Skip to content

Revert "fix: prevent code injection and untrusted checkout in CI workflows (#1728)"#1871

Merged
tamer-hassan-tether merged 2 commits into
mainfrom
revert-pr-1728
May 2, 2026
Merged

Revert "fix: prevent code injection and untrusted checkout in CI workflows (#1728)"#1871
tamer-hassan-tether merged 2 commits into
mainfrom
revert-pr-1728

Conversation

@tamer-hassan-tether

@tamer-hassan-tether tamer-hassan-tether commented May 2, 2026

Copy link
Copy Markdown
Contributor

Reverts commit a79602f, with two intentional exclusions noted below.

Excluded from this revert:

All other changes from #1728 are reverted.

@tamer-hassan-tether @cursoragent
Revert "fix: prevent code injection and untrusted checkout in CI work…
688e0fe 
…flows (#1728)"

Reverts commit a79602f, with two
intentional exclusions noted below.

Excluded from this revert:
- .github/actions/run-lint-and-unit-tests/action.yaml: kept at its
  current state on main; the env-var indirection #1728 introduced for
  npm-token/pat-token in the .npmrc-configuration step is preserved.
- .github/workflows/cpp-lint.yaml: net effect on this file is zero.
  PR #1829 (commit 65bd746) later rewrote the same `cpp-lint` job and
  added `id-token: write` to the `permissions` block originally
  introduced by #1728. The `permissions` block is preserved as-is
  (contents: read + id-token: write) because #1829's AWS OIDC
  integration depends on it.

All other changes from #1728 are reverted.

Co-authored-by: Cursor <cursoragent@cursor.com>
@tamer-hassan-tether tamer-hassan-tether requested review from a team as code owners May 2, 2026 06:23
github-advanced-security[bot]
github-advanced-security AI found potential problems May 2, 2026
View reviewed changes
Comment thread .github/actions/sanity-checks/action.yaml Fixed
gianni-cor
gianni-cor previously approved these changes May 2, 2026
View reviewed changes
@github-actions

github-actions Bot commented May 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Tier-based Approval Status

**PR Tier:** TIER1

**Current Status:** ✅ APPROVED

**Requirements:**
- 1 Team Member approval ❌ (0/1)
- 1 Team Lead OR Management approval ✅ (2/1)

**Bypass rule:** Triggered (2+ Team Lead approvals (Tier 1 exception)). This PR is approved regardless of tier.

---
*This comment is automatically updated when reviews change.*

jpgaribotti
jpgaribotti previously approved these changes May 2, 2026
View reviewed changes
@jpgaribotti

jpgaribotti commented May 2, 2026

Copy link
Copy Markdown
Contributor

/review

@tamer-hassan-tether @github-advanced-security
Potential fix for pull request finding 'CodeQL / Code injection'
57b9015 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@GSServita GSServita mentioned this pull request May 28, 2026
Merged
9 tasks
@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

❌ E2E Mobile Test Results - iOS

Overall Status: FAILED
Device Farm Result: UNKNOWN
Platform: iOS
Addon: @qvac/translation-nmtcpp
PR: #1871
Commit: e788660

Test Summary

Metric Count
Total Tests 0
✅ Passed 0
❌ Failed 0
⏭️ Skipped 0

Links

Automated E2E mobile testing powered by AWS Device Farm
Tests located in: test/mobile/

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

❌ E2E Mobile Test Results - Android

Overall Status: FAILED
Device Farm Result: UNKNOWN
Platform: Android
Addon: @qvac/translation-nmtcpp
PR: #1871
Commit: e788660

Test Summary

Metric Count
Total Tests 0
✅ Passed 0
❌ Failed 0
⏭️ Skipped 0

Links

Automated E2E mobile testing powered by AWS Device Farm
Tests located in: test/mobile/

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

❌ E2E Mobile Test Results - iOS

Overall Status: FAILED
Device Farm Result: UNKNOWN
Platform: iOS
Addon: @qvac/translation-nmtcpp
PR: #1871
Commit: e788660

Test Summary

Metric Count
Total Tests 0
✅ Passed 0
❌ Failed 0
⏭️ Skipped 0

Links

Automated E2E mobile testing powered by AWS Device Farm
Tests located in: test/mobile/

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

❌ E2E Mobile Test Results - Android

Overall Status: FAILED
Device Farm Result: UNKNOWN
Platform: Android
Addon: @qvac/translation-nmtcpp
PR: #1871
Commit: e788660

Test Summary

Metric Count
Total Tests 0
✅ Passed 0
❌ Failed 0
⏭️ Skipped 0

Links

Automated E2E mobile testing powered by AWS Device Farm
Tests located in: test/mobile/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jpgaribotti jpgaribotti jpgaribotti approved these changes

@gianni-cor gianni-cor gianni-cor approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tamer-hassan-tether @jpgaribotti @gianni-cor @github-advanced-security