From 0230399dae9863a21273229698c524e1e2a9d650 Mon Sep 17 00:00:00 2001
From: WRG-11 <yakuphan.yucel13@gmail.com>
Date: Sat, 30 May 2026 23:07:58 +0300
Subject: [PATCH] ci(security): OIDC trusted-publishing + SHA-pin actions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

H-1: release.yml PyPI publish migrates from long-lived PYPI_API_TOKEN to
trusted publishing (OIDC) — publish-pypi job gains 'environment: pypi' +
'permissions: id-token: write'; the password/secret directive is removed.
Closes the token-exfil -> malicious-publish supply-chain risk.

M-1: pin all actions/* to full commit SHA (checkout v6, setup-python v6,
upload-artifact v7, download-artifact v8) with '# vN' comment for readability
and Dependabot compatibility. pypa/gh-action-pypi-publish pinned to the
org-standard release/v1 SHA. github/codeql-action left on its major tag (v4)
by design (GitHub-maintained; pinning risks a stale CodeQL bundle).

Operator one-time step: add a PyPI trusted publisher for project instinct-mcp
(owner WRG-11, repo instinct, workflow release.yml, env pypi), then delete the
PYPI_API_TOKEN repo secret. Publish stays inert until then.
---
 .github/workflows/ci.yml      |  8 ++++----
 .github/workflows/codeql.yml  |  2 +-
 .github/workflows/release.yml | 27 +++++++++++++++++----------
 3 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fba2923..00e3696 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,10 +19,10 @@ jobs:
       fail-fast: false
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -38,9 +38,9 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
-      - uses: actions/setup-python@v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ddfa717..00a2652 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -17,7 +17,7 @@ jobs:
     name: analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
       - name: Detect languages
         id: detect
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fc42a78..fc9acee 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,10 +14,10 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
 
@@ -36,10 +36,10 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6
         with:
           python-version: "3.12"
 
@@ -71,7 +71,7 @@ jobs:
           python -m twine check dist/*
 
       - name: Upload distributions
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7
         with:
           name: python-dist
           path: dist/*
@@ -79,20 +79,27 @@ jobs:
   publish-pypi:
     needs: build
     runs-on: ubuntu-latest
+    # Trusted publishing (OIDC): no long-lived PYPI_API_TOKEN secret. PyPI
+    # verifies the GitHub OIDC identity for this repo/workflow/environment.
+    # Operator one-time step: add a PyPI trusted publisher for project
+    # "instinct-mcp" (owner WRG-11, repo instinct, workflow release.yml,
+    # environment pypi), then delete the PYPI_API_TOKEN repo secret.
+    environment:
+      name: pypi
+      url: https://pypi.org/project/instinct-mcp/
     permissions:
-      contents: read
+      id-token: write
     steps:
       - name: Download distributions
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8
         with:
           name: python-dist
           path: dist
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b  # release/v1 @ 2026-02-18
         with:
           packages-dir: dist
-          password: ${{ secrets.PYPI_API_TOKEN }}
           skip-existing: true
 
   create-release:
@@ -103,7 +110,7 @@ jobs:
       contents: write
     steps:
       - name: Download distributions
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v8
         with:
           name: python-dist
           path: dist