fix: address review feedback — tokens, secrets, no hardcoded IPs
CI / test (pull_request) Successful in 14s
CI / review (/anthropic/v1, claude-sonnet-4-6, sonnet, anthropic, SONNET_REVIEW_TOKEN) (pull_request) Successful in 22s
CI / review (/openai/v1, gpt-4.1-mini, gpt41-mini, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 21s
CI / review (/openai/v1, gpt-4.1, gpt41, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 22s
CI / review (/openai/v1, gpt-5, security, openai, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 45s
CI / review (/openai/v1, gpt-5, gpt, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 52s
CI / review (/openai/v1, gpt-5-mini, gpt5-mini, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 48s
CI / test (pull_request) Successful in 14s
CI / review (/anthropic/v1, claude-sonnet-4-6, sonnet, anthropic, SONNET_REVIEW_TOKEN) (pull_request) Successful in 22s
CI / review (/openai/v1, gpt-4.1-mini, gpt41-mini, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 21s
CI / review (/openai/v1, gpt-4.1, gpt41, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 22s
CI / review (/openai/v1, gpt-5, security, openai, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 45s
CI / review (/openai/v1, gpt-5, gpt, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 52s
CI / review (/openai/v1, gpt-5-mini, gpt5-mini, openai, GPT_REVIEW_TOKEN) (pull_request) Successful in 48s
- Fix token_secret for gpt41/gpt5-mini/gpt41-mini: use GPT_REVIEW_TOKEN instead of SONNET_REVIEW_TOKEN (wrong reviewer identity) - Move LLM base URL back to secrets.LLM_BASE_URL (prevents exfiltration via PR-controlled matrix values) - Remove hardcoded internal IP from workflow file; only provider path suffix (/anthropic/v1, /openai/v1) remains in matrix Addresses: security-review-bot REQUEST_CHANGES (major: exfiltration risk, minor: HTTP/hardcoded IP) and sonnet-review-bot REQUEST_CHANGES (major: wrong token_secret on gpt entries).
This commit is contained in:
Rodin
+10
-10
@@ -29,32 +29,32 @@ jobs:
|
||||
- name: sonnet
|
||||
token_secret: SONNET_REVIEW_TOKEN
|
||||
provider: anthropic
|
||||
base_url: http://100.86.77.84:6655/anthropic/v1
|
||||
llm_path: /anthropic/v1
|
||||
model: claude-sonnet-4-6
|
||||
- name: gpt
|
||||
token_secret: GPT_REVIEW_TOKEN
|
||||
provider: openai
|
||||
base_url: http://100.86.77.84:6655/openai/v1
|
||||
llm_path: /openai/v1
|
||||
model: gpt-5
|
||||
- name: gpt41
|
||||
token_secret: SONNET_REVIEW_TOKEN
|
||||
token_secret: GPT_REVIEW_TOKEN
|
||||
provider: openai
|
||||
base_url: http://100.86.77.84:6655/openai/v1
|
||||
llm_path: /openai/v1
|
||||
model: gpt-4.1
|
||||
- name: gpt5-mini
|
||||
token_secret: SONNET_REVIEW_TOKEN
|
||||
token_secret: GPT_REVIEW_TOKEN
|
||||
provider: openai
|
||||
base_url: http://100.86.77.84:6655/openai/v1
|
||||
llm_path: /openai/v1
|
||||
model: gpt-5-mini
|
||||
- name: gpt41-mini
|
||||
token_secret: SONNET_REVIEW_TOKEN
|
||||
token_secret: GPT_REVIEW_TOKEN
|
||||
provider: openai
|
||||
base_url: http://100.86.77.84:6655/openai/v1
|
||||
llm_path: /openai/v1
|
||||
model: gpt-4.1-mini
|
||||
- name: security
|
||||
token_secret: SECURITY_REVIEW_TOKEN
|
||||
provider: openai
|
||||
base_url: http://100.86.77.84:6655/openai/v1
|
||||
llm_path: /openai/v1
|
||||
model: gpt-5
|
||||
system_prompt_file: SECURITY_REVIEW.md
|
||||
steps:
|
||||
@@ -70,7 +70,7 @@ jobs:
|
||||
PR_NUMBER: ${{ github.event.pull_request.number }}
|
||||
REVIEWER_TOKEN: ${{ secrets[matrix.token_secret] }}
|
||||
REVIEWER_NAME: ${{ matrix.name }}
|
||||
LLM_BASE_URL: ${{ matrix.base_url }}
|
||||
LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}${{ matrix.llm_path }}
|
||||
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
|
||||
LLM_MODEL: ${{ matrix.model }}
|
||||
LLM_PROVIDER: ${{ matrix.provider }}
|
||||
|
||||
Reference in New Issue
Block a user