From bd4547b61307637be124c774743c62bbbfea4c46 Mon Sep 17 00:00:00 2001
From: H-Chris233 <h-chris233@outlook.com>
Date: Wed, 6 May 2026 07:36:49 +0800
Subject: [PATCH] Pin PR-Agent runtime while preserving automatic reviews

The workflow must keep reviewing every PR and every pushed commit automatically, including fork PRs, so the hardening focuses on pinning the code that actually runs in the secrets-bearing job. The wrapper action commit still delegates to a mutable Docker tag, so the workflow now calls the PR-Agent container by immutable digest directly.

Constraint: Maintainer preference is automatic PR-Agent coverage for each PR and synchronize event.

Constraint: Issue #222 requires removing mutable third-party execution refs from the secrets-bearing path.

Rejected: Pin only the action repository commit | the wrapper Dockerfile still resolves pragent/pr-agent:github_action at runtime.

Rejected: Require trusted comment triggers for fork PRs | too inconvenient because new commits would not be reviewed automatically.

Confidence: medium

Scope-risk: moderate

Directive: If fork PR automation remains required, keep the runtime container digest-pinned and do not checkout PR head code in this workflow.

Tested: Parsed .github/workflows/pr-agent.yml with PyYAML and asserted docker:// sha256 form; git diff --check; grep confirmed no action ref or github_action tag remains in the workflow.

Not-tested: Live GitHub Actions execution or Docker Hub digest pull from this host.

Related: https://github.com/appergb/openless/issues/222
---
 .github/workflows/pr-agent.yml | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr-agent.yml b/.github/workflows/pr-agent.yml
index 3bd7cc18..bf95e81d 100644
--- a/.github/workflows/pr-agent.yml
+++ b/.github/workflows/pr-agent.yml
@@ -1,8 +1,9 @@
 name: PR-Agent
 
 on:
-  # 使用 pull_request_target，让外部 PR 也能读取仓库 Secrets，并获得声明的写权限。
-  # 本 workflow 不 checkout / 执行 PR 分支代码，只让 PR-Agent 通过 GitHub API 读取 diff。
+  # 使用 pull_request_target 让同仓库与外部 fork PR 都能自动运行 PR-Agent，
+  # 并在 synchronize 事件跟进每次新 commit。
+  # 本 workflow 不 checkout / 执行 PR 分支代码，只让 digest-pinned PR-Agent 镜像通过 GitHub API 读取 diff。
   pull_request_target:
     types: [opened, reopened, ready_for_review, synchronize]
   issue_comment:
@@ -10,17 +11,31 @@ on:
 
 jobs:
   pr_agent_job:
-    if: ${{ github.event.sender.type != 'Bot' && (github.event_name != 'issue_comment' || github.event.issue.pull_request) }}
+    # PR 与每次新 commit 自动运行；评论触发仍限制为可信成员，避免任意评论滥用 Secrets。
+    if: >-
+      ${{
+        github.event.sender.type != 'Bot' &&
+        (
+          github.event_name == 'pull_request_target' ||
+          (
+            github.event_name == 'issue_comment' &&
+            github.event.issue.pull_request &&
+            contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
+          )
+        )
+      }}
     runs-on: ubuntu-latest
 
     permissions:
+      # PR-Agent 需要在 PR/issue 上评论，并通过 GitHub API 读取 diff/文件内容。
       issues: write
       pull-requests: write
       contents: read
 
     steps:
       - name: Run PR Agent
-        uses: the-pr-agent/pr-agent@main
+        # Pin the actual PR-Agent container image because this job can access repo Secrets.
+        uses: docker://pragent/pr-agent@sha256:a0b36966ca3a197ca739fa1e65c16703076fc1c744cd423ca203b8c21707d71c
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}