security: pin GitHub Actions to immutable commit SHAs#2
Open
gabehamilton wants to merge 1 commit intojuxt:mainfrom
Open
security: pin GitHub Actions to immutable commit SHAs#2gabehamilton wants to merge 1 commit intojuxt:mainfrom
gabehamilton wants to merge 1 commit intojuxt:mainfrom
Conversation
Replace floating tag references (e.g. @v4) with immutable commit SHAs in the release workflow. Floating tags can be silently moved to point to different (potentially malicious) commits, enabling a supply chain attack that publishes tampered binaries to PyPI. Tag names are preserved as comments for human readability. Update SHAs deliberately when upgrading action versions. Actions pinned: - actions/checkout@v4 -> 34e1148 (v4.3.1) - actions/setup-go@v5 -> 40f1582 (v5.6.0) - astral-sh/setup-uv@v4 -> 38f3f10 (v4.2.0) - actions/upload-artifact@v4 -> ea165f8 (v4.6.2) - actions/download-artifact@v4 -> d3f86a1 (v4.3.0) - pypa/gh-action-pypi-publish@release/v1 -> ed0c539 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/publish.yml) references GitHub Actions using floating tags (@v4,@v5,@release/v1) that can be silently moved to point to different commitsActions pinned
actions/checkout@v434e114876b0b11c390a56381ad16ebd13914f8d5actions/setup-go@v540f1582b2485089dde7abd97c1529aa768e1baffastral-sh/setup-uv@v438f3f104447c67c051c4a08e39b64a148898af3aactions/upload-artifact@v4ea165f8d65b6e75b540449e92b4886f43607fa02actions/download-artifact@v4d3f86a106a0bac45b974a628896c90dbdf5c8093pypa/gh-action-pypi-publish@release/v1ed0c53931b1dc9bd32cbe73a98c7f6766f8a527eWhy this matters
GitHub Actions tags are mutable references. A compromised maintainer account or a supply chain attack on any of these action repositories could move a tag to point to malicious code. Since this workflow publishes to PyPI, the blast radius of such an attack would extend to every user who installs the package.
Pinning to commit SHAs ensures the exact code that runs in CI is the code that was reviewed and trusted at pin time.
Test plan
gh api repos/<owner>/<repo>/commits/<sha>🤖 Generated with Claude Code