Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/auto-triage-issues.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/daily-doc-updater.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/daily-issues-report.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/dataflow-pr-discussion-dataset.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/discussion-task-miner.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/impeccable-skills-reviewer.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/issue-arborist.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/issue-monster.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/mattpocock-skills-reviewer.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/org-health-report.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/pr-code-quality-reviewer.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/pr-sous-chef.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/pr-triage-agent.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/q.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/refiner.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/skillet.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/smoke-copilot-aoai-apikey.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/smoke-copilot-aoai-entra.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/smoke-copilot.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/stale-repo-identifier.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/weekly-issue-summary.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/weekly-safe-outputs-spec-review.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/workflow-generator.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 20 additions & 5 deletions actions/setup/js/determine_automatic_lockdown.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,14 @@ const { getErrorMessage } = require("./error_helpers.cjs");
* This step always sets `min_integrity` and `repos` outputs so that the GitHub MCP
* `guard-policies` block is never populated with empty values:
*
* - Public repositories: defaults to `min_integrity=approved`, `repos=all`
* - Public repositories: defaults to `min_integrity=approved`, `repos=public`
* - Private/internal repositories: defaults to `min_integrity=none`, `repos=all`
*
* When `GH_AW_PRIVATE_TO_PUBLIC_FLOWS=allow` is set (from `tools.github.private-to-public-flows:
* allow` in the workflow frontmatter), the `repos` default for public repositories is overridden
* to `all`, matching the behavior of private repositories, because the workflow author has
* explicitly opted in to cross-visibility data flows.
*
* Whether a field is "already configured" is determined by the environment variables
* GH_AW_GITHUB_MIN_INTEGRITY and GH_AW_GITHUB_REPOS, which are set at compile time
* from the workflow's tools.github guard policy configuration. Pre-configured values
Expand All @@ -25,6 +30,12 @@ const { getErrorMessage } = require("./error_helpers.cjs");
* @returns {Promise<void>}
*/
async function determineAutomaticLockdown(github, context, core) {
const privateToPublicFlows = process.env.GH_AW_PRIVATE_TO_PUBLIC_FLOWS || "";
const privateToPublicFlowsAllow = privateToPublicFlows === "allow";
if (privateToPublicFlows && !privateToPublicFlowsAllow) {
core.warning(`GH_AW_PRIVATE_TO_PUBLIC_FLOWS='${privateToPublicFlows}' is not recognized; expected 'allow'. Treating as unset.`);
}

try {
core.info("Determining automatic guard policy for GitHub MCP server");

Expand Down Expand Up @@ -55,7 +66,10 @@ async function determineAutomaticLockdown(github, context, core) {
// Private/internal repos default to min_integrity=none; public repos to approved.
// Either way, always emit outputs so guard-policies values are never empty.
const defaultMinIntegrity = isPrivate ? "none" : "approved";
const defaultRepos = "all";
// Public repos default to repos=public to block access to private repos unless the
// workflow author has explicitly opted in via private-to-public-flows: allow.
// Private/internal repos default to repos=all (no cross-visibility restriction).
const defaultRepos = isPrivate || privateToPublicFlowsAllow ? "all" : "public";

// Set min_integrity if not already configured
const resolvedMinIntegrity = configuredMinIntegrity || defaultMinIntegrity;
Expand All @@ -79,7 +93,7 @@ async function determineAutomaticLockdown(github, context, core) {
core.info("Automatic guard policy determination complete for private/internal repository");
} else {
core.info("Automatic guard policy determination complete for public repository");
core.info("GitHub MCP guard policy automatically applied for public repository. " + "min-integrity='approved' and repos='all' ensure only approved-integrity content is accessible.");
core.info(`GitHub MCP guard policy automatically applied for public repository. min-integrity='${resolvedMinIntegrity}' and repos='${resolvedRepos}'.`);
}

// Write resolved guard policy values to the step summary
Expand All @@ -105,12 +119,13 @@ async function determineAutomaticLockdown(github, context, core) {
await core.summary.addRaw(details).write();
} catch (error) {
const errorMessage = getErrorMessage(error);
const fallbackRepos = privateToPublicFlowsAllow ? "all" : "public";
core.error(`Failed to determine automatic guard policy: ${errorMessage}`);
// Default to safe guard policy for public repos on error
core.setOutput("min_integrity", "approved");
core.setOutput("repos", "all");
core.setOutput("repos", fallbackRepos);
core.setOutput("visibility", "public");
core.warning("Failed to determine repository visibility. Defaulting to visibility='public' (conservative), min-integrity='approved', repos='all' for security.");
core.warning(`Failed to determine repository visibility. Defaulting to visibility='public' (conservative), min-integrity='approved', repos='${fallbackRepos}'.`);
}
}

Expand Down
Loading