Skip to content

fix(security): pin etils-actions/pypi-auto-publish and other Actions to commit SHAs#11213

Open
XananasX7 wants to merge 1 commit into
tensorflow:masterfrom
XananasX7:fix/security-pin-actions
Open

fix(security): pin etils-actions/pypi-auto-publish and other Actions to commit SHAs#11213
XananasX7 wants to merge 1 commit into
tensorflow:masterfrom
XananasX7:fix/security-pin-actions

Conversation

@XananasX7

Copy link
Copy Markdown

Summary

The release.yml workflow uses etils-actions/pypi-auto-publish@v1 — a mutable tag reference on a third-party action (only ~10 GitHub stars). If the v1 tag is silently redirected (compromised maintainer, tag deletion + recreation), malicious code executes in the job holding PYPI_PASSWORD, enabling a supply-chain attack backdooring tensorflow-datasets on PyPI — a package with millions of downstream users.

Additional tag-pinned first-party actions (actions/checkout@v3, actions/setup-python@v4, styfle/cancel-workflow-action@0.7.0) in CI and release workflows also pinned to commit SHAs.

Follows the GitHub security hardening guide.

…to SHAs

etils-actions/pypi-auto-publish@v1 is a tag-pinned third-party action in
the release workflow with PYPI_PASSWORD secret. A supply-chain attack via
tag redirect could backdoor tensorflow-datasets on PyPI.
@google-cla

google-cla Bot commented Jun 28, 2026

Copy link
Copy Markdown

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant