Fix GitHub Actions code injection and untrusted-checkout warnings#423
Fix GitHub Actions code injection and untrusted-checkout warnings#423
Conversation
All ${{ inputs.* }}, ${{ github.event.* }}, and ${{ steps.*.outputs.* }}
expressions that were directly interpolated inside run: shell scripts or
github-script JavaScript blocks are moved to env: mappings. Scripts
reference them as plain environment variables ($VAR / process.env.VAR).
Event-payload fields previously accessed via ${{ github.event.xxx }} are
now read from $GITHUB_EVENT_PATH with jq -r '.xxx // empty', eliminating
the injection vector while keeping the logic identical.
The untrusted-checkout warning in run-change-detection is addressed by
adding persist-credentials: false to the actions/checkout step.
The collect-format-results action is simplified: the indirect $GITHUB_ENV
heredoc detour is removed; the JSON is passed directly as RESULTS_JSON and
read via os.environ['RESULTS_JSON'] in the Python block.
Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
greenc-FNAL
requested review from
aolivier23,
knoepfel,
marcpaterno and
sabasehrish
as code owners
|
@copilot Please address |
…mat-all workflows - clang-tidy-fix.yaml: add missing pr_number to setup job outputs - coverage.yaml: add missing repo and pr-base-sha workflow_dispatch inputs - format-all.yaml: change skip-comment from string "true" to boolean true Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
Fixed in b1df5c8. Three pre-existing actionlint issues addressed:
|
There was a problem hiding this comment.
Pull request overview
Hardens the repository’s composite GitHub Actions against code injection and untrusted-checkout warnings by eliminating direct ${{ }} interpolation inside run:/github-script bodies and tightening checkout credentials handling.
Changes:
- Move
${{ ... }}expansions out of inline shell/JS bodies into stepenv:and reference them as plain environment variables. - Read event payload fields via
$GITHUB_EVENT_PATH+jqinstead of embedding${{ github.event.* }}in scripts. - Add
persist-credentials: falseto the change-detection checkout and simplify passing formatter results JSON into the aggregator step.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/actions/prepare-check-outputs/action.yaml | Ref resolution now uses env + jq over ${{ }} in shell. |
| .github/actions/prepare-fix-outputs/action.yaml | Same ref/repo resolution hardening for fix-mode workflows. |
| .github/actions/workflow-setup/action.yaml | Centralized outputs now come from env vars; PR number read via jq. |
| .github/actions/run-change-detection/action.yaml | Checkout now uses persist-credentials: false; reporting uses env vars. |
| .github/actions/complete-pr-comment/action.yaml | github-script reads inputs.status via process.env. |
| .github/actions/collect-format-results/action.yaml | Pass results JSON directly via env instead of $GITHUB_ENV heredoc. |
| .github/actions/post-clang-tidy-results/action.yaml | github-script reads inputs via process.env; PR number coerced to int. |
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
@copilot Treatment of |
|
Review the full CodeQL report for details. |
There was a problem hiding this comment.
Pull request overview
Hardens GitHub Actions composites/workflows against code-injection risks by removing direct ${{ ... }} interpolation from run:/github-script bodies and addressing an untrusted-checkout warning.
Changes:
- Move step-context values into
env:and reference them via shell/JS env vars (and read event payload fields via$GITHUB_EVENT_PATH+jq). - Add
persist-credentials: falseto the change-detection checkout. - Minor workflow wiring updates (new coverage inputs; expose
pr_numberfor clang-tidy fix reporting; normalizeskip-commentvalues).
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/format-all.yaml | Updates reusable-workflow inputs (skip-comment) when chaining fix workflows. |
| .github/workflows/coverage.yaml | Adds workflow_dispatch inputs for repo/base-sha and passes them into workflow-setup. |
| .github/workflows/clang-tidy-fix.yaml | Plumbs pr_number from workflow-setup outputs for result-posting. |
| .github/actions/workflow-setup/action.yaml | Removes inline expressions in bash by using env: and jq to read event payload. |
| .github/actions/run-change-detection/action.yaml | Adds persist-credentials: false and avoids inline expressions in logging step. |
| .github/actions/prepare-fix-outputs/action.yaml | Resolves ref/repo/checkout path without inline expressions; uses $GITHUB_EVENT_PATH for dispatch inputs. |
| .github/actions/prepare-check-outputs/action.yaml | Resolves ref/repo/base_sha/pr number without inline expressions; uses $GITHUB_EVENT_PATH parsing. |
| .github/actions/post-clang-tidy-results/action.yaml | Removes inline interpolation in github-script; passes values via env and parses PR number. |
| .github/actions/complete-pr-comment/action.yaml | Removes inline interpolation in github-script; passes status via env. |
| .github/actions/collect-format-results/action.yaml | Passes results-json via env directly (no $GITHUB_ENV heredoc detour). |
You can also share your feedback on Copilot code review. Take the survey.
