From e2e4e5ef0976c4dd7920d639e682dd74676c927e Mon Sep 17 00:00:00 2001 From: "n8n-cat-bot[bot]" <283985454+n8n-cat-bot[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 12:17:54 +0300 Subject: [PATCH] ci: Reduce eval secret exposure on test-evals-ai-reusable (#31347) Co-authored-by: n8n-cat-bot[bot] --- .github/workflows/test-evals-ai-reusable.yml | 23 +++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-evals-ai-reusable.yml b/.github/workflows/test-evals-ai-reusable.yml index 98f1614df72..6228cb52924 100644 --- a/.github/workflows/test-evals-ai-reusable.yml +++ b/.github/workflows/test-evals-ai-reusable.yml @@ -36,12 +36,21 @@ jobs: evals: name: Run ${{ inputs.suite }} Evaluations runs-on: blacksmith-2vcpu-ubuntu-2204 - env: - N8N_AI_ANTHROPIC_KEY: ${{ secrets.EVALS_ANTHROPIC_KEY }} - LANGSMITH_TRACING: true - LANGSMITH_ENDPOINT: ${{ secrets.EVALS_LANGSMITH_ENDPOINT }} - LANGSMITH_API_KEY: ${{ secrets.EVALS_LANGSMITH_API_KEY }} steps: + - name: Validate branch input + env: + BRANCH: ${{ inputs.branch }} + run: | + # Allowlist of refs permitted to run on this job. The job exposes + # secrets to code checked out from `BRANCH`, so anything outside the + # allowlist is rejected to prevent arbitrary refs from accessing them. + if [[ "$BRANCH" =~ ^(master|ai/.+|ai-.+)$ ]]; then + echo "Branch '$BRANCH' is allowed." + else + echo "::error::Branch '$BRANCH' is not in the allowlist. Permitted patterns: master, ai/*, ai-*" + exit 1 + fi + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.branch }} @@ -97,6 +106,10 @@ jobs: - name: Run Evaluations working-directory: packages/@n8n/ai-workflow-builder.ee/evaluations env: + N8N_AI_ANTHROPIC_KEY: ${{ secrets.EVALS_ANTHROPIC_KEY }} + LANGSMITH_TRACING: true + LANGSMITH_ENDPOINT: ${{ secrets.EVALS_LANGSMITH_ENDPOINT }} + LANGSMITH_API_KEY: ${{ secrets.EVALS_LANGSMITH_API_KEY }} SUITE: ${{ inputs.suite }} DATASET: ${{ inputs.dataset }} REPETITIONS: ${{ inputs.repetitions }}