Security hardening: GitHub Actions workflows#124
Conversation
…missions blocks, fix injection risks Agent-Logs-Url: https://github.com/Bryan-Roe/Aria/sessions/90ee6ed7-006e-4da4-bcf9-6d65b03b0bb2 Co-authored-by: Bryan-Roe <74067792+Bryan-Roe@users.noreply.github.com>
There was a problem hiding this comment.
Hi @Copilot! 👋
Your private repo does not have access to Sourcery.
Please upgrade to continue using Sourcery ✨
There was a problem hiding this comment.
Hi @Bryan-Roe! 👋
Your private repo does not have access to Sourcery.
Please upgrade to continue using Sourcery ✨
🔴 Coverage —
|
| Metric | Value |
|---|---|
| Total coverage | 58.8% |
| Minimum threshold | 60% |
Updated on every push · 2026-04-30
There was a problem hiding this comment.
Pull request overview
This PR hardens the GitHub Actions CI surface by reducing credential exposure, pinning third-party actions to immutable SHAs, tightening default token permissions, and reducing shell-injection risk from user-controlled inputs.
Changes:
- Removed
AZURE_CREDENTIALSfromworkflow_dispatchinputs and switched Azure login to repository secret usage. - Pinned multiple third-party GitHub Actions to specific commit SHAs to reduce supply-chain risk.
- Added least-privilege
permissions:blocks to workflows and hardened shell argument handling via env vars/quoting.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/stale.yml | Pins actions/stale to an immutable SHA. |
| .github/workflows/release.yml | Pins softprops/action-gh-release to an immutable SHA. |
| .github/workflows/quantum-orchestration.yml | Removes credential input, uses secret-only creds, adds permissions: contents: read. |
| .github/workflows/quantum-ai-smoke.yml | Adds permissions: contents: read. |
| .github/workflows/pr-tests.yml | Adds permissions: contents: read. |
| .github/workflows/pr-checks.yml | Hardens PR-size step by using env vars/quoting; pins actions/labeler. |
| .github/workflows/nightly-regression.yml | Pins dawidd6/action-download-artifact to an immutable SHA. |
| .github/workflows/markdown-quality.yml | Pins DavidAnson/markdownlint-cli2-action to an immutable SHA. |
| .github/workflows/llm-maker-tests.yml | Adds permissions: contents: read. |
| .github/workflows/e2e-tests.yml | Adds permissions: contents: read. |
| .github/workflows/devcontainer-ci.yml | Adds permissions: contents: read and pins devcontainers/ci. |
| .github/workflows/dependabot-automerge.yml | Pins dependabot/fetch-metadata to an immutable SHA. |
| .github/workflows/coverage-report.yml | Pins dawidd6/action-download-artifact to an immutable SHA. |
| .github/workflows/code-quality.yml | Adds permissions: contents: read. |
| .github/workflows/ci-pipeline.yml | Adds permissions: contents: read. |
| .github/workflows/broken-links.yml | Pins lycheeverse/lychee-action to an immutable SHA. |
| .github/workflows/azureml-train.yml | Moves workflow inputs into env vars for safer shell usage. |
| .github/workflows/auto-validation.yml | Adds permissions: contents: read. |
| .github/workflows/aria-tests.yml | Adds permissions: contents: read. |
| .github/workflows/actionlint.yml | Pins reviewdog/action-actionlint to an immutable SHA. |
| .github/actions/setup-python-env/action.yml | Routes pip install args via env var to reduce shell-injection risk. |
| - name: Azure Login | ||
| if: ${{ inputs.AZURE_CREDENTIALS != '' }} | ||
| if: ${{ secrets.AZURE_CREDENTIALS != '' }} | ||
| uses: azure/login@v2 | ||
| with: | ||
| creds: ${{ inputs.AZURE_CREDENTIALS }} | ||
| creds: ${{ secrets.AZURE_CREDENTIALS }} | ||
| - name: Run Orchestration |
There was a problem hiding this comment.
The Azure Login step is now conditional on secrets.AZURE_CREDENTIALS being non-empty, but the orchestration step always runs afterward. If the secret is missing/misconfigured, the workflow will skip login and likely fail later inside the PowerShell scripts with less actionable errors. Consider removing the if: so the login step fails fast when creds are required, or add an explicit guard step that checks the secret and exits with a clear message before running orchestration.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 322bba3c0e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - uses: actions/checkout@v4 | ||
| - name: Azure Login | ||
| if: ${{ inputs.AZURE_CREDENTIALS != '' }} | ||
| if: ${{ secrets.AZURE_CREDENTIALS != '' }} |
There was a problem hiding this comment.
Move secret guard out of step
if
This condition uses secrets.AZURE_CREDENTIALS directly in if, which GitHub Actions does not support for conditionals (the docs require mapping the secret to an env var first and checking that env var). As written, the Azure Login step can be skipped even when the secret exists, so the subsequent orchestration script runs unauthenticated and fails against Azure resources.
Useful? React with 👍 / 👎.
Multiple security gaps in the GitHub Actions CI surface: credential exposure via workflow inputs, unpinned third-party actions (supply-chain risk), missing least-privilege permissions, and shell injection vectors.
Critical — credential leak
quantum-orchestration.yml: RemovedAZURE_CREDENTIALSas aworkflow_dispatchstring input — values appear in the GitHub Actions UI and runner logs. Credentials now come exclusively from the repository secret.High — supply-chain pinning
All 9 third-party actions pinned to immutable commit SHAs; floating tags (
@v1,@v2) can be silently redirected.dawidd6/action-download-artifact@bf251b5(v6)reviewdog/action-actionlint@6fb7acc(v1.72.0)lycheeverse/lychee-action@8646ba3(v2.8.0)DavidAnson/markdownlint-cli2-action@8305c0f(v20)actions/stale@b5d41d4(v10.2.0)dependabot/fetch-metadata@25dd0e3(v3.1.0)softprops/action-gh-release@3bb1273(v2.6.2)devcontainers/ci@b63b30d(v0.3)actions/labeler@634933e(v6)Medium — least-privilege permissions + injection hardening
permissions: contents: readto 9 workflows that had no block (default token is over-scoped).setup-python-envaction:pip install ${{ inputs.extra-packages }}routed through an env var to prevent shell-metacharacter injection.Low — shell hygiene
azureml-train.yml:az cliarguments moved from inline${{ inputs.* }}interpolation to env vars.pr-checks.yml: SHAs passed via env vars + properly quoted; added missingidto size-check step.