Add CI guard to block forbidden files in workflows/

Prevents contributors from pushing compiled YAML (.yml, .yaml, .lock.yml) or .github/ directories into the workflows/ directory. Only .md markdown source files are accepted — compilation happens downstream via gh aw compile. This is a security measure to prevent malicious GitHub Actions code from being introduced through contributed agentic workflows. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-24 12:25:11 +00:00 · 2026-02-20 15:37:51 -08:00
parent 78eaeb22b7
commit e83cc6efee
1 changed files with 64 additions and 0 deletions
--- a/.github/workflows/block-workflow-yaml.yml
+++ b/.github/workflows/block-workflow-yaml.yml
@@ -0,0 +1,64 @@
+name: Block Forbidden Workflow Contribution Files
+
+on:
+  pull_request:
+    branches: [staged]
+    types: [opened, synchronize, reopened]
+    paths:
+      - "workflows/**"
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  check-forbidden-files:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check for forbidden files in workflows/
+        id: check
+        run: |
+          # Check for YAML/lock files in workflows/ and any .github/ modifications
+          forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \
+            'workflows/**/*.yml' \
+            'workflows/**/*.yaml' \
+            'workflows/**/*.lock.yml' \
+            '.github/*' \
+            '.github/**')
+
+          if [ -n "$forbidden" ]; then
+            echo "❌ Forbidden files detected:"
+            echo "$forbidden"
+            echo "files<<EOF" >> "$GITHUB_OUTPUT"
+            echo "$forbidden" >> "$GITHUB_OUTPUT"
+            echo "EOF" >> "$GITHUB_OUTPUT"
+            exit 1
+          else
+            echo "✅ No forbidden files found in workflows/"
+          fi
+
+      - name: Comment on PR
+        if: failure()
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: workflow-forbidden-files
+          message: |
+            ## 🚫 Forbidden files in `workflows/`
+
+            Only `.md` markdown files are accepted in the `workflows/` directory. The following are **not allowed**:
+            - Compiled workflow files (`.yml`, `.yaml`, `.lock.yml`) — could contain untrusted Actions code
+            - `.github/` modifications — workflow contributions must not modify repository configuration
+
+            **Files that must be removed:**
+            ```
+            ${{ steps.check.outputs.files }}
+            ```
+
+            Contributors provide the workflow **source** (`.md`) only. Compilation happens downstream via `gh aw compile`.
+
+            Please remove these files and push again.