ci: harden docker-publish.yml (untrusted-checkout guard + zizmor findings)#8
Merged
Conversation
|
…checkout The Docker publish pipeline runs on workflow_run with packages:write + id-token:write and checks out github.event.workflow_run.head_sha in three jobs (lint, build-and-push, smoke-test), then executes it (npm install, docker build, smoke). Add a head-repository trust guard to each privileged job so it only proceeds when the triggering Release run came from this repository, closing CodeQL's actions/untrusted-checkout (2 critical + 1 high). Release only fires on upstream tag pushes, so the guard is always satisfied for a real release and never blocks a legitimate publish.
dotCooCoo
force-pushed
the
fix/codeql-untrusted-checkout
branch
from
33b3e39 to
89ada3d
Compare
|
🎉 Linting finished with no errors or warnings 🎉
|
- Scope packages:write + id-token:write to the publishing jobs (build-and-push pushes + cosign-signs; smoke-test pulls) instead of workflow-wide; lint runs read-only. - Env-indirect the workflow_dispatch version input (template-injection). - persist-credentials: false on all checkouts (none git-push). - Justified ignores for the required+guarded workflow_run trigger (dangerous-triggers) and the no-cache setup-node (cache-poisoning).
dotCooCoo
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves the 3 open CodeQL
actions/untrusted-checkoutalerts (2 critical + 1 high), all in.github/workflows/docker-publish.yml.Problem
The Docker publish pipeline triggers on
workflow_runwithpackages: write+id-token: write, and its three jobs eachactions/checkoutref: github.event.workflow_run.head_shaand then execute that code (npm install, docker build, smoke test). CodeQL flags this as checkout-and-execute of potentially-untrusted code in a privileged context.Fix
Add a head-repository trust guard to each privileged job:
Releaseonly fires on upstream tag pushes, so the triggering run'shead_repositoryis always this repository for a real release — the guard is always satisfied for legitimate publishes and blocks any fork-originated trigger from having its code checked out and run with publish/signing privileges.workflow_dispatch(manual, write-access only) is unaffected.