docs(security): add gitea owner response request packet

This commit is contained in:
Your Name
2026-05-18 10:50:46 +08:00
parent e65515617e
commit 4401dabc7b
32 changed files with 254 additions and 53 deletions

View File

@@ -41,6 +41,7 @@ LANES = [
"reject_execution_request",
"keep_waiting_owner_response",
],
"expected_request_packet_id": "s4_9_gitea_owner_attestation_response_request",
},
{
"lane_id": "s4_10_github_target_owner_decision_response",
@@ -170,6 +171,45 @@ def validate(root: Path) -> None:
assert_equal(f"{lane['lane_id']}.rejected_response_count", summary["rejected_response_count"], 0)
assert_equal(f"{lane['lane_id']}.acceptance_check_count", summary["acceptance_check_count"], 8)
assert_equal(f"{lane['lane_id']}.rejection_rule_count", summary["rejection_rule_count"], 10)
expected_request_packet_id = lane.get("expected_request_packet_id")
if expected_request_packet_id is not None:
request_packet = snapshot["owner_response_request_packet"]
assert_equal(
f"{lane['lane_id']}.owner_response_request_packet_count",
summary["owner_response_request_packet_count"],
1,
)
assert_equal(
f"{lane['lane_id']}.owner_response_request_packet_id",
request_packet["request_id"],
expected_request_packet_id,
)
assert_equal(
f"{lane['lane_id']}.owner_response_request_display_status",
request_packet["display_status"],
"ready_to_request_owner_response",
)
assert_equal(
f"{lane['lane_id']}.owner_response_request_template_ids",
request_packet["requested_template_ids"],
[
"response-public-only-vs-local-gitea-gap",
"response-org-user-endpoint-identity",
"response-internal-110-adjacent-scope",
"response-repo-owner-canonical-scope",
"response-legacy-or-inaccessible-disposition",
],
)
assert_equal(
f"{lane['lane_id']}.owner_response_request_awooop_display_mode",
request_packet["awooop_display_mode"],
"display_owner_response_request_only",
)
assert_false(
f"{lane['lane_id']}.owner_response_request_execution_authorized",
request_packet["execution_authorized"],
)
assert_true(f"{lane['lane_id']}.owner_response_request_not_approval", request_packet["not_approval"])
expected_preflight_checks = lane.get("expected_preflight_checks")
if expected_preflight_checks is not None:
intake_preflight_checks = snapshot["intake_preflight_checks"]