Skip to content

fix: More robust head SHA validation in auto format workflow#31255

Open
AaronDewes wants to merge 1 commit into
cloudflare:productionfrom
AaronDewes:improve-auto-format
Open

fix: More robust head SHA validation in auto format workflow#31255
AaronDewes wants to merge 1 commit into
cloudflare:productionfrom
AaronDewes:improve-auto-format

Conversation

@AaronDewes

@AaronDewes AaronDewes commented Jun 5, 2026

Copy link
Copy Markdown

Summary

This makes the auto format workflow obtain the head SHA from the PR that triggered the workflow run directly.

This improves security because even if an attacker managed to upload a malicious artifact by manipulating their PR, they could no longer abuse that to push to arbitrary PRs because the SHA sum wouldn't match.

Screenshots (optional)

Documentation checklist

Not applicable.

@github-actions github-actions Bot added the size/s label Jun 5, 2026
@cloudflare-docs-bot

cloudflare-docs-bot Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review

✅ No style-guide issues found in commit fe77d2c.

Commands

Only codeowners can run commands. Post a comment with the command to trigger it.

Command Description
/review Runs a review now. Incremental if a prior review exists, full if not.
/full-review Re-reviews the entire PR diff from scratch, ignoring incremental history. Useful after a rebase, when you want a fresh review, or if the bot gets out of sync and reports issues that no longer exist.

@AaronDewes AaronDewes force-pushed the improve-auto-format branch from 5aaed5b to fe77d2c Compare June 5, 2026 13:20
@github-actions

github-actions Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Hey there, we've marked this pull request as stale because there's no recent activity on it. This label helps us identify PRs that might need updates (or to be closed out by our team if no longer relevant).

@github-actions github-actions Bot added the stale label Jun 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kodster28 kodster28 Awaiting requested review from kodster28 kodster28 is a code owner
@mvvmm mvvmm Awaiting requested review from mvvmm mvvmm is a code owner
@colbywhite colbywhite Awaiting requested review from colbywhite colbywhite is a code owner
@ahaywood ahaywood Awaiting requested review from ahaywood ahaywood is a code owner
@MohamedH1998 MohamedH1998 Awaiting requested review from MohamedH1998 MohamedH1998 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@ahaywood ahaywood

@colbywhite colbywhite

@mvvmm mvvmm

@kodster28 kodster28

@MohamedH1998 MohamedH1998

Labels

size/s stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@AaronDewes @ahaywood @colbywhite @mvvmm @kodster28 @MohamedH1998