Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(ci): route build_agent_package version/dist/path through env: for hardening uniformity#1613

Merged
itomek merged 2 commits into
mainfrom
tmi/issue-1611-env-hardening
Jun 11, 2026
Merged

chore(ci): route build_agent_package version/dist/path through env: for hardening uniformity#1613
itomek merged 2 commits into
mainfrom
tmi/issue-1611-env-hardening

Conversation

@itomek

@itomek itomek commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Why this matters

build_agent_package.yml already routes the user-supplied agent_id through env: before any shell, but version, dist, and path were still interpolated as raw ${{ … }} expressions inside run: blocks, and the version read embedded a shell var inside a python -c code string. The injection risk today is nil — those values are workflow/repo-controlled, not user input — but applying the env: convention uniformly makes the hardening obvious so a future copy-paste onto a path that does carry user input can't silently reintroduce a real injection.

No behavior change. Verified live on the real runner: a workflow_dispatch of the hardened workflow on this branch produced the identical agent-pkg-email-v0.1.0 prerelease (wheel + sdist), green end-to-end.

Test plan

  • actionlint clean on build_agent_package.yml (only a pre-existing SC2129 style note, unchanged by this PR)
  • YAML parses (yaml.safe_load)
  • No ${{ … }} remains in any run: block — every dynamic value (agent_id, version, dist, path) now reaches the shell/Python via env:; the version read uses a here-doc reading os.environ["PATHV"]
  • Live workflow_dispatch on this branch → green run, identical agent-pkg-email-v0.1.0 prerelease with .whl + .tar.gz (run)
  • Anonymous curl of both release assets → HTTP 200; clean-venv pip install of the wheel + import gaia_agent_email works
  • No PyPI publish path fired — Agent Hub: Publish Python agent wheels to PyPI #1179 stays untouched

Full post-merge verification evidence (all 8 ACs) is captured in #1602.

Closes #1611

Related: #1598, #1601, #1602

agent_id was already hardened via env:; version, dist, and path were
still interpolated as raw ${{ }} expressions inside run: blocks. Route
all three through env: in the publish step, and read the pyproject.toml
version via a here-doc with os.environ["PATHV"] so no shell variable is
embedded in the Python source string. No behavior change.

Closes #1611
@github-actions github-actions Bot added the devops DevOps/infrastructure changes label Jun 11, 2026
@itomek itomek marked this pull request as ready for review June 11, 2026 22:45
@itomek itomek requested a review from kovtcharov-amd as a code owner June 11, 2026 22:45
@itomek itomek self-assigned this Jun 11, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Summary

Clean, correctly-scoped CI hardening — every dynamic value in build_agent_package.yml now reaches the shell via env: instead of raw ${{ … }} interpolation inside run: blocks, and the version read no longer embeds a shell var inside a python -c string. No behavior change, and the author verified that live on the runner (identical agent-pkg-email-v0.1.0 prerelease). The one subtle risk — the here-doc terminator after YAML block-scalar stripping — is sound: I rendered the workflow and confirmed PY lands at column 0 and the block reads the version correctly.

Issues Found

None blocking.

🟢 Minor — tomllib requires Python 3.11+ (.github/workflows/build_agent_package.yml:56)
setup-python pins '3.x', which resolves to the latest 3.x and satisfies this fine. Worth noting only because it's an implicit floor; not introduced by this PR (the prior python -c line used tomllib too), so no action needed — flagging for awareness.

Strengths

  • The quoted here-doc delimiter (<<'PY') plus passing PATHV through the environment is exactly the right way to eliminate the shell-var-in-Python-string smell — no interpolation into the code body at all.
  • Keeping the Python body at the same base indentation as the surrounding shell (rather than visually indenting it) is deliberate and necessary: it's what keeps the unquoted PY terminator at column 0 after YAML strips the block indentation. Easy to get wrong; got it right.
  • set -euo pipefail is preserved, so a failed version read still aborts the step loudly — consistent with GAIA's no-silent-fallbacks rule.
  • The "why" is captured well: the injection risk is nil today, but applying the env: convention uniformly stops a future copy-paste onto a user-input path from silently reintroducing a real injection. Good defensive instinct, clearly explained.

Verdict

Approve — no blocking issues; the change is correct, behavior-preserving, and verified live. Safe to merge.

@itomek itomek enabled auto-merge June 11, 2026 23:30
@itomek itomek added this pull request to the merge queue Jun 11, 2026
Merged via the queue into main with commit f6d81e3 Jun 11, 2026
17 checks passed
@itomek itomek deleted the tmi/issue-1611-env-hardening branch June 11, 2026 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

devops DevOps/infrastructure changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore(ci): build_agent_package — route version/dist/path through env: for hardening uniformity

2 participants