Skip to content

chore: harden supply chain — pin SHAs, split publish workflow#185

Merged
temporaer merged 1 commit into
mainfrom
harden-supply-chain
Jun 12, 2026
Merged

chore: harden supply chain — pin SHAs, split publish workflow#185
temporaer merged 1 commit into
mainfrom
harden-supply-chain

Conversation

@temporaer

@temporaer temporaer commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Summary

Hardens the repository against supply-chain attacks:

Pre-commit config

  • Pin all hook revs to commit SHAs instead of mutable tags (prevents tag-rewriting attacks on upstream repos)

Publish workflow (.github/workflows/publish.yaml)

  • Split into build + publish jobs — the build job has no elevated permissions; only the publish job gets id-token: write and the publish-to-pypi environment gate
  • Pin all GitHub Actions to commit SHAs instead of mutable tags/branches
  • Add build provenance attestation via actions/attest-build-provenance
  • Add persist-credentials: false to checkout
  • Remove unused twine dependency (pypi-publish action handles upload natively)

Why split build from publish?

The previous single-job workflow granted id-token: write to the entire job including the checkout and build steps. By splitting, a compromised build step cannot mint OIDC tokens or publish to PyPI — only the isolated publish job (gated by the environment) has that permission.

Related: msr-ai4science/feynman#21953

@temporaer
chore: harden supply chain — pin SHAs, split publish workflow
7a6f7ed 
- Pin all pre-commit hook revs to commit SHAs (prevents tag rewriting attacks)
- Pin all GitHub Actions in publish.yaml to commit SHAs
- Split publish.yaml into separate build and publish jobs so that
  id-token:write and the environment gate only apply to the publish step
- Add attestation step for build provenance
- Remove unused twine dependency (gh-action-pypi-publish handles upload)
- Add persist-credentials: false to checkout

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
wesselb
wesselb approved these changes Jun 12, 2026
View reviewed changes

@wesselb wesselb left a comment
edited
Loading

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in principle!

  • I didn't check the commit hashes everywhere, so trusting @temporaer on this one.
  • It would be good to verify that publish.yaml still works, but that's tricky to test. Perhaps fine to fix any issues if any happen to arise when we publish a new version.

@temporaer temporaer merged commit 94ad568 into main Jun 12, 2026
9 checks passed
@temporaer temporaer deleted the harden-supply-chain branch June 12, 2026 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wesselb wesselb wesselb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@temporaer @wesselb