Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/claude.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@ jobs:
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 1
persist-credentials: false

- name: Run Claude Code
id: claude
uses: anthropics/claude-code-action@d5726de019ec4498aa667642bc3a80fca83aa102 # v1.0.148
uses: anthropics/claude-code-action@a92e7c70a4da9793dc164451d829089dc057a464 # v1.0.159
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # zizmor: ignore[secrets-outside-env]
use_commit_signing: true
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/conformance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
server-conformance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
Expand Down Expand Up @@ -107,7 +107,7 @@ jobs:
client-conformance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy-docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
url: ${{ steps.deployment.outputs.page_url }}

steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/docs-preview.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
steps:
- name: Determine authorization
id: check
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with:
script: |
const { owner, repo } = context.repo;
Expand Down Expand Up @@ -116,10 +116,10 @@
permissions:
contents: read
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
ref: ${{ needs.authorize.outputs.head_sha }}
persist-credentials: false

Check failure on line 122 in .github/workflows/docs-preview.yml

View check run for this annotation

Claude / Claude Code Review

checkout v7.0.0 breaks fork-PR docs-preview checkout under pull_request_target

actions/checkout v7.0.0's breaking change (actions/checkout#2454) refuses to check out fork-PR code from a `pull_request_target`-triggered workflow unless the new `allow-unsafe-pr-checkout: true` input is set, so this bump deterministically breaks the docs-preview build for every admin-authorized fork PR — the checkout step throws and the comment job posts a false "Preview build failed" comment. Since this workflow already implements the isolation the guard enforces (admin-gated authorize, secre
Comment on lines +119 to 122

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 actions/checkout v7.0.0's breaking change (actions/checkout#2454) refuses to check out fork-PR code from a pull_request_target-triggered workflow unless the new allow-unsafe-pr-checkout: true input is set, so this bump deterministically breaks the docs-preview build for every admin-authorized fork PR — the checkout step throws and the comment job posts a false "Preview build failed" comment. Since this workflow already implements the isolation the guard enforces (admin-gated authorize, secret-free build, artifact handoff), add allow-unsafe-pr-checkout: true to this checkout step (with a zizmor ignore if needed) or keep this one checkout at v6.

Extended reasoning...

What breaks. checkout v7.0.0's headline breaking change (actions/checkout#2454) adds a guard, assertSafePrCheckout(), that refuses to check out fork-PR head code from a pull_request_target- or workflow_run-triggered workflow unless the new allow-unsafe-pr-checkout input is explicitly set to true (it defaults to false). This PR bumps the docs-preview build job's checkout to v7 without setting that input, and this job is exactly the case the guard targets: it runs on pull_request_target and checks out ref: ${{ needs.authorize.outputs.head_sha }}, which the authorize job sets verbatim from context.payload.pull_request.head.sha.

The exact code path (verified against the pinned SHA 9c091bb, tag v7.0.0):

  1. src/input-helper.ts (lines 75–77) reclassifies a 40-hex ref input as result.commit with result.ref = ''.
  2. src/input-helper.ts (lines 166–176) reads allow-unsafe-pr-checkout (default false) and calls assertSafePrCheckout() unconditionally during input parsing — before any fetch.
  3. src/unsafe-pr-checkout-helper.ts throws "Refusing to check out fork pull request code from a pull_request_target workflow..." when all three hold: eventName === 'pull_request_target', pull_request.head.repo.id !== repository.id (any fork PR), and the resolved commit matches pull_request.head.sha (the prShas list also includes merge_commit_sha).

Step-by-step proof. A repository admin opens (or pushes to) a fork PR touching docs/**, docs_src/**, mkdocs.yml, scripts/docs/**, or pyproject.toml:

  1. docs-preview.yml triggers on pull_request_target; authorize outputs head_sha = context.payload.pull_request.head.sha and authorized = true (admin sender).
  2. build runs actions/checkout@v7 with ref: <head_sha> → reclassified as commit.
  3. Guard evaluation: event is pull_request_target ✓; head repo id ≠ base repo id (fork) ✓; input.commit === pull_request.head.sha ✓ (it was passed through verbatim). All conditions met → the checkout step throws.
  4. build fails; comment runs (always() + authorized) with DEPLOY_RESULT != 'success' and posts "❌ Preview build failed" on the PR. Before this bump (v6.0.3) the same run built fine.

Why nothing else prevents it. The workflow already implements precisely the mitigations the v7 guard exists to enforce — admin-gated authorize job, build isolated from all secrets, static site handed to deploy via artifact, enable-cache: false — but the guard cannot see any of that; it keys only on event name + fork head-repo id + commit==head sha, all of which match here. Note also that this dependabot PR's own CI stays green: it's a same-repo PR, so the guard returns early on headRepoId === baseRepoId. The breakage is silent until the next fork-PR docs change. The /preview-docs slash-command path is unaffected (issue_comment returns early from the guard), so a manual workaround exists, but the auto-preview path is the workflow's documented primary flow.

Scope of the rest of the PR. All other bumped checkout call sites run under push/pull_request/release/issue_comment/workflow_call triggers, none of which the guard inspects — they're fine. The other three bumps are also benign: all pinned SHAs match their claimed tags (github-script v9.0.0 = 3a2844b, zizmor-action v0.5.7 = 192e21d, claude-code-action v1.0.159 = a92e7c7), and github-script v9's breaking changes (removal of require('@actions/github'), injected getOctokit) don't intersect with the inline scripts in docs-preview.yml.

Fix. Add allow-unsafe-pr-checkout: true to the build job's checkout step in docs-preview.yml (likely with a zizmor ignore comment mirroring the existing dangerous-triggers ignore), or hold this one checkout at v6. One line either way.


- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
Expand Down Expand Up @@ -194,7 +194,7 @@
pull-requests: write
steps:
- name: Post or update preview comment
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
AUTHORIZED: ${{ needs.authorize.outputs.authorized }}
PR_NUMBER: ${{ needs.authorize.outputs.pr_number }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-pypi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
needs: [checks]
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/shared.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

Expand Down Expand Up @@ -69,7 +69,7 @@ jobs:
os: [ubuntu-latest, windows-latest]

steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
readme-snippets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

Expand Down Expand Up @@ -152,7 +152,7 @@ jobs:
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/zizmor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

- name: Run zizmor 🌈
uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7
Loading