fix: pin 8 unpinned action(s) to commit SHAs

[dagecko]

Summary of changes

This PR hardens CI/CD workflows against supply chain attacks by pinning 8 third-party GitHub Actions to immutable commit SHAs across 3 workflow files. All changes are mechanical and preserve existing workflow behavior.

Of particular note: This repository currently references tj-actions/changed-files@v46 (used twice in main.yml) and codecov/codecov-action@v4 (used twice in main.yml). Both of these actions have been previously compromised in real supply chain attacks:

• tj-actions/changed-files was compromised in March 2025 when a maintainer's personal access token was stolen. The attacker force-pushed malicious code to the mutable version tags, causing 23,000 downstream repositories to execute the attacker's code in their CI pipelines with full access to secrets and deployment credentials.
• codecov/codecov-action was compromised in 2021 when attackers modified the Bash Uploader script to exfiltrate environment variables and CI secrets from every repository using the action.

Pinning these to commit SHAs ensures that even if these actions are compromised again, the pinned SHA cannot be changed and your workflows will continue to reference the known-good version.

Fixes applied

Rule	Severity	File	Description
RGS-007	medium	ci-sage.yml	Pinned 1 action(s) to commit SHA
RGS-007	medium	main.yml	Pinned 6 action(s) to commit SHA
RGS-007	medium	pyright.yml	Pinned 1 action(s) to commit SHA

Why this change

I've been scanning the top 50,000 GitHub repositories for CI/CD pipeline vulnerabilities over the last 5 weeks as part of an ongoing research effort into the supply chain attack campaign that started with tj-actions in March and has escalated through multiple phases since, where attackers compromise maintainer accounts and force-push malicious code to mutable action tags - every downstream project referencing those tags then executes the attacker's code with full access to secrets and deployment credentials.

You may notice that I have opened up a lot of PRs - don't take that as a negative. I've been working around the clock on this and monitoring all comms. It may take me an hour or two to get back to a comment you leave.

How to verify

Every change is mechanical and preserves workflow behavior:

• SHA pinning: action@v3 becomes action@abc123 # v3 - original version preserved as comment
• No workflow logic, triggers, or permissions are modified

I've had 22 merges so far. I created a tool called Runner Guard to assist in my research - it does mechanical, non-AI fixes to reduce hallucinations to zero and produce consistent fixes. If you would like to scan it yourself to validate my work, feel free.

Happy to answer any questions - I'm monitoring comms on every PR.

- Chris Nyhuis (dagecko)

Pull Request Checklist

• Changes have tests - All changes are mechanical SHA pins tested with unit tests and regression testing against real repositories.
• News fragment added in newsfragments/. - N/A for CI security hardening, no functional code changes.

[webknjaz]

FTR, the OP is known to mass-post slop. It'd be far more useful to configure Zizmor properly.

[dagecko]

Hey @webknjaz, I'd encourage you to actually look at the changes before assuming it's slop. The PR pins 8 actions to commit SHAs across 3 workflow files, including tj-actions/changed-files which was compromised in a real supply chain attack earlier this year.

Feel free to close it if you're not interested, but you might want to check with some of the projects that did take a look. next.js, svelte, metabase, keras, webpack, lazygit, apache/superset, and others have all merged similar hardening PRs after reviewing them.

As for Zizmor, great tool, we use it too. But configuring a linter and actually fixing the findings are two different things. This PR is the fix.

Feel free to close if you're out on it.

• Chris