ci: add fork guards to docker, release, and auto-tag workflows#1007
Merged
Conversation
Fork PRs on a public repo can trigger jobs that consume secrets or have write permissions. Three workflows needed hardening: - docker.yml: the build job's cache-to was unconditional, so fork PRs would attempt to push build cache to GHCR after skipping login (noisy auth error). Now cache-to evaluates to empty string on fork PRs, matching the existing intent (build-only, no writes from forks). - release.yml: adds github.repository == 'block/sprout' to all three jobs (release, release-macos-x64, release-linux) as defense-in-depth. The workflow is tag/dispatch-only so forks can't normally trigger it, but the guard makes intent explicit and blocks any edge-case path. - auto-tag-on-release-pr-merge.yml: the if condition checked branch name but not whether the PR came from a fork. A fork PR with a version-bump/ branch merged by a maintainer would have triggered tag creation and a full release build.
wpfleger96
added a commit
that referenced
this pull request
Jun 12, 2026
…session-new * origin/main: Add relay disconnect UX: friendly errors, reconnect, cached identity (#1004) feat(agents): add active turn indicators to Agents Menu (#1005) ci: add fork guards to docker, release, and auto-tag workflows (#1007) docs(nip-rs): add optional thread read context scheme (#1006)
tellaho
added a commit
that referenced
this pull request
Jun 12, 2026
…tate * origin/main: Add relay disconnect UX: friendly errors, reconnect, cached identity (#1004) feat(agents): add active turn indicators to Agents Menu (#1005) ci: add fork guards to docker, release, and auto-tag workflows (#1007) docs(nip-rs): add optional thread read context scheme (#1006) fix(huddle): Pocket TTS quality overhaul — reference parity + cross-message pipelining (#997) Add manual ACP session rotation command (#932) fix(desktop): heal stale persona_team_dir paths in release builds (#1003) ci(docker): publish public ghcr.io/block/buzz image (native multi-arch) (#986) fix(buzz-agent): cap tool-result text at 50 KiB with middle elision (#952) feat(huddle): sentence-at-a-time voice-mode guidelines for lower TTS latency (#996) Shard desktop Playwright CI jobs (#992) chore(release): release version 0.3.18 (#995) Video Player Improvements (#993) Improve first-run welcome setup (#970) fix(release): use legacy updater key secret (#991) Replace built-in personas with Fizz (#987)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hardens three GitHub Actions workflows against fork PRs that could consume secrets or trigger privileged operations.
This is a public OSS repo — fork PRs run on the upstream repo's infrastructure and can access secrets that aren't explicitly gated. Two of the affected workflows have
contents: writeand signing credentials; one has GHCR push access.docker.yml: thebuildjob'scache-towas unconditional, so fork PRs would attempt a registry push toghcr.io/block/buzz-buildcacheafter skipping login, producing an auth error. Nowcache-toevaluates to an empty string for fork PRs (build still runs, no cache write).release.yml: addsif: github.repository == 'block/sprout'to all three jobs as defense-in-depth. The workflow is tag/dispatch-only so forks can't normally trigger it, but the guard makes intent explicit.auto-tag-on-release-pr-merge.yml: theifcondition checked the branch name but not the PR origin. A fork PR namedversion-bump/X.Y.Zmerged by a maintainer would have created a version tag and triggered a full release build. Addedgithub.event.pull_request.head.repo.full_name == github.repositoryto the condition.