Skip to content

[Safe Outputs Conformance] IMP-002: Permission computation function missing from dedicated file #20090

Closed as not planned
Closed as not planned
[Safe Outputs Conformance] IMP-002: Permission computation function missing from dedicated file#20090
Labels
automatedconformancesafe-outputs
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 8, 2026

Conformance Check Failure

Check ID: IMP-002
Severity: HIGH
Category: Implementation

Problem Description

The conformance checker expects ComputePermissionsForSafeOutputs to be defined in a dedicated file pkg/workflow/safe_outputs_permissions.go. This file does not exist. The function is currently implemented inside pkg/workflow/safe_outputs_jobs.go (line 196), but the specification requires it to live in its own dedicated file for proper separation of concerns and discoverability.

The test file pkg/workflow/safe_outputs_permissions_test.go already exists and references this function, indicating the intent was always to have a dedicated implementation file.

Affected Components

  • Files:
    • Missing: pkg/workflow/safe_outputs_permissions.go
    • Current location: pkg/workflow/safe_outputs_jobs.go (lines 189–370+)
    • Test file: pkg/workflow/safe_outputs_permissions_test.go

Current Behavior

ComputePermissionsForSafeOutputs and its supporting helpers (buildAddCommentPermissions, etc.) are defined inside safe_outputs_jobs.go rather than in a dedicated safe_outputs_permissions.go file.

Expected Behavior

The permission computation logic should live in pkg/workflow/safe_outputs_permissions.go so that:

  1. The conformance checker can locate and verify it
  2. Permission logic is cleanly separated from job construction logic
  3. The test file safe_outputs_permissions_test.go pairs with a matching source file

Remediation Steps

This task can be assigned to a Copilot coding agent with the following steps:

  1. Create pkg/workflow/safe_outputs_permissions.go with the appropriate package declaration and build tags
  2. Move ComputePermissionsForSafeOutputs and all supporting permission-computation helper functions from safe_outputs_jobs.go into the new file
  3. Ensure the new file imports any packages needed by the moved functions
  4. Remove the moved code from safe_outputs_jobs.go (keeping only a reference comment if needed)
  5. Verify the package still compiles: go build ./pkg/workflow/...
  6. Run existing tests to confirm nothing broke: go test ./pkg/workflow/...

Verification

After remediation, verify the fix by running:

bash scripts/check-safe-outputs-conformance.sh

Check IMP-002 should pass without errors.

References

  • Safe Outputs Specification: docs/src/content/docs/reference/safe-outputs-specification.md
  • Conformance Checker: scripts/check-safe-outputs-conformance.sh
  • Run ID: §22825468903
  • Date: 2026-03-08

Generated by Daily Safe Outputs Conformance Checker ·

  • expires on Mar 9, 2026, 4:55 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automatedconformancesafe-outputs

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions