Skip to content

ci: pin third-party actions to commit SHA (supply-chain hardening)#4393

Open
camgrimsec wants to merge 1 commit into
modelcontextprotocol:mainfrom
camgrimsec:ci/pin-actions-to-sha
Open

ci: pin third-party actions to commit SHA (supply-chain hardening)#4393
camgrimsec wants to merge 1 commit into
modelcontextprotocol:mainfrom
camgrimsec:ci/pin-actions-to-sha

Conversation

@camgrimsec

@camgrimsec camgrimsec commented Jun 20, 2026

Copy link
Copy Markdown

Pins all GitHub Actions references in .github/workflows/ to a full 40-character commit SHA, with the original tag preserved as a trailing comment. This protects CI from a compromised tag — the same class of attack used in the tj-actions/changed-files compromise (CVE-2025-30066, March 2025), where a malicious commit was force-pushed to a mutable tag and stole secrets from every workflow that consumed it.

GitHub's own hardening guidance recommends pinning third-party actions to a full commit SHA for exactly this reason:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Scope:

  • claude.yml : 2 pins
  • python.yml : 10 pins
  • readme-pr-check.yml: 2 pins
  • release.yml : 13 pins
  • typescript.yml : 7 pins
    Total: 34 references across 5 workflows, 10 unique actions.

All pinned SHAs resolved from the tag's current commit object via the GitHub REST API on 2026-06-20. No behavior change: SHAs were resolved from the same refs the workflows currently use (e.g. @v6 → SHA of v6 tag's commit).

Dependabot can still bump these — it understands the 'SHA + trailing version comment' pattern and will open PRs to update to the next SHA when a new tag is published.

Description

Publishing Your Server

Note: We are no longer accepting PRs to add servers to the README. Instead, please publish your server to the MCP Server Registry to make it discoverable to the MCP ecosystem.

To publish your server, follow the quickstart guide. You can browse published servers at https://registry.modelcontextprotocol.io/.

Server Details

  • Server:
  • Changes to:

Motivation and Context

How Has This Been Tested?

Breaking Changes

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Protocol Documentation
  • My changes follows MCP security best practices
  • I have updated the server's README accordingly
  • I have tested this with an LLM client
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have documented all environment variables and configuration options

Additional context

@camgrimsec
ci: pin third-party actions to commit SHA (supply-chain hardening)
5720de4 
Pins all GitHub Actions references in .github/workflows/ to a full
40-character commit SHA, with the original tag preserved as a trailing
comment. This protects CI from a compromised tag — the same class of
attack used in the tj-actions/changed-files compromise
(CVE-2025-30066, March 2025), where a malicious commit was force-pushed
to a mutable tag and stole secrets from every workflow that consumed it.

GitHub's own hardening guidance recommends pinning third-party actions
to a full commit SHA for exactly this reason:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Scope:
- claude.yml         : 2 pins
- python.yml         : 10 pins
- readme-pr-check.yml: 2 pins
- release.yml        : 13 pins
- typescript.yml     : 7 pins
Total: 34 references across 5 workflows, 10 unique actions.

All pinned SHAs resolved from the tag's current commit object via the
GitHub REST API on 2026-06-20. No behavior change: SHAs were resolved
from the same refs the workflows currently use (e.g. @v6 → SHA of v6
tag's commit).

Dependabot can still bump these — it understands the
'SHA + trailing version comment' pattern and will open PRs to update
to the next SHA when a new tag is published.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@camgrimsec