Skip to content

fix(ci): scope workflow token permissions and pin remaining Docker base images#93

Merged
shudonglin merged 1 commit into
litellm_internal_stagingfrom
fix/token-permissions-scoping
Jul 5, 2026
Merged

fix(ci): scope workflow token permissions and pin remaining Docker base images#93
shudonglin merged 1 commit into
litellm_internal_stagingfrom
fix/token-permissions-scoping

Conversation

@shudonglin

Copy link
Copy Markdown

Relevant issues

Linear ticket

Pre-Submission checklist

  • I have added meaningful tests (N/A: CI/config-only change, no application logic)
  • My PR passes all CI/CD checks (e.g., lint, format, unit tests)
  • My PR's scope is as isolated as possible; it only solves 1 specific problem
  • I have requested a Greptile review by commenting @greptileai and received a Confidence Score of at least 4/5 before requesting a maintainer review

Screenshots / Proof of Fix

N/A: CI/supply-chain hardening only, no proxy-visible behavior change. Verified each digest independently against the Docker registry before pinning (see commit message).

Type

🚄 Infrastructure

Changes

Addresses the two open code-scanning alert categories (TokenPermissionsID, PinnedDependenciesID) surfaced by the fork's Scorecard supply-chain scan:

  • Adds a restrictive top-level permissions: contents: read to check_duplicate_issues.yml, create_daily_staging_branch.yml, issue-keyword-labeler.yml, and label-component.yml, which previously had none and so defaulted to the repo's broader default token permissions.
  • Pins the remaining floating-tag Docker base images by digest: node:20.18-alpine3.20 and nginx:1.27-alpine in ui/Dockerfile, rust:1.90-slim-bookworm and python:3.11-slim-bookworm in litellm-rust/crates/ai-gateway/Dockerfile. Each digest was independently resolved from the registry (not just copied from Scorecard's suggestion) before pinning.

The remaining Token-Permissions warnings (release/schema-sync/branch-creation workflows needing contents: write) are already correctly scoped at job level with a restrictive permissions: {} at the top level; the write grant is inherent to what those workflows do (creating branches, releases, tags) and isn't further reducible without removing that capability, so left as-is. The remaining Pinned-Dependencies warnings (cookbook/example Dockerfiles, docker/Dockerfile.database, docker/Dockerfile.non_root, docker/build_from_pip, and pip/npm install commands) are non-deployed example or auxiliary files; left for follow-up rather than rushed digest pins on files this PR didn't otherwise touch.


Generated by Claude Code

…er base images by digest

Scorecard's Token-Permissions check flagged four workflows
(check_duplicate_issues, create_daily_staging_branch, issue-keyword-labeler,
label-component) with no top-level permissions block, defaulting the
GITHUB_TOKEN to the repo's broad default instead of least-privilege.

Pinned-Dependencies flagged four remaining floating-tag base images with a
digest already resolvable from the registry: node/nginx in ui/Dockerfile and
rust/python in litellm-rust's ai-gateway Dockerfile, matching the digest-pin
convention already applied to the other four Dockerfiles in the repo.
@shudonglin shudonglin marked this pull request as ready for review July 5, 2026 11:46
@shudonglin shudonglin merged commit 7cf57a5 into litellm_internal_staging Jul 5, 2026
78 checks passed
@shudonglin shudonglin deleted the fix/token-permissions-scoping branch July 5, 2026 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants