Plug in workflow restrictions to TEEs

[nolag]

No description provided.

[github-actions]

👋 nolag, thanks for creating this pull request!

To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team.

Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks!

[github-actions]

CORA - Pending Reviewers

All codeowners have approved! ✅

Legend: ✅ Approved | ❌ Changes Requested | 💬 Commented | 🚫 Dismissed | ⏳ Pending | ❓ Unknown

For more details, see the full review summary.

[github-actions]

I see you updated files related to core. Please run make gocs in the root directory to add a changeset as well as in the text include at least one of the following tags:

• #added For any new functionality added.
• #breaking_change For any functionality that requires manual action for the node to boot.
• #bugfix For bug fixes.
• #changed For any change to the existing functionality.
• #db_update For any feature that introduces updates to database schema.
• #deprecation_notice For any upcoming deprecation functionality.
• #internal For changesets that need to be excluded from the final changelog.
• #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
• #removed For any functionality/config that is removed.
• #updated For any functionality that is updated.
• #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

[github-actions]

✅ No conflicts with other open PRs targeting develop

[trunk-io]

     

Failed Test	Failure Summary	Logs
Test_CCIPTokenTransfer_Sui2EVM_LockReleaseTokenPool_Revert		Logs ↗︎

View Full Report ↗︎ ⋅ Docs

[vreff]

where are these actually checked? In a different PR?

[nolag]

Yeah, this is a proto in chainlink-protos. We pull in the generated code from chainlink-common.

This PR, you may need to expand the file.

[vreff]

Right, but where does the relay check the restrictions against the secrets requested? Has that already been merged?

[nolag]

It's checked here, common does the heavy lifting when you create the module here. Core was already updated to use the selecting module :).

[vreff]

Cool!

[cl-sonarqube-production]

Quality Gate passed

Issues
2 New issues
1 Fixed issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.2% Duplication on New Code

See analysis details on SonarQube