ci(supply-chain): skip scan on upstream-sync/* branches#2
Conversation
Upstream-sync PRs replay vendored upstream code (legitimate setup.py, sitecustomize.py, etc.) and predictably trip the install-hook detector, producing a false-positive CRITICAL finding on every sync. Skip the scan when the PR head branch starts with upstream-sync/ — the fork's main still gets scanned on every non-sync PR, which is where novel attack vectors would actually land. Observed on PR #1 (first 5928-commit upstream sync): scanner flagged hermes_cli/setup.py and skills/productivity/google-workspace/scripts/setup.py, both unmodified vendored upstream files.
liberathio
left a comment
liberathio
left a comment
There was a problem hiding this comment.
Aeon Review — 2026-04-26
LGTM. Clean, minimal CI fix with good documentation.
The if: ${{ !startsWith(...) }} condition on the job level is the right place — the workflow still fires, the job is just skipped with a visible status, which is better than suppressing the trigger entirely.
One note to keep in mind: Branch names are user-controlled, so any external contributor could create a PR from a branch named upstream-sync/foo to bypass the scan. This is low risk for a controlled repo where external PRs are rare or disabled, and your comment correctly notes that the fork's main branch still gets full coverage. If the repo ever opens to external contributors, consider adding a second condition to check that the PR author is a known bot/automated account (e.g., via github.actor).
No blockers. Ready to merge.
liberathio
left a comment
liberathio
left a comment
There was a problem hiding this comment.
Aeon Code Review — 2026-04-28
Clean, minimal CI fix. The if: condition correctly targets only the pull_request event via github.event.pull_request.head.ref, and the comment explains the rationale clearly.
One consideration: The upstream-sync/ prefix is a naming convention, not an enforced boundary. Someone could create a branch upstream-sync/malicious-payload and skip the scan. The tradeoff is acceptable for a fork sync workflow (the fork's main still gets scanned on all non-sync PRs), but worth documenting as an assumed trust boundary — which the comment already partially does.
OK to merge.
1 participant
Summary
Upstream-sync PRs replay vendored upstream code (legitimate
setup.py,sitecustomize.py, etc.) and predictably trip the install-hook detector, producing a false-positive CRITICAL finding on every sync.This adds an
if:guard so the scan is skipped when the PR head branch starts withupstream-sync/. The fork'smainis still scanned on every non-sync PR — which is where novel attack vectors would actually land.Why now
PR #1 (first 5928-commit upstream sync from
NousResearch/hermes-agent@main) was flagged by the scanner on:hermes_cli/setup.pyskills/productivity/google-workspace/scripts/setup.pyBoth files are unmodified vendored upstream code. Without this guard, every weekly sync from the new
sync-upstream.ymlworkflow will need an admin override.Risk
Low. The detector still runs on:
mainupstream-sync/*Branch-name spoofing is not a realistic threat here because branch creation requires write access to the fork, which is the same trust boundary the scanner already assumes.
Test plan
if:line on the existing job)skipped, notfailed🤖 Generated with Claude Code