Skip to content

ci: gate call-check-tflite-files behind approval-gate#3530

Open
adilburaksen wants to merge 1 commit into
tensorflow:mainfrom
adilburaksen:fix/gate-check-tflite-files-job
Open

ci: gate call-check-tflite-files behind approval-gate#3530
adilburaksen wants to merge 1 commit into
tensorflow:mainfrom
adilburaksen:fix/gate-check-tflite-files-job

Conversation

@adilburaksen
Copy link
Copy Markdown

@adilburaksen adilburaksen commented Apr 15, 2026
edited
Loading

Summary

The call-check-tflite-files job in pr_test.yml was the only CI job that did not require [gatekeeper, approval-gate]. All other call-* jobs are gated, but this one ran unconditionally on every pull_request_target event.

Root Cause

check_tflite_files.yml checks out the PR's head.sha (i.e. fork code) and executes tensorflow/lite/micro/tools/ci_build/check_tflite_files.sh from that checkout — running untrusted contributor code in the base repository's workflow context with GITHUB_TOKEN exposed via the TFLM_BOT_TOKEN environment variable.

Fix

Add needs: [gatekeeper, approval-gate] to call-check-tflite-files to match all other CI jobs in this workflow.

Alternative (stronger fix)

check_tflite_files.yml does not need to execute any contributor-provided code at all. The PR file list can be fetched entirely via the GitHub API using the base repository's token, without checking out fork code. Consider refactoring to:

  1. Checkout only the base branch (no ref: override)
  2. Use curl -H "Authorization: Bearer $TFLM_BOT_TOKEN" .../pulls/$PR_NUMBER/files with the base repo's token

This would make the check safe to run ungated.

BUG=N/A

@adilburaksen
ci: gate call-check-tflite-files behind approval-gate
4929a01 
The call-check-tflite-files job was the only CI job in pr_test.yml
that lacked a dependency on gatekeeper/approval-gate. All other
call-* jobs require [gatekeeper, approval-gate], but this job ran
unconditionally for every pull_request_target event.

This means check_tflite_files.yml was checking out the fork's HEAD
SHA and executing tensorflow/lite/micro/tools/ci_build/check_tflite_files.sh
from the fork's tree in the context of the base repository's workflow,
exposing GITHUB_TOKEN to untrusted code.

Fix: add needs: [gatekeeper, approval-gate] to bring this job in
line with all other CI jobs in this workflow.
@adilburaksen adilburaksen requested a review from veblush as a code owner April 15, 2026 22:41
@adilburaksen
Copy link
Copy Markdown
Author

adilburaksen commented Apr 17, 2026

Hi @veblush — gentle ping. Updated the PR description to add the BUG=N/A line so "Check Bug ID" should pass on the next sync. The change brings call-check-tflite-files in line with [gatekeeper, approval-gate], matching every other call-* job in pr_test.yml. Happy to adjust or split into the safer refactor described in the Alternative section if that's preferred. Thanks!

@adilburaksen
Copy link
Copy Markdown
Author

adilburaksen commented May 16, 2026

Hi @veblush — pinging again in case this got lost in the queue.

This is a one-line security fix: call-check-tflite-files was the only ungated call-* job in pr_test.yml. Every other call-* job has needs: [gatekeeper, approval-gate], but this one ran unconditionally on pull_request_target events, executing fork code (head.sha checkout + check_tflite_files.sh) in the base repository's CI context with TFLM_BOT_TOKEN available.

The fix brings it in line with the existing gating pattern — no functional change to what the job does, just when it runs.

Happy to do the stronger refactor (API-only file list, no fork checkout) if that's preferred, but this minimal fix closes the immediate exposure. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@veblush veblush Awaiting requested review from veblush veblush is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adilburaksen