fix(workflows): add security and parameterization to Claude workflows#2
Conversation
SECURITY FIX: Addresses critical vulnerability where any external user could trigger Claude workflows using CLAUDE_CODE_OAUTH_TOKEN. Changes: - Add author_association checks to claude.yml (OWNER, MEMBER, COLLABORATOR only) - Add author_association checks to claude-code-review.yml - Add concurrency controls to prevent workflow spam Resolves: #1 (comment)
…ariables Extract repeated configuration values into GitHub Actions variables with sensible defaults, enabling runtime configuration without code changes. Configuration variables: - CLAUDE_AUTHORIZED_ROLES: Control who can trigger workflows - CLAUDE_MENTION_TRIGGER: Customize trigger word (default: @claude) - CLAUDE_CONCURRENCY_CANCEL: Enable canceling in-progress runs - CLAUDE_ALLOWED_TOOLS: Restrict tool access - CLAUDE_CUSTOM_PROMPT: Override default prompts - CLAUDE_REVIEW_*: Separate configuration for code review workflow Benefits: - DRY: Single source of truth for authorization roles (was repeated 5x) - Flexibility: Change behavior via repo settings without editing workflows - Security: Easily adjust authorization without touching code - Documentation: Comprehensive guide in .github/CLAUDE_WORKFLOWS.md Related: #1 (comment)
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f2d3f3ca55
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
.github/workflows/claude.yml
Outdated
| (github.event_name == 'issues' && (contains(github.event.issue.body, vars.CLAUDE_MENTION_TRIGGER || '@claude') || contains(github.event.issue.title, vars.CLAUDE_MENTION_TRIGGER || '@claude')) && | ||
| contains(fromJSON(vars.CLAUDE_AUTHORIZED_ROLES || '["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.sender.author_association)) |
There was a problem hiding this comment.
For the issues event, the webhook payload exposes the author association on the issue (github.event.issue.author_association), not on sender. With github.event.sender.author_association here, the expression evaluates to null and contains(...) returns false, so the workflow never runs for newly opened issues even when the issue author is OWNER/MEMBER/COLLABORATOR. This breaks issue-triggered @claude mentions; switch the check to github.event.issue.author_association to restore the intended behavior.
Useful? React with 👍 / 👎.
|
@codex: Review this PR. It should address the following concern you raised on a private repository for the original version of the workflow:
|
|
Claude finished @simonheimlicher's task in 1m 39s —— View job Code Review Complete ✅I've reviewed the security fixes and parameterization changes. Here's my analysis: 🔒 Security Review✅ Security Vulnerability Successfully AddressedThe PR correctly fixes the critical security issue where any external user could trigger workflows with access to What Changed:
🚨 CRITICAL BUG: Issues Event AuthorizationThe codex review comment is correct. There's a bug in # Line 34 - INCORRECT:
(github.event_name == 'issues' && ... &&
contains(..., github.event.sender.author_association))Problem: For the Impact: The
Fix Required: Change line 34 from: contains(fromJSON(vars.CLAUDE_AUTHORIZED_ROLES || '["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.sender.author_association)To: contains(fromJSON(vars.CLAUDE_AUTHORIZED_ROLES || '["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.issue.author_association)✅ Authorization Check AnalysisHere's the authorization implementation for each event type:
claude-code-review.yml:
🎛️ Parameterization Review✅ Excellent ImplementationThe parameterization is well-designed and follows GitHub Actions best practices: Strengths:
Configuration Variables: claude.yml:
claude-code-review.yml:
📚 Documentation Review✅ Comprehensive and Well-StructuredThe new Strengths:
Suggestions (minor):
🔐 Security Best Practices Review✅ Security Controls Implemented:
💡 Additional Security Recommendations:
🐛 Issues SummaryCritical Issues:
No Other Issues Found:
📋 RecommendationsMust Fix (Critical):
Optional Improvements:
✅ VerdictOverall: This is a high-quality PR that successfully addresses the critical security vulnerability and adds comprehensive parameterization. The implementation is well-designed, thoroughly documented, and follows best practices. Status: Once the line 34 bug is fixed, this PR is ready to merge! 🚀 |
|
Codex Review: Didn't find any major issues. More of your lovely PRs please. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Fix critical bug where issues event used github.event.sender.author_association instead of github.event.issue.author_association. The sender object does not have author_association for issues events, causing the check to always fail. This completely broke @claude mentions in issues (opened, assigned events). Fixes: #2 (comment)
1 participant
Overview
Addresses security vulnerability and adds comprehensive parameterization to Claude Code GitHub workflows.
Fixes: #1 (comment)
Security Fix (Critical) 🔒
The original workflows had a critical vulnerability where any external user could trigger Claude workflows that use
CLAUDE_CODE_OAUTH_TOKEN. This PR adds authorization checks to restrict workflow execution to trusted contributors only.Changes:
author_associationverification to all workflow triggersBefore: Any external commenter could trigger workflows → token exposure risk
After: Only trusted contributors can trigger workflows → token protected
Parameterization 🎛️
Extract repeated configuration values into GitHub Actions variables, enabling runtime configuration without code changes.
Configuration Variables Added:
Claude Assistant (claude.yml):
CLAUDE_AUTHORIZED_ROLES- Control who can trigger (default:["OWNER", "MEMBER", "COLLABORATOR"])CLAUDE_MENTION_TRIGGER- Customize trigger word (default:@claude)CLAUDE_CONCURRENCY_CANCEL- Enable canceling in-progress runs (default:false)CLAUDE_ALLOWED_TOOLS- Restrict tool access (default: unrestricted)CLAUDE_CUSTOM_PROMPT- Override default behavior (default: empty)Code Review (claude-code-review.yml):
CLAUDE_REVIEW_AUTHORIZED_ROLES- Who can trigger reviewsCLAUDE_REVIEW_CONCURRENCY_CANCEL- Cancel in-progress reviewsCLAUDE_REVIEW_ALLOWED_TOOLS- Tool restrictions (default: gh commands only)CLAUDE_REVIEW_CUSTOM_PROMPT- Custom review instructionsBenefits:
.github/CLAUDE_WORKFLOWS.mdDocumentation 📚
Added
.github/CLAUDE_WORKFLOWS.mdwith:Testing
Files Changed
.github/workflows/claude.yml- Security + parameterization.github/workflows/claude-code-review.yml- Security + parameterization.github/CLAUDE_WORKFLOWS.md- Configuration documentation (new)Example Usage
Restrict to repository owners only:
```bash
Settings → Secrets and variables → Actions → Variables
CLAUDE_AUTHORIZED_ROLES = ["OWNER"]
CLAUDE_REVIEW_AUTHORIZED_ROLES = ["OWNER"]
```
Use custom trigger:
```bash
CLAUDE_MENTION_TRIGGER = @bot
```
See
.github/CLAUDE_WORKFLOWS.mdfor more examples and complete documentation.