Skip to content

Split pr-code-format.yml into separate untrusted+trusted workflows #77142

@jyknight

Description

@jyknight
Member

The workflow should be split in two, with a "pull_request" workflow (unprivileged) to run formatting actions, and a separate "workflow_run" (privileged) to post the issue update, as recommended by https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

The current implementation is not obviously broken (it's not running binaries from the untrusted checkout), but manipulating the untrusted checkout at all in a privileged context is riskier than necessary, so would be improved by splitting into two parts.

@tstellar @tru @boomanaiden154

Activity

tru

tru commented on Jan 12, 2024

@tru
Collaborator

Yes this would be nice. But I looked at the ways to do this and felt dumb and don't have much time to work on this right now. Happy to review if someone have more time to look into this though.

self-assigned this
on Jan 13, 2024
added a commit that references this issue on Jan 20, 2024
147c1d2
added 5 commits that reference this issue on Feb 2, 2024
bc06cd5
2408e32
3925d28
added a commit that references this issue on Feb 5, 2024
2db6db7
added a commit that references this issue on Mar 22, 2024
2120f57
added a commit that references this issue on Mar 23, 2024
62ed839
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

    Participants

    @tru@tstellar@jyknight

    Issue actions

      Split pr-code-format.yml into separate untrusted+trusted workflows · Issue #77142 · llvm/llvm-project