- clang-format-fix, cmake-format-fix, header-guards-fix, jsonnet-format-fix, markdown-fix, python-fix, yaml-fix: change skip-comment from type: string to type: boolean, update default from "false" to false, remove || 'false' fallback in pass-through, and change != 'true' condition to !inputs.skip-comment - This makes format-all.yaml's skip-comment: true (boolean) type-compatible and resolves actionlint 'bool value cannot be assigned' errors Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
Fixed in daef0d2. The root cause was that The consistent fix: changed
|
There was a problem hiding this comment.
Pull request overview
This PR hardens Phlex’s GitHub Actions workflows/composite actions against code-injection vectors by avoiding direct ${{ }} interpolation inside run:/github-script blocks, and it addresses an untrusted-checkout warning by disabling persisted credentials during checkout.
Changes:
- Refactors several composite actions to pass inputs via
env:and read event payload fields via$GITHUB_EVENT_PATH(jq) instead of inline${{ }}interpolation. - Updates reusable “*-fix” workflows to use a boolean
skip-commentinput and boolean conditions. - Adds
persist-credentials: falseto the change-detection checkout step.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/actions/workflow-setup/action.yaml | Moves step-level interpolations into env: and uses jq for event fields when standardizing outputs / has_changes. |
| .github/actions/prepare-check-outputs/action.yaml | Resolves ref/repo/base SHA via env: + $GITHUB_EVENT_PATH instead of inline expressions. |
| .github/actions/prepare-fix-outputs/action.yaml | Resolves ref/repo/checkout_path via env: + $GITHUB_EVENT_PATH / prior step outputs. |
| .github/actions/run-change-detection/action.yaml | Adds persist-credentials: false and avoids inline interpolation in the reporting run: step. |
| .github/actions/post-clang-tidy-results/action.yaml | Avoids inline ${{ }} inside github-script by using process.env.* and parses PR number as int. |
| .github/actions/complete-pr-comment/action.yaml | Uses process.env.INPUT_STATUS instead of interpolating ${{ inputs.status }} in JS. |
| .github/actions/collect-format-results/action.yaml | Passes JSON directly via env and parses in Python (removes $GITHUB_ENV heredoc indirection). |
| .github/workflows/*-fix.yaml (clang-format/cmake-format/yaml/python/markdown/jsonnet/header-guards) | Switches skip-comment to boolean and updates conditions accordingly. |
| .github/workflows/format-all.yaml | Updates calls to reusable workflows to pass boolean skip-comment: true. |
| .github/workflows/clang-tidy-fix.yaml | Exposes pr_number from workflow-setup outputs. |
| .github/workflows/coverage.yaml | Adds repo and pr-base-sha as workflow_dispatch inputs (but see review comment re: remaining inline interpolation). |
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
…pressions (#427) * Fix clang-tidy check regressions from #411/#423 * Add missing exclude-globs input to detect-relevant-changes action * Fix CodeQL #111: use sparse checkout and git ls-tree to avoid materializing untrusted code * Fix regressions in post-clang-tidy-results, clang-tidy-fix, clang-tidy-check, and coverage * Fix all remaining ${{ }} in run: blocks and add persist-credentials: false to read-only checkouts * Revert erroneous exit 1 in clang-tidy-check: finding issues should not fail CI * Use workflow-setup outputs for repo name; inline safe step-outcome expressions * Better discrimination between check failures and CMake/build failures. * Address Kyle's review comments: working-directory and jq comment --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com> Co-authored-by: Chris Green <greenc@fnal.gov> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
${{ }}expressions interpolated directly insiderun:andgithub-scriptblocks allow injection if any value contains shell/JS metacharacters. Additionally, the change-detection checkout lackedpersist-credentials: false.Fix pattern
Every
${{ }}inside a shell or JS block is moved to anenv:mapping on that step and referenced as a plain environment variable:Key details
github.event.pull_request.base.sha,github.event.issue.number, etc.) are read from$GITHUB_EVENT_PATHviajq -r '... // empty'— no injection risk and no extra env entries needed for fields that are already exposed as built-in runner vars (GITHUB_SHA,GITHUB_REPOSITORY,GITHUB_EVENT_NAME,GITHUB_REF,GITHUB_REF_NAME).github-scriptblocks useprocess.env.VARinstead of inline${{ }}interpolation;pr-numberis passed throughparseInt(..., 10)to enforce numeric type.collect-format-results: removes the indirect$GITHUB_ENVheredoc detour —inputs.results-jsonis now passed directly asRESULTS_JSONand read viaos.environ['RESULTS_JSON']in Python.run-change-detection: addspersist-credentials: falsetoactions/checkoutto address the untrusted-checkout warning.Files changed
.github/actions/prepare-check-outputs/action.yaml.github/actions/prepare-fix-outputs/action.yaml.github/actions/workflow-setup/action.yaml.github/actions/run-change-detection/action.yaml.github/actions/complete-pr-comment/action.yaml.github/actions/collect-format-results/action.yaml.github/actions/post-clang-tidy-results/action.yaml💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.