fix(ci): harden against template injection and credential exposure

.github/workflows/ci.yml

@@ -7,9 +7,13 @@ env:
   IMAGE_REPO: ttl.sh/test-${{ github.job }}-${{ github.run_id }}
   APKO_CONFIG: https://raw.githubusercontent.com/chainguard-dev/apko/refs/heads/main/examples/nginx.yaml
 
+permissions: {}
+
 jobs:
   ci:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # Clone the repository
 
     steps:
       - name: Harden Runner
@@ -18,6 +22,8 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          persist-credentials: false
 
       - name: Build, sign, inspect an image using wolfi-act
         uses: ./
@@ -52,6 +58,8 @@ jobs:
 
   ci-debug:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # Clone the repository
 
     steps:
       - name: Harden Runner
@@ -60,6 +68,8 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          persist-credentials: false
 
       - name: Build, sign, inspect an image using wolfi-act
         uses: ./

.github/workflows/zizmor.yaml

@@ -6,8 +6,20 @@ name: Zizmor
 on:
   pull_request:
     branches: ['main']
+    paths:
+      - '.github/workflows/**'
+      - '.github/actions/**'
+      - 'action.yml'
+      - '.github/dependabot.yml'
+      - '.github/zizmor.yml'
   push:
     branches: ['main']
+    paths:
+      - '.github/workflows/**'
+      - '.github/actions/**'
+      - 'action.yml'
+      - '.github/dependabot.yml'
+      - '.github/zizmor.yml'
 
 permissions: {}
 
@@ -36,3 +48,5 @@ jobs:
 
       - name: Run zizmor
         uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
+        with:
+          persona: pedantic

.github/zizmor.yml

@@ -7,3 +7,12 @@ rules:
   dependabot-cooldown:
     config:
       days: 3
+  # Pedantic-only; no security impact — cosmetic/style findings
+  anonymous-definition:
+    disable: true
+  undocumented-permissions:
+    disable: true
+  # Pedantic-only; low security value but extremely noisy
+  # Address concurrency limits as a separate, dedicated effort if desired
+  concurrency-limits:
+    disable: true

action.yml

@@ -20,20 +20,25 @@ runs:
   using: "composite"
   steps:
     - shell: bash
+      env:
+        INPUT_DEBUG: ${{ inputs.debug }}
+        INPUT_COMMAND: ${{ inputs.command }}
+        INPUT_PACKAGES: ${{ inputs.packages }}
+        INPUT_APKO_IMAGE: ${{ inputs.apko-image }}
       run: |
         set -e
 
         debug_args=
         debug_args_image="-exc"
-        debug='${{inputs.debug}}'
+        debug="${INPUT_DEBUG}"
         if [[ "${debug}" == "true" ]]; then
           echo "[🐙] Enabling debug logging."
           set -x
           debug_args="2>/dev/null"
           debug_args_image="-ec"
         fi
 
-        if [[ '${{inputs.command}}' == '' ]]; then
+        if [[ "${INPUT_COMMAND}" == '' ]]; then
           echo "[🐙] Missing input: command"
           exit 1
         fi
@@ -51,7 +56,7 @@ runs:
             - bash
         EOL
 
-        packages='${{inputs.packages}}'
+        packages="${INPUT_PACKAGES}"
         if [[ "${packages}" != "" ]]; then
           for package in $(echo "${packages}" | sed 's/,/\n/g'); do
             echo "    - ${package}" >> ./wolfi-act.apko.config.yaml
@@ -60,9 +65,9 @@ runs:
 
         printf "[🐙] Building ephemeral container image from Wolfi packages... "
         eval docker run --rm \
-            -v ${PWD}:/work \
+            -v "${PWD}":/work \
             -w /work \
-            '${{ inputs.apko-image }}' \
+            "${INPUT_APKO_IMAGE}" \
             build \
             --arch=x86_64 \
             --sbom=false \
@@ -76,14 +81,26 @@ runs:
         eval docker load < wolfi-act.tar "${debug_args}"
         echo "done."
 
-        env > wolfi-act.github.env
+        # Capture runner env for the container, excluding INPUT_* vars and
+        # any var whose value contains embedded newlines (which no
+        # line-oriented env file format can represent). env -0 gives
+        # null-terminated records so multi-line values stay in one record;
+        # we read them in a while loop to avoid grep -v exit-code-1 when
+        # no records are filtered, which kills the pipeline under pipefail.
+        while IFS= read -r -d '' record; do
+          name="${record%%=*}"
+          value="${record#*=}"
+          [[ "$name" == INPUT_* ]] && continue
+          [[ "$value" == *$'\n'* ]] && continue
+          printf '%s\n' "$record"
+        done < <(env -0) > wolfi-act.github.env
 
         echo "[🐙] Running the following command in ephemeral container image:"
-        echo '${{ inputs.command }}'
+        echo "${INPUT_COMMAND}"
         echo "[🐙] Output:"
         docker run -i --rm --platform linux/amd64 \
-            -v ${PWD}:/work \
+            -v "${PWD}":/work \
             -w /work \
             --env-file wolfi-act.github.env \
             wolfi-act:latest-amd64 \
-            bash "${debug_args_image}" '${{ inputs.command }}'
+            bash "${debug_args_image}" "${INPUT_COMMAND}"