ci: supply-chain hardening (PR 2/2) — SBOM + build-provenance attestation for releases#43
Merged
Merged
Conversation
Publish stays HELD (workflow_dispatch). Adds: step-security/harden-runner@v2.19.4 (egress audit) on all 3 jobs; a CycloneDX SBOM (cargo-cyclonedx --manifest-path Cargo.toml) uploaded as a build artifact (crates.io doesn't host SBOMs); and actions/attest-build-provenance@v4.1.0 SLSA provenance for the packaged .crate, run BEFORE cargo publish so a failed attestation fails the release closed. attestations: write added to the publish job. OIDC auth, cargo publish, and the verify/require-ci-green gates are unchanged. All actions SHA-pinned.
Publish stays HELD. Adds: harden-runner@v2.19.4 (egress audit) on all 4 jobs; a CycloneDX SBOM (cargo-cyclonedx on ordvec-python/Cargo.toml — the wheel is the compiled Rust ext) uploaded from build-sdist; and actions/attest-build-provenance@v4.1.0 GitHub SLSA provenance for the wheels + sdist, run BEFORE the pypa publish (fail-closed) — complementary to the PyPI-side PEP 740 attestations the pypa action already emits. attestations: write added to the publish job. The wheel matrix, maturin, pytest, require-ci-green, and pypa publish are unchanged. All actions SHA-pinned.
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
Review Summary by QodoSupply-chain hardening: SBOM + build provenance attestation for releases
WalkthroughsDescription• Add supply-chain hardening with SBOM generation and build provenance attestation • Integrate harden-runner for egress audit on all release jobs • Generate CycloneDX SBOMs for crate and Python binding packages • Attest build provenance using GitHub SLSA before publishing • Add attestations write permission to publish jobs Diagramflowchart LR
A["Release Workflows"] --> B["Harden Runner<br/>Egress Audit"]
B --> C["Generate SBOM<br/>CycloneDX"]
C --> D["Attest Build<br/>Provenance SLSA"]
D --> E["Publish to Registry<br/>Fail-Closed"]
F["Upload SBOM<br/>Artifact"] -.-> E
File Changes1. .github/workflows/release-crate.yml
|
Code Review by Qodo
1.
|
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Adds supply-chain hardening to the repository’s manual (workflow_dispatch-only) release workflows by generating CycloneDX SBOMs and producing GitHub SLSA build-provenance attestations prior to publishing.
Changes:
- Add
step-security/harden-runner(egress audit mode) to all jobs in both release workflows. - Generate and upload CycloneDX SBOM artifacts for the Rust crate release and the Python binding release.
- Add
actions/attest-build-provenancesteps (andattestations: writepermission) so provenance is emitted before publishing.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .github/workflows/release-python.yml | Adds runner hardening, a binding-crate SBOM artifact, and SLSA provenance attestation for wheels/sdist before PyPI publish. |
| .github/workflows/release-crate.yml | Adds runner hardening, a crate SBOM artifact, and SLSA provenance attestation for the packaged .crate before crates.io publish. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9bbd46c0f1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
qodo/copilot/Codex(P1): the SBOM tool was installed unpinned — 'cargo install cargo-cyclonedx --locked' selects whatever is latest at runtime (--locked only pins the tool's own deps), which is non-reproducible and a supply-chain risk in a release pipeline. Pin to --version 0.5.9 (the version verified locally) in both release workflows. copilot/Codex(P2): the SBOM upload steps lacked 'if-no-files-found: error', so a missing/failed SBOM could publish silently — add it to both (and collapse a duplicate on the crate upload that the count check caught).
…iew) qodo: the short-lived crates.io token was minted right after checkout, then sat live through cargo package + the 'cargo install cargo-cyclonedx' SBOM build (third-party code) + attestation before cargo publish used it — a needlessly wide exposure window. Move the crates-io-auth-action step to immediately before cargo publish so the token is minted last. The id:auth -> steps.auth.outputs.token reference is unchanged (auth still runs before publish).
project-navi-bot
approved these changes
May 25, 2026
Owner
Author
|
/agentic_review |
|
Persistent review updated to latest commit 4060b87 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part 2 of 2 of the pre-release supply-chain hardening (PR-1 = #42, the always-on CI). This adds provenance to the held release workflows (both
workflow_dispatch-only — merging this triggers nothing). Built by 2 Opus subagents on disjoint files, centrally verified.release-crate.yml (crates.io)
cargo cyclonedx --manifest-path Cargo.toml) uploaded as a build artifact (crates.io doesnt host SBOMs).actions/attest-build-provenance@v4.1.0SLSA provenance for the packaged.crate, run beforecargo publish(fail-closed: no attestation → no publish).attestations: writeadded to the publish job.cargo publish, and the verify / require-ci-green gates are unchanged.release-python.yml (PyPI)
build-sdist, uploaded as an artifact.attest-build-provenance@v4.1.0GitHub SLSA provenance for the wheels + sdist, run before the pypa publish (fail-closed) — complementary to the PyPI-side PEP 740 attestations thepypa/gh-action-pypi-publishstep already emits.attestations: writeadded to the publish job.Verified
attest-build-provenanceSHA-pinned in both;attestations: writeon both publish jobs; every added action SHA-pinned.cargo-cyclonedxlocally and caught that it rejects-p(it scopes via--manifest-path) — so the encoded command is the verified one, not a guess.Publish remains HELD on your explicit go. Merges under the strict protection (CI + 1 non-self code-owner approval).
Together with #42 this closes the pre-release supply-chain asks: SBOM ✓, hardened runner ✓, release attestation ✓, Dependabot (7-day cooldown) ✓, CodeQL ✓.