atmos git clone Refuses Unsafe Fork Checkouts by Default
atmos git clone is Atmos's native replacement for actions/checkout. Mirroring the
actions/checkout v7 hardening,
it now refuses by default to clone untrusted fork content under the elevated
pull_request_target and workflow_run events — the classic "pwn request" where fork code
would run with your repository's secrets. A grep-able opt-in is available for the rare case
you genuinely need it.
What Changed
When you run atmos git clone inside a pull_request_target or workflow_run workflow —
which execute with your base repository's secrets, GITHUB_TOKEN, and cloud credentials —
Atmos now refuses to clone fork content unless you explicitly opt in. The gate triggers only
on the genuinely dangerous combination:
- an explicit
--branch/ ref override that is a pull-request ref (e.g.refs/pull/<N>/mergeorrefs/pull/<N>/head), or - an ad hoc clone URI whose
owner/repodiffers from the baseGITHUB_REPOSITORY.
The safe no-arg checkout (your base repository at its base ref) is never gated, and the
low-privilege pull_request, push, and merge_group events are unaffected.
Why This Matters
pull_request_target and workflow_run are exactly the events GitHub hardened in
actions/checkout v7, because checking out a fork's PR code while holding the base
repository's secrets lets a malicious contributor exfiltrate those secrets. Since
atmos git clone fills the same role as actions/checkout, it inherited the same risk — and
now it gets the same fail-closed default.
How to Use It
Nothing to do for the common case: base checkouts and pull_request workflows keep working.
For fork contributions, prefer a pull_request workflow (fork secrets are withheld) for any
clone-and-plan, and reserve pull_request_target / workflow_run for trusted, secret-free
steps.
If you have a deliberate, reviewed reason to bypass the gate, the opt-in is intentionally easy to spot in code review and static analysis:
# atmos.yaml
ci:
allow_unsafe_fork_execution: true
or per-invocation via the --allow-unsafe-fork flag or the
ATMOS_ALLOW_UNSAFE_FORK_EXECUTION environment variable.
Get Involved
See the atmos git clone docs for the full
behavior matrix, and the CI configuration reference for the opt-in
setting.
