205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

ci: run publish build under Node's permission model (experiment)

Browse Source 
Wraps the build phase of the npm publish workflow (`tsc -p .`, plus
`typedoc` for `packages/esbuild-plugin-live-reload`) in Node 24's
permission model.

Configuration:

  node --permission \
       --allow-fs-read="$PWD" \
       --allow-fs-write="$PWD" \
       ./node_modules/typescript/bin/tsc -p .

`--permission` with no other `--allow` flags denies by default:
  - network (--allow-net)
  - child_process (--allow-child-process)
  - worker_threads (--allow-worker)
  - native addons
  - WASI

fs reads and writes are scoped to the package working tree. The
threat model addressed: a malicious devDep (direct or transitive)
that wakes up during `tsc` and tries to exfil credentials. It can
still read process.env, but with no network, no subprocess, and no
fs write outside `$PWD`, it has no channel to send anything out.

`npm ci` and `npm publish` keep their full capability set — both
legitimately need network and subprocess access, and `npm publish`'s
defense lives at the runner egress layer (step-security/harden-runner,
added in #22463).

This is the smallest tractable surface for the permission model in
this repo: all six publishable packages build via `tsc` (one also
runs `typedoc`), with no native addons and no in-build child
processes. If a future package needs broader permissions, the
allow-list can be widened per-step rather than discarded.

The Node permission model is still in active development (stability
1.1 in v24); the API surface is stable enough to commit to but the
"experiment" framing is intentional — if a downstream tsc/typedoc
revision starts touching paths outside `$PWD`, revert is one-line.

Co-authored-by: Agent <279763771+playpen-agent@users.noreply.github.com>
This commit is contained in:
Teffen Ellis
2026-05-19 13:43:50 +02:00
parent 85d645d8e0
commit c3ef2f94d7
1 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/packages-npm-publish.yml
+27 -1
View File
@@ -47,7 +47,33 @@ jobs:
- name: Publish package
if: steps.changed-files.outputs.any_changed == 'true'
working-directory: ${{ matrix.package }}
# Experimental: the build (tsc, plus typedoc for one package) runs
# under Node's permission model. fs reads/writes are scoped to the
# package working tree; --permission with no other --allow flags
# blocks network, child_process, worker_threads, native addons,
# and WASI by default.
#
# Trade-off: env vars are still readable (the permission model
# does not gate them), but with no exfil channel — no network,
# no subprocess, no write outside $PWD — they cannot leave the
# build sandbox. The npm ci and npm publish phases keep their
# full capability set since they legitimately need network and
# subprocess access.
run: |
corepack npm ci
corepack npm run build
WORK="$PWD"
node \
--permission \
--allow-fs-read="$WORK" \
--allow-fs-write="$WORK" \
./node_modules/typescript/bin/tsc -p .
if [ -x ./node_modules/typedoc/bin/typedoc ]; then
node \
--permission \
--allow-fs-read="$WORK" \
--allow-fs-write="$WORK" \
./node_modules/typedoc/bin/typedoc
fi
corepack npm publish