[PR #826] [MERGED] chore: Harden CI supply chain #878

New issue

Closed

opened 2026-05-06 13:10:36 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-06 13:10:36 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/cloudflare/vinext/pull/826
Author: @erezrokah
Created: 4/12/2026
Status: ✅ Merged
Merged: 4/13/2026
Merged by: @james-elicx

Base: main ← Head: claude/determined-jemison

📝 Commits (2)

ac7e00b chore: harden CI supply chain
07f872c pull setup-vp into setup action

📊 Changes

11 files changed (+43 additions, -21 deletions)

View changed files

➕ .github/actions/setup/action.yml (+25 -0)
📝 .github/workflows/benchmarks.yml (+1 -1)
📝 .github/workflows/bigbonk.yml (+1 -2)
📝 .github/workflows/bonk.yml (+1 -2)
📝 .github/workflows/ci.yml (+7 -7)
📝 .github/workflows/deploy-examples.yml (+1 -1)
📝 .github/workflows/ecosystem-run.yml (+1 -1)
📝 .github/workflows/nextjs-tracker.yml (+1 -2)
📝 .github/workflows/preview-release.yml (+2 -2)
📝 .github/workflows/publish.yml (+1 -1)
📝 .github/workflows/tip.yml (+2 -2)

📄 Description

Summary

Pin voidzero-dev/setup-vp to commit SHA, and pin create-next-app and pkg-pr-new to exact versions in CI workflows.

Changes Made

Pin voidzero-dev/setup-vp@v1 → voidzero-dev/setup-vp@237a7eda... across all 10 workflow files
ci.yml: create-next-app@latest → create-next-app@16.2.3
preview-release.yml: pkg-pr-new → pkg-pr-new@0.0.66

Recommendations

Create .github/dependabot.yml with cooldown setting and github-actions ecosystem to track action version updates automatically
Commit a package-lock.json for benchmarks/nextjs/ and switch npm install → npm ci in benchmarks.yml to enforce reproducible CI installs (currently gitignored — check if intentional)
Pin npm install commands in ecosystem-run.yml where feasible (line 80, line 88, line 101 install into cloned third-party repos)

Why this matters — real-world supply chain attacks

GitHub Actions

Mutable tags and branches in GitHub Actions have been exploited in multiple incidents:

Trivy, KICS, LiteLLM (CVE-2026-33634) — Compromised GitHub Actions used by thousands of repositories, injecting malicious code via tag mutation
reviewdog (CVE-2025-30154) — Popular review action compromised, leaking CI secrets from repositories that referenced it by tag
tj-actions/changed-files (CVE-2025-30066) — Action tag was overwritten to exfiltrate secrets from CI runners

Pinning to SHA digests makes these attacks impossible — a commit hash is immutable.

Package registries

Unpinned package installs in CI are vulnerable to registry compromises:

Axios npm compromise impacting OpenAI (2026) — Compromised Axios package affected OpenAI and other consumers
PyTorch torchtriton (2022) — Malicious package published to PyPI, executed on install
colors.js (CVE-2021-23567, 2022) — Maintainer intentionally sabotaged the package
ua-parser-js (2021) — Hijacked npm account used to publish cryptominer
event-stream (2018) — Social engineering attack to inject credential-stealing code

