From e83cc6efee1dc3c43c31e55e94436617912fd3c6 Mon Sep 17 00:00:00 2001 From: Bruno Borges Date: Fri, 20 Feb 2026 15:37:51 -0800 Subject: [PATCH] Add CI guard to block forbidden files in workflows/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevents contributors from pushing compiled YAML (.yml, .yaml, .lock.yml) or .github/ directories into the workflows/ directory. Only .md markdown source files are accepted — compilation happens downstream via gh aw compile. This is a security measure to prevent malicious GitHub Actions code from being introduced through contributed agentic workflows. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/block-workflow-yaml.yml | 64 +++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/block-workflow-yaml.yml diff --git a/.github/workflows/block-workflow-yaml.yml b/.github/workflows/block-workflow-yaml.yml new file mode 100644 index 00000000..25844308 --- /dev/null +++ b/.github/workflows/block-workflow-yaml.yml @@ -0,0 +1,64 @@ +name: Block Forbidden Workflow Contribution Files + +on: + pull_request: + branches: [staged] + types: [opened, synchronize, reopened] + paths: + - "workflows/**" + +permissions: + contents: read + pull-requests: write + +jobs: + check-forbidden-files: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check for forbidden files in workflows/ + id: check + run: | + # Check for YAML/lock files in workflows/ and any .github/ modifications + forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \ + 'workflows/**/*.yml' \ + 'workflows/**/*.yaml' \ + 'workflows/**/*.lock.yml' \ + '.github/*' \ + '.github/**') + + if [ -n "$forbidden" ]; then + echo "❌ Forbidden files detected:" + echo "$forbidden" + echo "files<> "$GITHUB_OUTPUT" + echo "$forbidden" >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + exit 1 + else + echo "✅ No forbidden files found in workflows/" + fi + + - name: Comment on PR + if: failure() + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: workflow-forbidden-files + message: | + ## 🚫 Forbidden files in `workflows/` + + Only `.md` markdown files are accepted in the `workflows/` directory. The following are **not allowed**: + - Compiled workflow files (`.yml`, `.yaml`, `.lock.yml`) — could contain untrusted Actions code + - `.github/` modifications — workflow contributions must not modify repository configuration + + **Files that must be removed:** + ``` + ${{ steps.check.outputs.files }} + ``` + + Contributors provide the workflow **source** (`.md`) only. Compilation happens downstream via `gh aw compile`. + + Please remove these files and push again.