Hash-pinning github-actions

[krassowski]

Just highlighting the discussion in jupyter/notebook#7153

[krassowski]

Could we enforce hash-pinning in way of #89?

[krassowski]

For context an action used in jupyterlab was compromised and hash-pinning would have helped:

• https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
• https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/

I would also like to join the security group as mentioned a month ago in #86 (comment) and be able to have more of a say/mandate in pushing for security. Is there a form to apply or something?

[Carreau]

i opened a sec advisory on lab and lumino. Yes we should has pin. I believe there are tools in the scientific-python org that check for that.

I want to note that hash pinning is not that helpful if we rely too blindly on depends of and automatic upgrade, but at least it delays it.

[krassowski]

I believe there are tools in the scientific-python org that check for that.

Hmm, I do not see it (but it would be super useful). Going by https://github.com/scientific-python/cookie it actually seems to go in the other direction of ensuring evergreen actions:

• GH210: Maintains the GitHub action versions with Dependabot
• GH211: Do not pin core actions as major versions
• GH212: Require GHA update grouping

[krassowski]

Some more research: even pinning action X does not guarantee safety as if it depends on action Y which is not pinned, even pinned X will be executed with unpinned Y as per discussion in actions/runner#2195.

[Carreau]

pinning at least limit supply chain attacks up to the first non-pinned dependency...

And I think I was thinking about https://scientific-python.org/specs/spec-0008/

(BTW if you wish I think a Pr to spec 8 that links to these kind of supply chain attacks would be a great addition)