Fix the workflows (#428)

poad · amazon-q-developer[bot] · web-flow · commit 210852a4e594 · 2025-09-09T23:45:54.000+09:00
* Fix the workflows

* Fix the rules

* Update .amazonq/rules/review-rules.md

Co-authored-by: amazon-q-developer[bot] &lt;208079219+amazon-q-developer[bot]@users.noreply.github.com&gt;

* Update .amazonq/rules/review-rules.md

Co-authored-by: amazon-q-developer[bot] &lt;208079219+amazon-q-developer[bot]@users.noreply.github.com&gt;

* Add the rules

---------

Co-authored-by: amazon-q-developer[bot] &lt;208079219+amazon-q-developer[bot]@users.noreply.github.com&gt;
diff --git a/.amazonq/rules/review-rules.md b/.amazonq/rules/review-rules.md
@@ -0,0 +1,24 @@
+# Review Rules
+
+- Comments should be provided in Japanese by default, while maintaining English-based technical analysis to ensure review quality.
+- When you find a problem, suggest a solution.
+- If you find a problem that is not in the code, point it out.
+- Always evaluate security implications of code changes.
+- Check for potential vulnerabilities and secure coding practices.
+- Check for hardcoded credentials, API keys, and sensitive data
+- Verify no hardcoded credentials or secrets
+- Ensure proper input validation and sanitization
+- Check dependencies for known vulnerabilities
+- Verify proper input validation and sanitization
+- Ensure secure communication protocols (HTTPS, TLS)
+- Review permission and access control implementations
+- Check for proper error handling of security-related operations
+- Validate secure storage of sensitive data
+- Check for proper WebView configuration.
+- Secure data storage using Android Keystore, and safe handling of Intent data.
+- Since this is a Device Flow client, please verify OAuth 2.0 Device Flow-specific security considerations.
+  - Ensure that proper PKCE implementation is in place
+  - Ensure that secure token handling is implemented
+  - Ensure that state verification is performed
+  - Verify secure random number generation for state and PKCE values
+  - Check for proper timing attack mitigations in token comparisons
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,7 +5,6 @@ on:
     branches: [ main ]
   pull_request:
     branches: [ main ]
-  pull_request_target:
 
   workflow_dispatch:
 