Using lockfiles with npm ci and pinning dlx versions prevents CI from silently pulling compromised releases.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/cloudflare/vinext/pull/826 **Author:** [@erezrokah](https://github.com/erezrokah) **Created:** 4/12/2026 **Status:** ✅ Merged **Merged:** 4/13/2026 **Merged by:** [@james-elicx](https://github.com/james-elicx) **Base:** `main` ← **Head:** `claude/determined-jemison` --- ### 📝 Commits (2) - [`ac7e00b`](https://github.com/cloudflare/vinext/commit/ac7e00b850aa6e405c7875cb8223a3914ec6d990) chore: harden CI supply chain - [`07f872c`](https://github.com/cloudflare/vinext/commit/07f872c8ca44cd5e1910406acca4fbc4bd3b6432) pull setup-vp into setup action ### 📊 Changes **11 files changed** (+43 additions, -21 deletions) <details> <summary>View changed files</summary> ➕ `.github/actions/setup/action.yml` (+25 -0) 📝 `.github/workflows/benchmarks.yml` (+1 -1) 📝 `.github/workflows/bigbonk.yml` (+1 -2) 📝 `.github/workflows/bonk.yml` (+1 -2) 📝 `.github/workflows/ci.yml` (+7 -7) 📝 `.github/workflows/deploy-examples.yml` (+1 -1) 📝 `.github/workflows/ecosystem-run.yml` (+1 -1) 📝 `.github/workflows/nextjs-tracker.yml` (+1 -2) 📝 `.github/workflows/preview-release.yml` (+2 -2) 📝 `.github/workflows/publish.yml` (+1 -1) 📝 `.github/workflows/tip.yml` (+2 -2) </details> ### 📄 Description ## Summary Pin `voidzero-dev/setup-vp` to commit SHA, and pin `create-next-app` and `pkg-pr-new` to exact versions in CI workflows. ## Changes Made - Pin `voidzero-dev/setup-vp@v1` → `voidzero-dev/setup-vp@237a7eda...` across all 10 workflow files - `ci.yml`: `create-next-app@latest` → `create-next-app@16.2.3` - `preview-release.yml`: `pkg-pr-new` → `pkg-pr-new@0.0.66` ## Recommendations - [ ] Create `.github/dependabot.yml` with [`cooldown`](https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#cooldown-) setting and `github-actions` ecosystem to track action version updates automatically - [ ] Commit a `package-lock.json` for `benchmarks/nextjs/` and switch [`npm install` → `npm ci`](https://github.com/cloudflare/vinext/blob/5f6bccbd039bbbbbf7e0d516f0737080cef5ce15/.github/workflows/benchmarks.yml#L40) in `benchmarks.yml` to enforce reproducible CI installs (currently [gitignored](https://github.com/cloudflare/vinext/blob/5f6bccbd039bbbbbf7e0d516f0737080cef5ce15/benchmarks/.gitignore#L17) — check if intentional) - [ ] Pin `npm install` commands in `ecosystem-run.yml` where feasible ([line 80](https://github.com/cloudflare/vinext/blob/5f6bccbd039bbbbbf7e0d516f0737080cef5ce15/.github/workflows/ecosystem-run.yml#L80), [line 88](https://github.com/cloudflare/vinext/blob/5f6bccbd039bbbbbf7e0d516f0737080cef5ce15/.github/workflows/ecosystem-run.yml#L88), [line 101](https://github.com/cloudflare/vinext/blob/5f6bccbd039bbbbbf7e0d516f0737080cef5ce15/.github/workflows/ecosystem-run.yml#L101) install into cloned third-party repos) <details> <summary>Why this matters — real-world supply chain attacks</summary> ### GitHub Actions Mutable tags and branches in GitHub Actions have been exploited in multiple incidents: - **Trivy, KICS, LiteLLM** ([CVE-2026-33634](https://nvd.nist.gov/vuln/detail/CVE-2026-33634)) — Compromised GitHub Actions used by thousands of repositories, injecting malicious code via tag mutation - **reviewdog** ([CVE-2025-30154](https://nvd.nist.gov/vuln/detail/CVE-2025-30154)) — Popular review action compromised, leaking CI secrets from repositories that referenced it by tag - **tj-actions/changed-files** ([CVE-2025-30066](https://nvd.nist.gov/vuln/detail/CVE-2025-30066)) — Action tag was overwritten to exfiltrate secrets from CI runners Pinning to SHA digests makes these attacks impossible — a commit hash is immutable. ### Package registries Unpinned package installs in CI are vulnerable to registry compromises: - **[Axios npm compromise impacting OpenAI](https://openai.com/index/axios-developer-tool-compromise/)** (2026) — Compromised Axios package affected OpenAI and other consumers - **[PyTorch torchtriton](https://pytorch.org/blog/compromised-nightly-dependency/)** (2022) — Malicious package published to PyPI, executed on install - **colors.js** ([CVE-2021-23567](https://nvd.nist.gov/vuln/detail/CVE-2021-23567), 2022) — Maintainer intentionally sabotaged the package - **[ua-parser-js](https://github.com/advisories/GHSA-pjwm-rvh2-c87w)** (2021) — Hijacked npm account used to publish cryptominer - **[event-stream](https://github.com/advisories/GHSA-mh6f-8j2x-4483)** (2018) — Social engineering attack to inject credential-stealing code Using lockfiles with `npm ci` and pinning `dlx` versions prevents CI from silently pulling compromised releases. </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>