[AAASM-3993] 🔧 (ci): Least-privilege permissions + minimize reusable-wf secret exposure#201
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
… workflow Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
…uild_and_test Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
…un_all_test_and_record Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01MvjnG3ysnqTY6Gu1wQ2h73
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
🤖 Claude Code — PR ReviewVerdict: APPROVE (scope-clean). [AAASM-3993 + AAASM-3994 — python] Adds a top-level least-privilege No job starved of scope: these are checkout + test/build/lint/benchmark workflows. Codecov upload authenticates via AAASM-3994 (reusable-wf supply chain): documented in-place — trust bounded by the 40-char commit-SHA pins (retained), secrets already per-call minimized ( YAML valid — full CI is green (21/21). Additive, config-only. |



Description
CI supply-chain hardening for the python-sdk GitHub Actions workflows.
AAASM-3993 — least-privilege permissions. Adds a top-level
permissions: contents: readblock to every workflow that previously declared none:benchmarks.yml,ci.yaml,ci_includes_e2e_test.yaml,native-core-build.yml,type-check.yml, and the two reusable workflowsrw_build_and_test.yaml/rw_run_all_test_and_record.yaml. Every job here only checks out and runs tests/builds — none pushes commits, comments on PRs, or deploys — socontents: readis sufficient. For the reusable workflows this also caps theGITHUB_TOKENhanded to the third-party workflows they call. Coverage/Sonar uploads use their own secret tokens, and artifact up/download use the Actions runtime token, so nothing needs write.AAASM-3994 — minimize reusable-workflow secret exposure. The two reusable workflows call
Chisanan232/GitHub-Action_Reusable_Workflows-Python/...(a personal-account reusable workflow). The key mitigation — a 40-char commit-SHA pin on everyuses:— is already in place and kept as-is. On review, the forwarded secrets are already scoped per call:rw_build_and_test.yamlforwardse2e_test_api_token(Slack) only to the e2e job (unit/integration forward none);rw_run_all_test_and_record.yamlforwards onlycodecov_tokento each*_codecov_finishcall, andsonar_tokenis used solely by the localsonarcloud_finishjob (SonarSource action) — never forwarded to the third party. This PR adds documenting comments capturing that trust assumption plus aTODO(AAASM-3994)to vendor the workflow into theai-agent-assemblyorg (or pin a signed release) as the full long-term fix.Type of Change
Breaking Changes
Related Issues
Testing
actionlint— no new findings (pre-existingshellchecknits inside untouchedrun:blocks remain, out of scope).Checklist