps: