Skip to content

fix(ci): block fork code on self-hosted Swift runner#4102

Open
QuantumExplorer wants to merge 1 commit into
v4.1-devfrom
codex/fix-swift-fork-self-hosted-runner
Open

fix(ci): block fork code on self-hosted Swift runner#4102
QuantumExplorer wants to merge 1 commit into
v4.1-devfrom
codex/fix-swift-fork-self-hosted-runner

Conversation

@QuantumExplorer

Copy link
Copy Markdown
Member

Issue being fixed or feature implemented

Fixes DS-CAND-103: fork pull requests could route repository-controlled Swift SDK code onto the persistent self-hosted macOS runner.

What was done?

  • Require pull requests to originate from dashpay/platform before invoking the reusable Swift workflow.
  • Repeat the same check on the reusable workflow job before runner allocation, protecting future callers.
  • Add a focused policy check that verifies both guards and the self-hosted execution boundary.
  • Run the policy check on the GitHub-hosted changes job.

How Has This Been Tested?

  • The policy checker fails against unpatched v4.1-dev and passes against this branch.
  • The preserved DS-CAND-103 offline analyzer reports SAFE against this branch.
  • A regression probe confirms an appended OR true bypass is rejected.
  • actionlint v1.7.12 passes for both modified workflows.
  • git diff --check passes.

Breaking Changes

None. Same-repository pull requests, pushes, schedules, and manual runs preserve their existing eligibility. Fork pull requests no longer allocate the persistent Swift self-hosted runner.

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
  • I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

  • I have assigned this pull request to a milestone

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@QuantumExplorer, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 56 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 141388ac-09f7-480b-bae6-45207172a9e5

📥 Commits

Reviewing files that changed from the base of the PR and between 0bfdc57 and 4b0efec.

📒 Files selected for processing (3)
  • .github/scripts/check-swift-self-hosted-runner.py
  • .github/workflows/swift-sdk-build.yml
  • .github/workflows/tests.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/fix-swift-fork-self-hosted-runner

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added this to the v4.1.0 milestone Jul 12, 2026
@thepastaclaw

thepastaclaw commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

✅ Review complete (commit 4b0efec)

@thepastaclaw thepastaclaw left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This PR adds guards to keep fork pull requests off the persistent Swift self-hosted runner, plus an offline consistency checker, but every control is evaluated from fork-controlled PR content. The verifier also confirmed a trusted-fork policy inconsistency and a fragile regex-based checker.

Source (experiment sonnet-primary-opus-quarter-sample-20260710, cohort sonnet_primary, bucket 3): reviewers codex/general=gpt-5.6-sol(completed), sonnet5/general=claude-sonnet-5(completed); verifier=verifier-sonnet5-4102-1783889464=claude-sonnet-5; orchestrator=openai/gpt-5.6-sol reasoning=high (orchestration-only, not reviewer/verifier).

🔴 1 blocking | 🟡 1 suggestion(s) | 💬 1 nitpick(s)

🤖 Prompt for all review comments with AI agents
These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `.github/workflows/tests.yml`:
- [BLOCKING] .github/workflows/tests.yml:348-357: Guard lives entirely inside fork-controlled content, so it doesn't close DS-CAND-103 against a real attacker
  For pull_request events, GitHub runs workflow YAML from the PR merge commit, and the local reusable workflow resolves from that same commit. A malicious fork therefore controls the caller guard, the callee guard, and the checked-out policy checker, and can weaken all three together. Keep these checks as defense in depth, but close the trust boundary with a server-side control the PR cannot edit, such as required environment approval or repository/organization approval for outside-collaborator workflow runs.

In `.github/workflows/swift-sdk-build.yml`:
- [SUGGESTION] .github/workflows/swift-sdk-build.yml:9-11: New guard omits the repo's established `thepastaclaw` trusted-fork exception
  Sibling self-hosted workflows allow `thepastaclaw`-owned fork PRs, while this new Swift guard only accepts same-repository PRs. If that stricter policy is intentional, document it; otherwise match the established exception consistently in the caller, callee, and checker.

Comment on lines +348 to 357
if: >-
${{ always()
&& (github.event_name != 'pull_request'
|| github.event.pull_request.head.repo.full_name == github.repository)
&& needs.changes.outputs.swift-sdk-changed == 'true'
&& needs.changes.result != 'failure'
&& needs.rs-workspace-tests.result != 'failure'
&& needs.rs-wallet-tests.result != 'failure' }}
secrets: inherit
uses: ./.github/workflows/swift-sdk-build.yml

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Blocking: Guard lives entirely inside fork-controlled content, so it doesn't close DS-CAND-103 against a real attacker

For pull_request events, GitHub runs workflow YAML from the PR merge commit, and the local reusable workflow resolves from that same commit. A malicious fork therefore controls the caller guard, the callee guard, and the checked-out policy checker, and can weaken all three together. Keep these checks as defense in depth, but close the trust boundary with a server-side control the PR cannot edit, such as required environment approval or repository/organization approval for outside-collaborator workflow runs.

source: ['codex-general', 'sonnet5-general']

Comment on lines +9 to +11
if: >-
github.event_name != 'pull_request'
|| github.event.pull_request.head.repo.full_name == github.repository

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Suggestion: New guard omits the repo's established thepastaclaw trusted-fork exception

Sibling self-hosted workflows allow thepastaclaw-owned fork PRs, while this new Swift guard only accepts same-repository PRs. If that stricter policy is intentional, document it; otherwise match the established exception consistently in the caller, callee, and checker.

source: ['sonnet5-general']

Comment on lines +33 to +78
(
index
for index, line in enumerate(lines)
if start_pattern.match(line.rstrip("\n"))
),
None,
)
if start is None:
return ""

end = len(lines)
for index in range(start + 1, len(lines)):
if sibling_pattern.match(lines[index].rstrip("\n")):
end = index
break
return "".join(lines[start:end])


def job_property(block: str, property_name: str) -> str:
"""Return one job-level property, excluding step-level lookalikes."""
lines = block.splitlines(keepends=True)
start_pattern = re.compile(rf"^ {re.escape(property_name)}:\s*(?:.*)?$")
sibling_pattern = re.compile(r"^ [A-Za-z0-9_-]+:\s*(?:.*)?$")

start = next(
(
index
for index, line in enumerate(lines)
if start_pattern.match(line.rstrip("\n"))
),
None,
)
if start is None:
return ""

end = len(lines)
for index in range(start + 1, len(lines)):
if sibling_pattern.match(lines[index].rstrip("\n")):
end = index
break
return "".join(lines[start:end])


def normalized_if(block: str) -> str:
"""Normalize one job condition for an exact policy comparison."""
condition = job_property(block, "if")

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💬 Nitpick: Regex-based YAML folding is fragile to harmless reformatting

The checker depends on exact indentation and manual line folding, so semantically neutral YAML reformatting can cause false CI failures. It fails closed, but structured YAML parsing would reduce maintenance risk.

source: ['sonnet5-general']

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants