From 4996d1cfbac84a8bae3038dadfb628a6cbedba75 Mon Sep 17 00:00:00 2001
From: mrciffa <49000955+davide221@users.noreply.github.com>
Date: Wed, 10 Jun 2026 13:38:17 +0200
Subject: [PATCH] ci: run self-hosted GPU tests on fork PRs (behind run
 approval)

The same-repo guard skipped the RTX 3090 and gfx1151 jobs for every fork
PR, silently dropping the strongest signal this CI produces exactly where
review needs it most (outside contributions).

The repo already enforces approval_policy=all_external_contributors, so
no fork code can run anywhere (hosted or self-hosted) until a maintainer
inspects the push and approves the run. Rely on that human checkpoint
instead of skipping the GPU jobs outright.

Co-Authored-By: WOZCODE <contact@withwoz.com>
---
 .github/workflows/ci.yml | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5129cb8c9..46919debe 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -115,14 +115,12 @@ jobs:
     # kernels for sm_86 but execute on GPU-less VMs, so the kernel never runs.
     # This job lands on lucebox3 (RTX 3090) and actually executes it.
     #
-    # SECURITY: a self-hosted runner must never execute untrusted fork code.
-    # This guard restricts the job to same-repo PRs (head repo == this repo)
-    # and manual dispatch, so fork PRs against this public repo skip it
-    # entirely and never run on the box. The ubuntu-latest jobs above still
-    # run for forks (safe, ephemeral GitHub VMs).
-    if: >-
-      github.event_name == 'workflow_dispatch' ||
-      github.event.pull_request.head.repo.full_name == github.repository
+    # SECURITY: fork PRs DO run here, but only after a maintainer approves the
+    # workflow run. The repo enforces approval_policy=all_external_contributors,
+    # so every push from an outside collaborator parks the run as
+    # action_required until a maintainer reviews the diff and approves it.
+    # That human checkpoint is the line of defense for the self-hosted box;
+    # do not weaken the approval policy while this job runs fork code.
     # Gate only on the 1-minute workspace check, NOT the ~18-minute hosted
     # CPU build: the GPU job compiles the same tree itself in ~2 minutes on
     # real hardware, so serializing it behind the cloud build only delayed
@@ -190,11 +188,8 @@ jobs:
     # faults on gfx1151); hipcc is not on the runner's minimal PATH, so it is
     # invoked by absolute path.
     #
-    # SECURITY: same fork guard as gpu-tests - never execute untrusted fork
-    # code on the self-hosted box. Fork PRs skip this job.
-    if: >-
-      github.event_name == 'workflow_dispatch' ||
-      github.event.pull_request.head.repo.full_name == github.repository
+    # SECURITY: same model as gpu-tests - fork PRs run only after a maintainer
+    # approves the workflow run (approval_policy=all_external_contributors).
     # Gate only on the 1-minute workspace check, NOT the ~18-minute hosted
     # CPU build: the GPU job compiles the same tree itself in ~2 minutes on
     # real hardware, so serializing it behind the cloud build only delayed