Summary
.github/workflows/testdriver.yml pins a third-party action to a mutable branch — uses: testdriverai/action@main — inside a job that holds real secrets. I wanted to flag it as a small supply-chain hardening opportunity, and I'm happy to open the one-line fix if that's welcome.
I know this is a solo-maintained project with a discuss-first process, so please treat this as a heads-up rather than a demand on your time — no worries at all if it's not a priority.
What I observed (facts, at commit c99022c)
In testdriver.yml, the run_testdriver job:
- triggers on
workflow_run (line 3–4) — which runs from the default branch with access to repo secrets;
- runs
uses: testdriverai/action@main (line 50). testdriverai/action is a third-party action (owner testdriverai, not wavetermdev/actions; default_branch: main), so @main resolves to whatever that branch's HEAD points at, at run time;
- in that same step passes
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} (line 54) and key: ${{ secrets.DASHCAM_API }} (line 56), and embeds the GITHUB_TOKEN in an Authorization header (line 59). Job permissions are contents: read + statuses: write.
Every other third-party action in the file is pinned to a version tag (e.g. mlugg/setup-zig@v2, nick-fields/retry@v4, softprops/action-gh-release@v2) — testdriverai/action@main is the only one on a moving branch.
Why I think it's worth a look (my inference)
If that upstream branch were ever repointed to malicious code — the class of thing that happened with tj-actions/changed-files in 2025 — it would execute in a job that can read DASHCAM_API and use the GITHUB_TOKEN. Pinning to a full commit SHA closes that window while still letting you bump it deliberately. I also noticed dependabot.yml enables the github-actions ecosystem, but Dependabot updates tags/SHAs and can't rewrite a @main branch ref, so this particular pin isn't covered by your existing tooling.
Suggested fix
Pin to the current commit SHA with a comment, e.g.:
- uses: testdriverai/action@<full-40-char-sha> # main as of <date>
I checked open and closed issues/PRs and didn't find an existing one for this. If you'd like, I'm glad to open a tiny PR with the SHA pin (I'd sign the CLA first) — or feel free to just make the one-line change yourself, whichever is less overhead for you.
Disclosure: I used an AI tool to help spot this and draft the report; I verified every line against the workflow file at the commit above myself and take responsibility for it.
Summary
.github/workflows/testdriver.ymlpins a third-party action to a mutable branch —uses: testdriverai/action@main— inside a job that holds real secrets. I wanted to flag it as a small supply-chain hardening opportunity, and I'm happy to open the one-line fix if that's welcome.I know this is a solo-maintained project with a discuss-first process, so please treat this as a heads-up rather than a demand on your time — no worries at all if it's not a priority.
What I observed (facts, at commit
c99022c)In
testdriver.yml, therun_testdriverjob:workflow_run(line 3–4) — which runs from the default branch with access to repo secrets;uses: testdriverai/action@main(line 50).testdriverai/actionis a third-party action (ownertestdriverai, notwavetermdev/actions;default_branch: main), so@mainresolves to whatever that branch's HEAD points at, at run time;GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}(line 54) andkey: ${{ secrets.DASHCAM_API }}(line 56), and embeds theGITHUB_TOKENin anAuthorizationheader (line 59). Job permissions arecontents: read+statuses: write.Every other third-party action in the file is pinned to a version tag (e.g.
mlugg/setup-zig@v2,nick-fields/retry@v4,softprops/action-gh-release@v2) —testdriverai/action@mainis the only one on a moving branch.Why I think it's worth a look (my inference)
If that upstream branch were ever repointed to malicious code — the class of thing that happened with
tj-actions/changed-filesin 2025 — it would execute in a job that can readDASHCAM_APIand use theGITHUB_TOKEN. Pinning to a full commit SHA closes that window while still letting you bump it deliberately. I also noticeddependabot.ymlenables thegithub-actionsecosystem, but Dependabot updates tags/SHAs and can't rewrite a@mainbranch ref, so this particular pin isn't covered by your existing tooling.Suggested fix
Pin to the current commit SHA with a comment, e.g.:
I checked open and closed issues/PRs and didn't find an existing one for this. If you'd like, I'm glad to open a tiny PR with the SHA pin (I'd sign the CLA first) — or feel free to just make the one-line change yourself, whichever is less overhead for you.
Disclosure: I used an AI tool to help spot this and draft the report; I verified every line against the workflow file at the commit above myself and take responsibility for it.