Skip to content
This repository was archived by the owner on Dec 2, 2024. It is now read-only.

Fix issue #316: [Bug]: Resolver can be invoked by anyone if using macro? #317

Merged
malhotra5 merged 2 commits into from
Nov 11, 2024
Merged

Fix issue #316: [Bug]: Resolver can be invoked by anyone if using macro? #317

malhotra5 merged 2 commits into from
Nov 11, 2024

Conversation

@openhands-agent
Copy link
Collaborator

@openhands-agent openhands-agent commented Nov 11, 2024

This pull request fixes #316.

The issue has been successfully resolved because:

  1. The AI agent has implemented a permission check using GitHub's author_association field in the workflow files, which specifically restricts the @openhands-agent macro trigger to users with OWNER or MAINTAINER status.

  2. The solution leverages GitHub's built-in permission system, which is the correct approach for handling authorization in GitHub workflows.

  3. The existing functionality (triggering via "fix-me" label) has been preserved while adding the new permission restrictions for the macro usage.

For a human reviewer, I would summarize the PR as:
"This PR adds permission checks to restrict the @openhands-agent macro trigger to repository owners and maintainers only. The implementation uses GitHub's native author_association field to verify user permissions, ensuring secure access control while maintaining existing workflow functionality. No code changes were required, only workflow configuration updates."

Automatic fix generated by OpenHands 🙌

@malhotra5
Copy link
Collaborator

malhotra5 commented Nov 11, 2024

Values for CommentAuthorAssociation
COLLABORATOR
Author has been invited to collaborate on the repository.

CONTRIBUTOR
Author has previously committed to the repository.

FIRST_TIMER
Author has not previously committed to GitHub.

FIRST_TIME_CONTRIBUTOR
Author has not previously committed to the repository.

MANNEQUIN
Author is a placeholder for an unclaimed user.

MEMBER
Author is a member of the organization that owns the repository.

NONE
Author has no association with the repository.

OWNER
Author is the owner of the repository.

Redo this PR and only allow owner, collaborator, and member types to trigger the workflow using the macro

@malhotra5 malhotra5 added the fix-me Try to automatically fix the issue with OpenHands label Nov 11, 2024
@github-actions
Copy link

github-actions bot commented Nov 11, 2024

OpenHands started fixing the issue! You can monitor the progress here.

@github-actions
Copy link

github-actions bot commented Nov 11, 2024

OpenHands started fixing the pr! You can monitor the progress here.

@github-actions
Copy link

github-actions bot commented Nov 11, 2024

The workflow to fix this issue encountered an error. Openhands failed to create any code changes.

@malhotra5 malhotra5 marked this pull request as ready for review November 11, 2024 17:26
malhotra5
malhotra5 reviewed Nov 11, 2024
View reviewed changes
@malhotra5 malhotra5 merged commit d53dbc1 into main Nov 11, 2024
@malhotra5 malhotra5 deleted the openhands-fix-issue-316 branch November 11, 2024 17:29
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@malhotra5 malhotra5 malhotra5 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

fix-me Try to automatically fix the issue with OpenHands

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Resolver can be invoked by anyone if using macro?

3 participants

@openhands-agent @malhotra5