ci: audit with zizmor

[kiwiyou]

ci.yml

• Added top-level permissions: {}
  • Revokes all default GITHUB_TOKEN permissions at the workflow level. A compromised step cannot use the token to write to the repo, open PRs, or push packages.
• Added jobs.lint.permissions.contents: read
  • Re-grants only the read permission needed to checkout the repository. All other scopes remain denied.
• Added jobs.lint.name: Lint
  • Names the previously anonymous job, improving readability in the GitHub Actions UI and PR status checks.
• Added top-level concurrency block (group: ${{ github.workflow }}-${{ github.ref }}, cancel-in-progress: true)
  • Ensures pushes to the same branch or updates to the same PR cancel stale in-progress runs, saving runner minutes and avoiding race conditions.
• Pinned actions/checkout@v5 to 93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • Locks the exact code that runs, preventing a compromised or hijacked upstream tag from injecting malicious code. Version comment preserves readability.
• Pinned pnpm/action-setup@v4 to fc06bc1257f339d1d5d8b3a19a8cae5388b55320
  • Same supply-chain protection as above.
• Pinned actions/setup-node@v6 to 53b83947a5a98c8d113130e565377fae1a50d02f
  • Same supply-chain protection as above.
• Added persist-credentials: false to the actions/checkout step
  • Stops the checkout action from saving the GITHUB_TOKEN in the local git config, eliminating credential leakage through artifacts or subsequent steps.

release.yml

• Added top-level permissions: {}
  • The workflow's default token becomes unprivileged; only the release job receives the explicitly listed scopes.
  • If a future job is added, it won't silently inherit broad permissions.
• Added explanatory comments to jobs.release.permissions (id-token: write # for npm provenance, pull-requests: write # for changesets to create PRs, contents: write # for changesets to create releases)
  • Makes the rationale for each permission auditable without reading the action source.
• Added jobs.release.name: Release
  • Names the previously anonymous job for UI and status check clarity.
• Added top-level concurrency block (group: ${{ github.workflow }}-${{ github.ref }}, cancel-in-progress: true)
  • Prevents overlapping release runs on rapid successive pushes to main, avoiding race conditions in changesets PR creation or duplicate npm publishes.
• Pinned actions/checkout@v5 to 93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • Locks the exact code that runs against tag mutation supply-chain attacks.
• Pinned pnpm/action-setup@v4 to fc06bc1257f339d1d5d8b3a19a8cae5388b55320
  • Same supply-chain protection as above.
• Pinned actions/setup-node@v6 to 53b83947a5a98c8d113130e565377fae1a50d02f
  • Same supply-chain protection as above.
• Pinned changesets/action@v1 to 6a0a831ff30acef54f2c6aa1cbbc1096b066edaf (v1.7.0)
  • The original @v1 tag floats across all v1.x releases; pinning to the exact commit eliminates that ambiguity.
• Added persist-credentials: false to the actions/checkout step
  • Especially important here because this job has contents: write — a leaked token could push arbitrary commits to main.
• Moved ${{ secrets.SLACK_WEBHOOK_URL }} from inline run: interpolation to an env: block, referenced as "$SLACK_WEBHOOK_URL" in the script
  • The original ${{ }} form expanded the secret directly into the shell script source before bash parsed it
  • A malformed secret value could break out of the curl argument and execute arbitrary shell commands.
  • The env: approach passes the value through an environment variable, which bash treats as data, not code.