From 4929a01843cc074e63e98d9d59530b937fa641d2 Mon Sep 17 00:00:00 2001
From: adilburaksen <adilburaksen@gmail.com>
Date: Thu, 16 Apr 2026 01:41:20 +0300
Subject: [PATCH] ci: gate call-check-tflite-files behind approval-gate

The call-check-tflite-files job was the only CI job in pr_test.yml
that lacked a dependency on gatekeeper/approval-gate. All other
call-* jobs require [gatekeeper, approval-gate], but this job ran
unconditionally for every pull_request_target event.

This means check_tflite_files.yml was checking out the fork's HEAD
SHA and executing tensorflow/lite/micro/tools/ci_build/check_tflite_files.sh
from the fork's tree in the context of the base repository's workflow,
exposing GITHUB_TOKEN to untrusted code.

Fix: add needs: [gatekeeper, approval-gate] to bring this job in
line with all other CI jobs in this workflow.
---
 .github/workflows/pr_test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 48a2d91a83b..2140cef71aa 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -64,6 +64,8 @@ jobs:
         run: echo "CI Authorized."
 
   call-check-tflite-files:
+    needs: [gatekeeper, approval-gate]
+    if: needs.gatekeeper.outputs.scope != 'none'
     uses: ./.github/workflows/check_tflite_files.yml
     with:
       trigger-sha: ${{ github.event.pull_request.head.sha }}