ci(security): OIDC trusted-publishing + SHA-pin GitHub Actions#46
Merged
Conversation
H-1: release.yml PyPI publish migrates from long-lived PYPI_API_TOKEN to trusted publishing (OIDC) — publish-pypi job gains 'environment: pypi' + 'permissions: id-token: write'; the password/secret directive is removed. Closes the token-exfil -> malicious-publish supply-chain risk. M-1: pin all actions/* to full commit SHA (checkout v6, setup-python v6, upload-artifact v7, download-artifact v8) with '# vN' comment for readability and Dependabot compatibility. pypa/gh-action-pypi-publish pinned to the org-standard release/v1 SHA. github/codeql-action left on its major tag (v4) by design (GitHub-maintained; pinning risks a stale CodeQL bundle). Operator one-time step: add a PyPI trusted publisher for project instinct-mcp (owner WRG-11, repo instinct, workflow release.yml, env pypi), then delete the PYPI_API_TOKEN repo secret. Publish stays inert until then.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security-hygiene fixes routed from the H R89-103h WRG-11 13-repo sweep (findings H-1 + M-1). CI/workflow only — no application code, no repo Settings changes.
H-1 (HIGH) — PyPI trusted publishing (OIDC)
release.ymlpublish-pypijob moves off the long-livedPYPI_API_TOKENrepo secret to OIDC trusted publishing:environment: pypi+permissions: id-token: writepassword: ${{ secrets.PYPI_API_TOKEN }}directiveThis closes the token-exfil → malicious-publish supply-chain risk and brings
instinctin line withwrg-devguard/wrg-mcp-server/wrg-rule-lab(already OIDC).owner
WRG-11, repoinstinct, workflowrelease.yml, environmentpypi.PYPI_API_TOKENrepo secret (no longer used).M-1 (MED) — SHA-pin GitHub Actions
All
actions/*pinned to a full 40-char commit SHA with a# vNcomment (readability + Dependabot bumps the comment):actions/checkout→de0fac2e…# v6actions/setup-python→a309ff8b…# v6actions/upload-artifact→043fb46d…# v7actions/download-artifact→3e5f45b2…# v8pypa/gh-action-pypi-publish→cef22109…# release/v1 (org-standard pin)Mitigates the mutable-tag (tag-repoint) supply-chain vector across
ci.yml,codeql.yml,release.yml.Note:
github/codeql-actionis intentionally left on its major tag (@v4) — it is GitHub-maintained security tooling and pinning it risks running a stale CodeQL bundle (detection degradation).Do not merge — operator + V-gate (R89-105b).