fix: pin 2 unpinned action(s),extract 21 unsafe expression(s) to env vars

[dagecko]

User description

This is a re-submission of #38891, which was closed due to a branch issue on my end. Same fixes, apologies for the noise.

Security: Harden GitHub Actions workflows

Hey, I found some CI/CD security issues in this repo's GitHub Actions workflows. These are the same vulnerability classes that were exploited in the tj-actions/changed-files supply chain attack. I've been reviewing repos that are affected and submitting fixes where I can.

This PR applies mechanical fixes and flags anything else that needs a manual look. Happy to answer any questions.

Fixes applied

Rule	Severity	File	Description
RGS-002	high	.github/workflows/bump-python-package.yml	Extracted 4 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/embedded-sdk-release.yml	Extracted 1 unsafe expression(s) to env vars
RGS-007	high	.github/workflows/ephemeral-env-pr-close.yml	Pinned 2 third-party action(s) to commit SHA
RGS-002	high	.github/workflows/ephemeral-env-pr-close.yml	Extracted 1 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/ephemeral-env.yml	Extracted 3 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/generate-FOSSA-report.yml	Extracted 1 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/release.yml	Extracted 1 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/showtime-trigger.yml	Extracted 3 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/superset-docs-deploy.yml	Extracted 1 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/tag-release.yml	Extracted 5 unsafe expression(s) to env vars
RGS-002	high	.github/workflows/tech-debt.yml	Extracted 1 unsafe expression(s) to env vars

Additional findings (manual review recommended)

| Rule | Severity | File | Description |
| RGS-016 | critical | .github/workflows/check_db_migration_confict.yml | Unicode Steganography in Workflow File |
| RGS-004 | high | .github/workflows/claude.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/claude.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-003 | high | .github/workflows/pre-commit.yml | Filename Injection via Git Diff or File Listing |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-012 | high | .github/workflows/superset-docs-deploy.yml | Secret Exfiltration via Outbound HTTP Request |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/superset-docs-deploy.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/supersetbot.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/supersetbot.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/supersetbot.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-004 | high | .github/workflows/supersetbot.yml | Comment-Triggered Workflow Without Author Authorization Check |
| RGS-005 | medium | .github/workflows/claude.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/claude.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/ephemeral-env-pr-close.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/ephemeral-env.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/ephemeral-env.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/labeler.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/showtime-trigger.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/supersetbot.yml | Excessive Permissions on Untrusted Trigger |
| RGS-005 | medium | .github/workflows/welcome-new-users.yml | Excessive Permissions on Untrusted Trigger |

Why this matters

GitHub Actions workflows that use untrusted input in run: blocks or reference unpinned third-party actions are vulnerable to code injection and supply chain attacks. These are the same vulnerability classes exploited in the tj-actions/changed-files incident which compromised CI secrets across thousands of repositories.

How to verify

Review the diff, each change is mechanical and preserves workflow behavior:

• Expression extraction: Moves ${{ }} expressions from run: blocks into env: mappings, preventing shell injection
• SHA pinning: Pins third-party actions to immutable commit SHAs (original version tag preserved as comment)

---

If this PR is not welcome, just close it and I won't send another.

---

CodeAnt-AI Description

Harden GitHub Actions workflows that handle releases, docs, and ephemeral environments

What Changed

• Moved workflow inputs and secret checks into environment variables so release, deploy, and cleanup jobs no longer read them directly in shell commands
• Pinned previously unpinned third-party actions in PR cleanup workflows
• Kept release and deployment behavior the same while reducing exposure in CI jobs that use package, AWS, Docker, and FOSSA secrets

Impact

✅ Lower risk of secret exposure in CI
✅ Safer release and deploy runs
✅ Fewer unpinned workflow dependencies

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[bito-code-review]

Bito Automatic Review Skipped - Files Excluded

Bito didn't auto-review this change because all changed files are in the exclusion list for automatic reviews. No action is needed if you didn't intend for the agent to review it. Otherwise, to manually trigger a review, type /review in a comment and save.
You can change the excluded files settings here, or contact your Bito workspace admin at evan@preset.io.

[codeant-ai-for-open-source]

Sequence Diagram

This PR hardens the tag release GitHub Actions workflow by routing manual inputs and secret checks through environment variables before shell execution, ensuring that Docker image builds and releases use validated configuration and credentials.

sequenceDiagram
    participant Developer
    participant GitHubActions
    participant ConfigJob
    participant ReleaseJob
    participant Supersetbot
    participant DockerRegistry

    Developer->>GitHubActions: Trigger tag release workflow
    GitHubActions->>ConfigJob: Run config job with secret check via env vars
    ConfigJob-->>GitHubActions: Set has-secrets flag
    GitHubActions->>ReleaseJob: Start docker release job when has-secrets is true
    ReleaseJob->>ReleaseJob: Read workflow inputs from env vars and checkout ref
    ReleaseJob->>Supersetbot: Invoke docker command with release and flags
    Supersetbot->>DockerRegistry: Build and push tagged images

Loading

---

Generated by CodeAnt AI

[dagecko]

Let me know if you have any questions

[hainenber]

Thank you @dagecko for this valuable contribution! This will surely strengthen the project's CI/CD security posture.

Re: previous PR you opened but closed due to branch issue, things might slipped under cracks for us Ops maintainers so anything on CI/CD, feel free to ping me for needful support.

For this PR, it's a LGTM!

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.56%. Comparing base (9c288d6) to head (946867a).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #38893      +/-   ##
==========================================
- Coverage   65.81%   64.56%   -1.25%     
==========================================
  Files        1823     2536     +713     
  Lines       73182   130753   +57571     
  Branches    23451    30323    +6872     
==========================================
+ Hits        48163    84426   +36263     
- Misses      25019    44859   +19840     
- Partials        0     1468    +1468     

Flag	Coverage Δ
hive	40.36% <ø> (?)
mysql	61.28% <ø> (?)
postgres	61.36% <ø> (?)
presto	40.37% <ø> (?)
python	62.96% <ø> (?)
sqlite	60.98% <ø> (?)
unit	100.00% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dagecko]

Thanks @hainenber, appreciate the approval and the offer. I'll definitely reach out if I come across anything else. Happy to help. Have a great day.

• Chris

[dagecko]

Hey, thanks again for merging this. I was doing some additional validation against the CodeQL envvar-injection-critical guidance (https://codeql.github.com/codeql-query-help/actions/actions-envvar-injection-critical/) and noticed ${INPUT_LIMIT} on the limit flag should be quoted as "${INPUT_LIMIT}" for completeness. Minor one, just flagging it for your awareness.

• Chris