Jon Banafato
Why is it that I keep seeing "everyone should pin their GitHub Actions versions to a SHA because that's the secure way to do it" and not "GitHub should build tooling that creates and manages Actions lockfiles by default"? Am I just missing that version and only seeing the former one boosted?
Mar 25 at 2:19pmWeb
Show threadCharles Tapley Hoyt3d ago
@jonafato you should check out @andrewnez on fedi and his blog, he's been writing about this topic a lot in the last few months
Show threadAndrew Nesbitt3d ago
@cthoyt @jonafato https://nesbitt.io/2025/12/06/github-actions-package-manager.html
GitHub Actions Has a Package Manager, and It Might Be the Worst

GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, no transitive pinning

Andrew Nesbitt
Show threadJonathan Yu3d ago
@andrewnez @cthoyt @jonafato
Show threadJon Banafato3d ago
@andrewnez @cthoyt Thanks for the link. I appreciate your work and have read a bunch of your blog but think I missed this post. I'm not surprised that you've already written it and will share it with folks (in the hope that they are informed by it and share their own perspectives on why they want these features, too).
Show threadd@nny disc@ mc²3d ago

@jonafato relatedly from the trusted publishing docs https://docs.pypi.org/trusted-publishers/security-model/

GitHub Actions' own security model for OpenID Connect tokens is a little subtle:

and furthermore (emphasis not mine):

PyPI has protections in place to make some attacks against OIDC more difficult (like account resurrection attacks). However, like all forms of authentication, the end user is fundamentally responsible for applying it correctly.

when pgp keys were removed from pypi, a lengthy justification was provided by the same engineer who developed the trusted publishing workflow regarding the difficulty in using them correctly (which was itself flawed but that's a separate topic).

there are in these cases (as you note) no specific protections ensured, while alternatives are removed. it's a really upsetting tradeoff to provide to the community and it's a pattern of behavior that has advanced in recent years.

Security Model and Considerations - PyPI Docs

Show threadShawn Wilsher3d ago
@jonafato That's because we all know getting GitHub to implement features like that is near impossible 😅
Show threadJon Banafato2d ago

@sdwilsh To quote the hit 1993 film Super Mario Bros.:

Nothing's impossible, Mario. Improbable, Unlikely, but never impossible.

Show threadDaniel Spiewak2d ago
@jonafato @ross I mean I agree with what you're saying, but maybe I'm missing something, because it feels like this type of tooling is almost trivial to implement yourself if you're willing to inline the locking and add some ignored YAML.
Show threadJon Banafato2d ago
@djspiewak Defaults matter. Why not make this work in a better and safer way out of the box?
Show threadHugo van Kemenade2d ago

@jonafato

2022: "We are building a new way to publish and consume actions that will improve the security of the CI/CD supply chain."

2025: closed as not planned

https://github.com/actions/publish-immutable-action

GitHub - actions/publish-immutable-action: A GitHub Action used for publishing an Action to ghcr.io as an OCI container.

A GitHub Action used for publishing an Action to ghcr.io as an OCI container. - actions/publish-immutable-action

GitHub
Show threadPat2d ago
@jonafato likely because one is something actionable by those it affects and the other is a (justifiable) opinion.  Hopes and prayers don't solve problems.