fix(security): split-workflow pattern + same-repo guard for docs PR AI menu (SEC-043)#6484
Merged
Merged
Conversation
…I menu (SEC-043) Replace pull_request_target with the split-workflow pattern to eliminate the SEC-043 dangerous-trigger finding without losing fork PR support: - New docs-pr-ai-menu-collect.yml: triggered by pull_request (read-only, no secrets), saves the PR number as an artifact. - docs-pr-ai-menu.yml: now triggered by workflow_run on the collect workflow. Downloads the PR number artifact from the trusted base-repo context and passes it to the existing external script via env var. - evaluate-trigger: add pull-requests: read permission and a same-repo guard that fetches the PR and short-circuits with docs_review_triggered=false for fork PRs, preventing untrusted contributors from reaching the COPILOT_GITHUB_TOKEN path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
Elastic Docs AI PR menuCheck the box to run an AI review for this pull request.
Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team. |
reakaleek
approved these changes
May 13, 2026
3 tasks
theletterf
added a commit
that referenced
this pull request
May 17, 2026
) ## Summary The same-repo guard introduced in #6484 (SEC-043) unconditionally blocked fork PRs from triggering the docs review, even when the actor was an Elastic org member. This caused confusion (see #6537) where a repo member checking the box on a fork PR was silently ignored. **Change:** the guard now calls `checkMembershipForUser` before short-circuiting. Org members can trigger reviews on fork PRs; non-members are still blocked. ``` fork PR + non-member → blocked (unchanged) fork PR + org member → allowed (new) same-repo PR → unchanged ``` The companion change in the canonical template is in elastic/oblt-aw#896. ## Test plan - [ ] Fork PR: org member checks the box → `evaluate-trigger` passes, docs review runs - [ ] Fork PR: fork contributor checks the box → `evaluate-trigger` short-circuits, no review - [ ] Same-repo PR: unchanged behavior 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pull_request_targetwith the split-workflow pattern to fix the SEC-043 dangerous-trigger finding while preserving the AI PR menu for fork PRs.evaluate-triggerso fork contributors cannot toggle the checkbox to reach theCOPILOT_GITHUB_TOKENpath.How it works:
docs-pr-ai-menu-collect.yml— triggered bypull_request(read-only, no secrets). Saves the PR number as an artifact.docs-pr-ai-menu.yml— now triggered byworkflow_runon the collect workflow. Downloads the PR number artifact and passes it to the existing script viaprocess.env.PULL_REQUEST_NUMBER. Runs in the trusted base-repo context.evaluate-trigger— fetches the PR onissue_commentevents and short-circuits withdocs_review_triggered=falseifhead.repo.full_namedoesn't match the base repo.This mirrors the fix applied to the canonical template in elastic/oblt-aw#896.
Test plan
workflow_dispatchwith a PR number → still works.evaluate-triggershort-circuits, no docs review triggered.🤖 Generated with Claude Code