Pin VPS OIDC allowlist in workflow#70
Conversation
Co-Authored-By: Codex <noreply@openai.com>
🤖 Codex PR ReviewPlease ensure a human reviewer checks this PR before merging. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e417c8baec
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| CODEX_AUDIT_SSH_UNBAN_IP: ${{ inputs.ssh_unban_ip }} | ||
| CODEX_AUDIT_SERVICE_ALLOWED_REPOSITORIES: QuantStrategyLab/CodexAuditBridge,QuantStrategyLab/AIAuditBridge | ||
| CODEX_AUDIT_SERVICE_ALLOWED_WORKFLOW_REFS: QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_audit.yml@refs/heads/main,QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_pr_review.yml@refs/heads/main,QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_pr_review.yml@refs/pull/*/merge,QuantStrategyLab/AIAuditBridge/.github/workflows/codex_audit.yml@refs/heads/main | ||
| CODEX_AUDIT_SERVICE_ALLOWED_REFS: refs/heads/main,refs/pull/*/merge |
There was a problem hiding this comment.
Restrict service access from PR merge refs
For same-repository PRs, the PR review workflow checks out the PR merge ref before running scripts/run_codex_pr_review.py, and this new refs/pull/*/merge allowlist gives that unmerged code a valid service OIDC identity plus the injected service URL. A PR can therefore change the review script and submit arbitrary Codex service jobs before the change is merged; if PR reviews need the service, run the service-calling code from a trusted base checkout instead of authorizing all PR merge refs.
Useful? React with 👍 / 👎.
| CODEX_AUDIT_SERVICE_ALLOWED_REPOSITORIES: QuantStrategyLab/CodexAuditBridge,QuantStrategyLab/AIAuditBridge | ||
| CODEX_AUDIT_SERVICE_ALLOWED_WORKFLOW_REFS: QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_audit.yml@refs/heads/main,QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_pr_review.yml@refs/heads/main,QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_pr_review.yml@refs/pull/*/merge,QuantStrategyLab/AIAuditBridge/.github/workflows/codex_audit.yml@refs/heads/main |
There was a problem hiding this comment.
Allow the actual reusable-workflow callers
For workflow_call PR-review consumers, the OIDC repository and workflow_ref claims describe the calling repository/workflow, while the reusable workflow is exposed separately; service/auth.verify_github_oidc only validates repository, workflow_ref, and ref. Pinning the allowlist to only the bridge repositories means documented source-repo PR review callers will still be rejected with OIDC repository is not allowed; add the caller repos/workflow refs here or validate the reusable-workflow claim explicitly.
Useful? React with 👍 / 👎.
| env: | ||
| CODEX_AUDIT_SSH_UNBAN_IP: ${{ inputs.ssh_unban_ip }} | ||
| CODEX_AUDIT_SERVICE_ALLOWED_REPOSITORIES: QuantStrategyLab/CodexAuditBridge,QuantStrategyLab/AIAuditBridge | ||
| CODEX_AUDIT_SERVICE_ALLOWED_WORKFLOW_REFS: QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_audit.yml@refs/heads/main,QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_pr_review.yml@refs/heads/main,QuantStrategyLab/CodexAuditBridge/.github/workflows/codex_pr_review.yml@refs/pull/*/merge,QuantStrategyLab/AIAuditBridge/.github/workflows/codex_audit.yml@refs/heads/main |
There was a problem hiding this comment.
Include PR review repos in source allowlist
When this newly authorized codex_pr_review path submits a job, scripts/run_codex_pr_review.py sends source_repository=GITHUB_REPOSITORY, but the deployed service still gets CODEX_AUDIT_SERVICE_ALLOWED_SOURCE_REPOSITORIES from the deploy-script default, which excludes QuantStrategyLab/CodexAuditBridge and QuantStrategyLab/AIAuditBridge. After OIDC succeeds, _handle_execute_async will reject these PR review jobs in _validate_source_repo, so pin the matching source allowlist here as well instead of leaving the workflow with a second authorization failure.
Useful? React with 👍 / 👎.
Summary
Why
The live PR review workflow still failed with
OIDC repository is not allowed, which means the VPS deploy was likely inheriting an old runner/environment allowlist instead of the script default. Pinning the values in the workflow makes deployment deterministic.Validation
bash -n scripts/deploy_codex_audit_service.shpython3 -m ruff check tests/test_run_monthly_codex_audit.pypython3 -m pytest tests/test_run_monthly_codex_audit.py -qgit diff --check