Skip to content

fix(ci): restrict workflow_run test jobs to same-repo runs only#4303

Open
adilburaksen wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
adilburaksen:fix/workflow-fork-isolation-workflow-run
Open

fix(ci): restrict workflow_run test jobs to same-repo runs only#4303
adilburaksen wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
adilburaksen:fix/workflow-fork-isolation-workflow-run

Conversation

@adilburaksen
Copy link
Copy Markdown

@adilburaksen adilburaksen commented Apr 26, 2026

Summary

The test jobs in custard-run.yaml and custard-run-dev.yaml use workflow_run as a trigger, which fires whenever the Custard CI workflow runs — including when triggered by fork PRs.

The vulnerability: These test jobs have id-token: write permission and authenticate to GCP as kokoro-system-test@long-door-651.iam.gserviceaccount.com via Workload Identity Federation. They then check out code at github.event.workflow_run.head_sha (which can be a fork commit) and execute make test dir=${{ matrix.path }}.

Attack path:

  1. Attacker forks the repo, submits a PR that modifies a Makefile or test file in any affected path
  2. The Custard CI workflow runs on the fork, triggering custard-run.yaml via workflow_run
  3. The test job checks out the fork's commit and runs make test with live GCP credentials
  4. Attacker's code executes with access to kokoro-system-test@long-door-651.iam.gserviceaccount.com (GCP WIF token)

Fix: Add a guard condition on the test job so credentials are only used when the triggering workflow_run originated from the same repository:

if: |
  needs.affected.outputs.paths != '[]' &&
  (github.event_name != 'workflow_run' || github.event.workflow_run.head_repository.full_name == github.repository)

Push, workflow_dispatch, and same-repo PR triggers are completely unaffected.

Changes

  • .github/workflows/custard-run.yaml: Add fork guard to test job if: condition
  • .github/workflows/custard-run-dev.yaml: Same fix

Test Plan

  • Same-repo PRs / push to main: test job runs normally (event_name != 'workflow_run' or same-repo check passes)
  • Fork PRs via workflow_run: test job is skipped, no GCP credentials are issued
  • workflow_dispatch runs: unaffected (condition short-circuits at event_name != 'workflow_run')

Reported to Google via OSS VRP. Fix PR submitted as part of responsible disclosure.

@adilburaksen adilburaksen requested review from a team as code owners April 26, 2026 12:13
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented Apr 26, 2026

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@product-auto-label product-auto-label Bot added samples Issues that are directly related to samples. api: workflows Issues related to the Workflows API. labels Apr 26, 2026
@adilburaksen
fix(ci): restrict workflow_run test jobs to same-repo runs only
31ebe31 
The `test` jobs in custard-run.yaml and custard-run-dev.yaml use
`workflow_run` as a trigger (fired by `Custard CI` running on PRs,
including fork PRs). These jobs have `id-token: write` and authenticate
to GCP via Workload Identity Federation as
kokoro-system-test@long-door-651.iam.gserviceaccount.com.

Without a repository guard, the `test` job runs for fork-triggered
workflow_run events. It checks out the fork's code at
`github.event.workflow_run.head_sha` and executes `make test`, allowing
attacker-controlled code to run with live GCP credentials.

Add a guard condition so the credentialed `test` job only fires when the
triggering workflow originated from the same repository (not a fork):

    github.event.workflow_run.head_repository.full_name == github.repository

Non-workflow_run triggers (push, workflow_dispatch) are unaffected.
@adilburaksen adilburaksen force-pushed the fix/workflow-fork-isolation-workflow-run branch from 073fffd to 31ebe31 Compare April 26, 2026 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

api: workflows Issues related to the Workflows API. samples Issues that are directly related to samples.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adilburaksen