Harden input interpolation and pin binfmt image#2
Merged
Conversation
Pass action inputs through env vars instead of interpolating
${{ inputs.* }} directly into run: shell bodies, closing the
script-injection path flagged by GitHub's hardening guidance.
The App token likewise moves to an env var so it is no longer
baked into the NIX_CONFIG script text.
Also pin the tonistiigi/binfmt image (was implicit :latest) and
add a checkout opt-out to update-flake, matching the CI action.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Hardens both composite actions against shell script injection and removes a couple of supply-chain / ergonomics gaps surfaced in a review.
Changes
action.yml) — every${{ inputs.* }}that was expanded directly into arun:shell body now flows through anenv:block and is referenced as a quoted shell variable (TRUST_FLAKE,EMULATE_SYSTEMS,FLAKE_CHECK_ARGS,BUILD_HOSTS,BUILD_DEVSHELLS,BUILD_ATTRS,BUILD_ARGS,MATRIX_NAME,CHECKS,HEAD_SHA,DEVSHELL). Follows GitHub's hardening guidance: composite-action inputs can carry untrusted data, so they should never be interpolated into run steps. Word-splitting behavior for the args inputs is preserved.APP_TOKENenv var instead of being interpolated into the NIX_CONFIG script text.tonistiigi/binfmt— was implicit:latest, nowtonistiigi/binfmt:qemu-v9.2.2.update-flakecheckout opt-out — added acheckoutinput (default"true") gating the checkout step, matching the CI action; documented in the README.Verification
${{ ... }}remains inside anyrun:body (survivors are all inwith:/env:/value:/action fields).No behavior change for existing callers. Third-party actions were all already on current major versions, so no version bumps were needed.