fix: add repository guard to workflow_run test jobs to prevent fork code execution

[adilburaksen]

Summary

custard-run.yaml and custard-run-dev.yaml both trigger on workflow_run when the Custard CI workflow starts. The test job checks out and executes the fork's code with live GCP credentials (kokoro-system-test@long-door-651) without verifying that the triggering workflow came from the same repository.

Attack: Any GitHub user with a previously merged PR (bypassing first-time-contributor approval) can open a fork PR and have their Makefile execute on Google's CI runner with live GCP WIF credentials.

Fix

Adds an if: guard to the test job in both workflow files:

if: |
  needs.affected.outputs.paths != '[]' &&
  (github.event_name != 'workflow_run' ||
   github.event.workflow_run.head_repository.full_name == github.repository)

This ensures that for workflow_run triggers, only PRs from the same repository (not forks) proceed to the GCP-authenticated test step.

Files Changed

• .github/workflows/custard-run.yaml — added repository guard to test job
• .github/workflows/custard-run-dev.yaml — same fix applied

References

• GitHub Security Lab: Preventing pwn requests
• Related: google/adk-samples#1728 (same pattern, fixed)

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.