Skip to content

Add note about third-party pull requests for GitHub Actions #3516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
eXpl0it3r wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add note about third-party pull requests for GitHub Actions #3516

eXpl0it3r wants to merge 1 commit into from

Conversation

@eXpl0it3r
Copy link

@eXpl0it3r eXpl0it3r commented Dec 15, 2025
edited
Loading

I think it's important to communicate to the user, that pull requests by strangers won't be able to circumvent the trust publishing policy.

Without such a hint, it's unclear whether an "approved" user (someone who has contributed before and won't need a manual approval for the GitHub Actions run), would be able to create a PR that changes the GitHub Actions step in such a way, that malicious code is released as new package, because the trust publishing policy is set up for the given repository.

Feel free to make suggestions on the words or change the wording directly.

Pinging @joelverhagen, given that I have more or less used his wording from the .NET Foundation Discord server.

@eXpl0it3r eXpl0it3r requested a review from a team as a code owner December 15, 2025 16:21
Copilot AI review requested due to automatic review settings December 15, 2025 16:21
@eXpl0it3r eXpl0it3r requested review from a team as code owners December 15, 2025 16:21
@eXpl0it3r
Copy link
Author

eXpl0it3r commented Dec 15, 2025

@dotnet-policy-service agree

@learn-build-service-prod
Copy link

learn-build-service-prod bot commented Dec 15, 2025

Learn Build status updates of commit a6b4feb:

✅ Validation status: passed

File Status Preview URL Details
docs/nuget-org/trusted-publishing.md ✅Succeeded View

For more details, please refer to the build report.

@learn-build-service-prod
Copy link

learn-build-service-prod bot commented Dec 15, 2025

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.

Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@eXpl0it3r eXpl0it3r requested a review from Copilot December 15, 2025 22:06
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

@eXpl0it3r eXpl0it3r force-pushed the feature/clarify-trust-publishing branch from a6b4feb to 4309804 Compare December 15, 2025 22:20
@learn-build-service-prod
Copy link

learn-build-service-prod bot commented Dec 15, 2025

Learn Build status updates of commit 4309804:

✅ Validation status: passed

File Status Preview URL Details
docs/nuget-org/trusted-publishing.md ✅Succeeded View

For more details, please refer to the build report.

@learn-build-service-prod
Copy link

learn-build-service-prod bot commented Dec 15, 2025

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.

@eXpl0it3r eXpl0it3r requested a review from Copilot December 15, 2025 22:22
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

@eXpl0it3r eXpl0it3r force-pushed the feature/clarify-trust-publishing branch from 4309804 to 42b8389 Compare December 15, 2025 22:27
@learn-build-service-prod
Copy link

learn-build-service-prod bot commented Dec 15, 2025

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.

@learn-build-service-prod
Copy link

learn-build-service-prod bot commented Dec 15, 2025

Learn Build status updates of commit 42b8389:

✅ Validation status: passed

File Status Preview URL Details
docs/nuget-org/trusted-publishing.md ✅Succeeded View

For more details, please refer to the build report.

@eXpl0it3r eXpl0it3r requested a review from Copilot December 15, 2025 22:30
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

@joelverhagen
Copy link
Member

joelverhagen commented Dec 17, 2025

Hello @eXpl0it3r, thanks for taking the time to work on the documentation. There are actually two scenarios that I think are being conflated here. I looked back at the DNF Discord messages and found the one you reacted to. When I wrote that I was assuming the other person was talking about a fork running a GitHub Actions workflow in their own repository (a fork). There is another that is worth distinguishing.

  1. Repo A has a workflow with a id-token: write permission. Repo A is forked and then the workflow is run in the fork repository by the fork owner or some other trigger. This is the scenario I was thinking about when originally answering.. The OIDC token minted by GitHub will have an owner that is the fork owner not the original owner of Repo A. Therefore, it will be quickly rejected for any trust policy that the Repo A owner created.
  2. Repo A has a workflow with a id-token: write permission. The workflow is run inside Repo A, on behalf of an external user, via an event that can be triggered by the external user. Most often this is the pull_request event. However, the pull_request event will fail to produce an OIDC token due to protections in the GitHub Actions platform. So, we're safe. There is a "danger" mode called pull_request_target which is like pull_request but has some safety precautions removed. This event is warned about and blogged about.

Note that pull_request events based on the same repository (i.e. created by a repository contributor) can create tokens, but at this point we're talking about people with contributor access not 3rd parties.

I hope this explains the situation.

If you'd like to move forward with this PR, maybe this nuance can be expanded on in your diff?

@eXpl0it3r
Copy link
Author

eXpl0it3r commented Dec 19, 2025

Thank you for looking at this PR and clarifying your statement, @joelverhagen!

Happy to update this!

Do you have any doc links regarding the "However, the pull_request event will fail to produce an OIDC token due to protections in the GitHub Actions platform." statement? Is this documented somewhere?

@joelverhagen
Copy link
Member

joelverhagen commented Dec 19, 2025
edited
Loading

Do you have any doc links regarding the "However, the pull_request event will fail to produce an OIDC token due to protections in the GitHub Actions platform." statement? Is this documented somewhere?

No, I was unable to find a doc. However, I have tested it and it is referenced on https://docs.pypi.org/trusted-publishers/security-model/. When I tested it, they implemented the block by not setting ACTIONS_ID_TOKEN_REQUEST_TOKEN and ACTIONS_ID_TOKEN_REQUEST_URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eXpl0it3r @joelverhagen