Skip to content

Security: Update GitHub Actions to latest versions in publish workflow #643

Description

@LucasMaupin

Summary

The .github/workflows/run-publish.yml workflow uses outdated GitHub Action versions, which increases supply-chain risk if those pinned major versions receive breaking or malicious updates.

Severity: MEDIUM

Outdated Actions

Action Current Recommended
actions/checkout @v3 @v4
docker/setup-qemu-action @v2 @v3
docker/setup-buildx-action @v2 @v3
docker/login-action @v2 @v3
docker/metadata-action @v4 @v5
docker/build-push-action @v3 @v5

Note: The lint, unit test, and e2e workflows already use actions/checkout@v4 and actions/setup-node@v4 — only the publish workflow is behind.

Remediation

Update .github/workflows/run-publish.yml to use the versions above. For stronger supply-chain protection, consider pinning to commit SHAs (see intercom-manager#235 for the equivalent backend issue).

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingenhancementNew feature or requestgood first issueGood for newcomersready-for-devIssue is scoped and ready to be picked uptriagedIssue has been triaged

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions