pypa · joerick · Feb 6, 2026 · Jan 9, 2026 · Jan 9, 2026 · Jan 9, 2026
diff --git a/README.md b/README.md
@@ -92,6 +92,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       # Used to host cibuildwheel
       - uses: actions/setup-python@v6
@@ -124,6 +126,11 @@ The following diagram summarises the steps that cibuildwheel takes on each platf
 
 <sup>Explore an interactive version of this diagram [in the docs](https://cibuildwheel.pypa.io/en/stable/#how-it-works).</sup>
 
+> [!WARNING]
+> Building and testing wheels executes arbitrary code from your project and its dependencies. Although cibuildwheel uses OCI containers and Pyodide for some builds, these provide no security guarantees - the code you're building and testing has full access to the environment that's invoking cibuildwheel.
+>
+> If you cannot trust all the code that's pulled in, maintain good security hygiene: keep the job that builds distributions separate from the job that uploads them to PyPI, handle secrets and credentials with care and rotate them regularly, and follow the principle of least privilege when granting permissions. Do not store sensitive data on CI runners.
+
 
 <!--[[[cog from readme_options_table import get_table; print(get_table()) ]]]-->
 

diff --git a/docs/deliver-to-pypi.md b/docs/deliver-to-pypi.md
@@ -29,10 +29,11 @@ GitHub actions has pipx in all the runners as a supported package manager, as we
     name: Make SDist
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         fetch-depth: 0  # Optional, use if you use setuptools_scm
         submodules: true  # Optional, use if you have submodules
+        persist-credentials: false # Highly recommended as a good security practice to not store credentials in disk, unless you need this for your specific use case
 
     - name: Build SDist
       run: pipx run build --sdist

diff --git a/docs/index.md b/docs/index.md
@@ -22,3 +22,8 @@ This diagram summarises the steps that cibuildwheel takes on each platform to bu
 %}
 
 This isn't exhaustive, for a full list of the things cibuildwheel can do, check the [options](options.md) page.
+
+!!! warning "A note on security"
+      Building and testing wheels executes arbitrary code from your project and its dependencies. Although cibuildwheel uses OCI containers and Pyodide for some builds, these provide no security guarantees - the code you're building and testing has full access to the environment that's invoking cibuildwheel.
+
+      If you cannot trust all the code that's pulled in, maintain good security hygiene: keep the job that builds distributions separate from the job that uploads them to PyPI, handle secrets and credentials with care and rotate them regularly, and follow the principle of least privilege when granting permissions. Do not store sensitive data on CI runners.
diff --git a/examples/github-deploy.yml b/examples/github-deploy.yml
@@ -48,7 +48,9 @@ jobs:
             platform: pyodide
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Build wheels
         uses: pypa/cibuildwheel@v3.3.1
@@ -70,7 +72,9 @@ jobs:
     name: Build source distribution
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Build sdist
         run: pipx run build --sdist

diff --git a/examples/github-minimal.yml b/examples/github-minimal.yml
@@ -12,7 +12,9 @@ jobs:
         os: [ubuntu-latest, ubuntu-24.04-arm, windows-latest, windows-11-arm, macos-15-intel, macos-14]
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Build wheels
         uses: pypa/cibuildwheel@v3.3.1

diff --git a/examples/github-pipx.yml b/examples/github-pipx.yml
@@ -12,7 +12,9 @@ jobs:
         os: [ubuntu-latest, ubuntu-24.04-arm, windows-latest, windows-11-arm, macos-15-intel, macos-14]
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Build wheels
         run: pipx run cibuildwheel==3.3.1

diff --git a/examples/github-with-qemu.yml b/examples/github-with-qemu.yml
@@ -12,7 +12,9 @@ jobs:
         os: [ubuntu-latest, ubuntu-24.04-arm, windows-latest, windows-11-arm, macos-15-intel, macos-14]
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Set up QEMU
         if: runner.os == 'Linux' && runner.arch == 'X64'