feat: add trigger mode (no permissions, server posts as bot account)#2
feat: add trigger mode (no permissions, server posts as bot account)#2redoh wants to merge 2 commits into
Conversation
New `mode: trigger` input. In trigger mode the action posts no token and the workflow needs no permissions — it only notifies the Octopus server which PR to review (POST /api/oss-review with owner/repo/prNumber/headSha). The server fetches the diff and posts the review as the Octopus bot account, which (as a non-collaborator) can only comment, never set checks/statuses or block merges. This lets security-conscious public repos adopt Octopus without granting any write access in CI and without pull_request_target. Consent is gated server-side on the repo's .github/octopus.yml file. Default mode is "full" — existing behavior (fetch diff + post with github-token) is unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🐙 Octopus Review — PR #2SummaryThis PR adds a Score
Risk Assessment
Positive Highlights
Important Files Changed
DiagramsequenceDiagram
participant WF as GitHub Actions Workflow
participant Action as octopus-action
participant API as Octopus Server
WF->>Action: trigger with mode=trigger
Action->>Action: validate event, read inputs
Note over Action: no github-token required
Action->>API: POST /api/oss-review (owner, repo, prNumber, headSha)
activate API
alt status = queued
API-->>Action: { status: "queued", jobId }
Action->>WF: info log + set outputs (count=0)
API->>API: fetch diff, index, review
API->>WF: post review as bot account
else status = deduped
API-->>Action: { status: "deduped" }
Action->>WF: info log + set outputs (count=0)
else status = skipped / no-consent-file
API-->>Action: { status: "skipped", reason: "no-consent-file" }
deactivate API
Action->>WF: warning + set outputs (count=0)
end
Last reviewed commit: 0ee1ac3 Checklist
|
There was a problem hiding this comment.
4 files reviewed, 3 findings | View scores & details
🟡🔵 Additional findings
| Severity | File | Title | Description |
|---|---|---|---|
| 🟡 | src/octopus-client.ts:L93 |
Unauthenticated trigger endpoint exposes server-side review to arbitrary repos | The triggerOssReview call sends only owner, repo, prNumber, and headSha — no API key and no GitHub token. Any actor that can call the Octopus API can trigger a server-side review on any public repo by guessing these values (all of which are public). If the server performs expensive indexing and posts comments as the bot account, this is a potential resource-abuse and review-spam vector. The no-consent-file guard is a good first layer, but it relies entirely on server-side enforcement with no request authentication. |
| 🔵 | src/index.ts:L33 |
Invalid mode values silently fall through to full mode |
The mode input is read with .toLowerCase() and then compared only against "trigger". Any other value — including typos like "triggers", "Trigger" (already handled by toLowerCase), or "trgger" — silently falls through to full mode. This can mask misconfiguration. |
| 🔵 | src/index.ts:L68 |
Trigger mode does not set findings-count or summary outputs |
In trigger mode, the function returns early without calling core.setOutput. Downstream workflow steps that depend on findings-count or summary outputs (e.g., the example in README.md L148-L152) will receive empty strings, potentially causing silent failures in conditional steps. |
Reviewed by Octopus Review, an AI-powered PR review tool.
- Warn when `mode` is neither "full" nor "trigger" instead of silently falling through to full mode (masks misconfiguration). - Set findings-count and summary outputs in trigger mode so downstream steps that read them don't get empty strings. The review is posted asynchronously by the server, so findings-count is "0" with an explanatory summary. The "unauthenticated trigger" finding is addressed server-side in octopusreview/octopus#536 (manual approval allowlist); a fork-PR action cannot authenticate by design. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Thanks for the review 🙏 Addressed in the latest push:
@octopus updates are ready for re-review. |
There was a problem hiding this comment.
4 files reviewed, 0 findings | View scores & details
Reviewed by Octopus Review, an AI-powered PR review tool.
|
The diagram does not mention the case when the review is rejected early using the allow list on octopus server. The review bot does not update the diagram when the code changes or the code does not handle this case? Stale pr message is very common issue with humans. It would be nice if the review bot always update the pr comments after changes. |
What & why
Adds a new
mode: triggerinput. In trigger mode the action posts no token and the workflow needs no permissions — it only notifies the Octopus server which PR to review (POST /api/oss-reviewwithowner/repo/prNumber/headSha). The server fetches the diff and posts the review as the Octopus bot account, which (as a non-collaborator) can only comment — never set checks/statuses or block merges.This lets security-conscious public repos adopt Octopus without granting any write access in CI and without
pull_request_target. Directly addresses the maintainer concern on kubernetes/minikube#23177.(plus a
.github/octopus.ymlconsent file in the repo)Changes
modeinput (fulldefault = existing behavior;trigger= notify-only).triggerOssReview()client call to/api/oss-review.index.ts: early trigger branch;github-tokenonly required infullmode.dist/.Backward compatibility
modedefaults tofull; existing workflows are unchanged.Status
Companion server PR: octopusreview/octopus#536. Not yet validated end-to-end (needs the bot account live).
🤖 Generated with Claude Code