github-actions[bot] commented on code in PR #62369:
URL: https://github.com/apache/doris/pull/62369#discussion_r3066049517
##########
.github/workflows/opencode-review-comment.yml:
##########
@@ -0,0 +1,114 @@
+name: Code Review Comment Dispatch
+
+on:
+ issue_comment:
+ types: [created]
+
+permissions:
+ statuses: write
+ pull-requests: write
+ contents: read
+ issues: write
+
+jobs:
+ resolve-pr:
+ runs-on: ubuntu-latest
+ if: >-
+ github.event.issue.pull_request &&
+ contains(github.event.comment.body, '/review')
Review Comment:
This introduces a privileged `issue_comment` trigger with no authorization
check beyond `contains(comment.body, '/review')`. Unlike the repo's other
comment-driven workflows, there is no `github.actor`/`author_association`
allowlist here before calling the reusable workflow with `secrets: inherit`.
That means any external contributor can request a secret-bearing review run
on demand for their PR. Please gate this path to trusted actors before
dispatching the runner.
##########
.github/workflows/opencode-review-runner.yml:
##########
@@ -0,0 +1,199 @@
+name: Code Review Runner
+
+on:
+ workflow_call:
+ inputs:
+ pr_number:
+ required: true
+ type: string
+ head_sha:
+ required: true
+ type: string
+ base_sha:
+ required: true
+ type: string
+
+permissions:
+ pull-requests: write
+ contents: read
+ issues: write
+
+jobs:
+ code-review:
+ runs-on: ubuntu-latest
+ timeout-minutes: 60
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.head_sha }}
+
+ - name: Install ripgrep
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y ripgrep
+
+ - name: Install OpenCode
+ run: |
+ for attempt in 1 2 3; do
+ if curl -fsSL https://opencode.ai/install | bash; then
+ echo "$HOME/.opencode/bin" >> $GITHUB_PATH
+ exit 0
+ fi
+ echo "Install attempt $attempt failed, retrying in 10s..."
+ sleep 10
+ done
+ echo "All install attempts failed"
+ exit 1
+
+ - name: Configure OpenCode auth
+ run: |
+ mkdir -p ~/.local/share/opencode
+ cat > ~/.local/share/opencode/auth.json <<EOF
+ {
+ "github-copilot": {
+ "type": "oauth",
+ "refresh": "${CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY}",
+ "access": "${CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY}",
+ "expires": 0
+ }
+ }
+ EOF
+ env:
+ CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY: ${{
secrets.CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY }}
+
+ - name: Configure OpenCode permission
+ run: |
+ echo '{"permission":"allow"}' > opencode.json
+
+ - name: Prepare review prompt
+ run: |
+ cat > /tmp/review_prompt.txt <<'PROMPT'
+ You are performing an automated code review inside a GitHub Actions
runner. The gh CLI is available and authenticated via GH_TOKEN. You can comment
on the pull request.
+
+ Context:
+ - Repository: PLACEHOLDER_REPO
+ - PR number: PLACEHOLDER_PR_NUMBER
+ - PR Head SHA: PLACEHOLDER_HEAD_SHA
+ - PR Base SHA: PLACEHOLDER_BASE_SHA
+
+ Before reviewing any code, you MUST read and follow the code review
skill in this repository. During review, you must strictly follow those
instructions.
Review Comment:
This runner checks out the untrusted PR head and then tells OpenCode to read
`AGENTS.md` and the repository's `code-review` skill from that checkout while
`GH_TOKEN` and the persisted OpenCode credential are in scope.
Because those instruction files are review inputs and live inside the PR, a
malicious contributor can modify them to redirect the agent into exfiltrating
credentials or auto-approving the PR. The review instructions need to come from
trusted base-branch content, or the analysis must run without secrets/write
tokens against the untrusted checkout.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
