Security: Pin CI dep versions and tidy code up

[Sidnioulz]

What I did

I reviewed all our CI workflows for potential cache poisoning issues, and made the following updates at the same time:

• Added stern warnings to pull_request_target workflows with security rules to follow
• Pinned all dependency versions to known hashes
• Replaced writes to GITHUB_ENV with step outputs for more accurate context validation (your IDE now tells you when a previous job output might be undefined)
• Removed a markdown lint workflow with unmaintained dependencies
• Replaced a JSON fetch dependency with a local jq call to reduce reliance on deps

Checklist for Contributors

Testing

This will need to be manually audited and all subsequent runs of the jobs monitored.

Checklist for Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli-storybook/src/sandbox-templates.ts

• Make sure this PR contains one of the labels below:

  Available labels

  • bug: Internal changes that fixes incorrect behavior.
  • maintenance: User-facing maintenance tasks.
  • dependencies: Upgrading (sometimes downgrading) dependencies.
  • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
  • cleanup: Minor cleanup style change. Will not show up in release changelog.
  • documentation: Documentation only changes. Will not show up in release changelog.
  • feature request: Introducing a new feature.
  • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
  • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook publish.yml --field pr=<PR_NUMBER>

Summary by CodeRabbit

• Chores

  • Pinned GitHub Actions to specific commit SHAs for improved security and consistency across all workflows.
  • Updated checkout action to v6.0.2 and standardized other action versions across workflows.
  • Enhanced workflow security with explicit permission settings.
  • Refactored workflows to use step outputs instead of environment variables.

• Removals

  • Removed weekly automated markdown link checks workflow.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR pins GitHub Actions to specific commit SHAs across twelve CI workflow files, hardens pull_request_target permissions with explicit limits and security comments, removes deprecated cron-weekly and markdown-link-check infrastructure, and refactors environment-based inter-job outputs to step-based outputs in release and trigger workflows.

Changes

Workflow pinning and outputs changes

Layer / File(s)	Summary
Permissions hardening for PR-target workflows .github/workflows/agent-scan.yml, .github/workflows/trigger-circle-ci-workflow.yml	Adds top-level permissions: {} and security-warning comments to workflows using pull_request_target trigger to explicitly limit default token scope.
AgentScan workflow hardening .github/workflows/agent-scan.yml	Updates agentscan job with named checkout step (PR base SHA checkout), adds contents: read permission, and repins actions/cache with cache-safety guidance while preserving AgentScan action invocation and gating.
Checkout action pinning across workflows .github/workflows/copilot-setup-steps.yml, .github/workflows/fork-checks.yml, .github/workflows/nx.yml, .github/workflows/prepare-patch-release.yml, .github/workflows/publish.yml, .github/workflows/prepare-non-patch-release.yml	Replaces floating actions/checkout@v4 and @v5 tags with pinned commit SHAs (v6.0.2) across nine jobs in six workflows, preserving existing refs and configuration.
Build and orchestration action pinning .github/workflows/generate-sandboxes.yml, .github/workflows/nx.yml	Pins actions/setup-node, actions/github-script, and nrwl/nx-set-shas to commit SHAs with inline version comments; build config (node-version, cache strategy) remains unchanged.
Notification and utility action pinning .github/workflows/generate-sandboxes.yml, .github/workflows/prepare-non-patch-release.yml, .github/workflows/prepare-patch-release.yml, .github/workflows/publish.yml, .github/workflows/stale.yml, .github/workflows/triage.yml, .github/workflows/trigger-circle-ci-workflow.yml	Pins Discord, getsentry/action-release, stale, nissuer, check-actor-permissions, find-and-replace, and http-request actions to commit SHAs with version comments; notification inputs and step conditions remain unchanged.
Release-branch workflow output refactor .github/workflows/handle-release-branches.yml	Migrates branch-checks, handle-latest, get-next-release-branch, and next-release-branch-check jobs from $GITHUB_ENV/env.* to $GITHUB_OUTPUT/steps.*.outputs.*; replaces notiz-dev/github-action-json-property with direct jq parsing of next/code/package.json for next-release computation; job outputs updated to reference step outputs.
Trigger workflow output refactor .github/workflows/trigger-circle-ci-workflow.yml	Replaces $GITHUB_ENV/env.* with $GITHUB_OUTPUT/steps.*.outputs.* in get-branch and get-parameters jobs; job outputs declarations updated to reference step outputs; CircleCI trigger step now uses pinned http-request action.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• storybookjs/storybook#34293: Introduces agent-scan CI workflow that this PR significantly hardens with permissions and checkout updates.
• storybookjs/storybook#34013: Applies similar pull_request_target security hardening pattern (permissions limits, PR base SHA checkout) to DangerJS workflow.
• storybookjs/storybook#32632: Modifies the cron-weekly workflow that this PR removes entirely; workflow configuration changes directly conflict.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/nx.yml:
- Line 67: The workflow step currently executes "npx nx-cloud@latest
start-ci-run ..." which pulls a mutable `@latest` package; replace this with a
pinned version or the locally installed CLI to avoid supply-chain drift—e.g.,
change the invocation that references "npx nx-cloud@latest" to a fixed version
token like "npx nx-cloud@<version>" or call the repo's installed binary (e.g.,
"npx nx-cloud" relying on lockfile) so the step that runs start-ci-run
--distribute-on="${{ steps.dist.outputs.config }}"
--stop-agents-after="$ALL_TASKS" uses a deterministic nx-cloud release.

In @.github/workflows/trigger-circle-ci-workflow.yml:
- Around line 79-88: The outputs reference steps.get-parameters.outputs.workflow
but there is no step with id "get-parameters"; update the workflow so the step
that computes the "workflow" value is given id: get-parameters (or change the
outputs reference to the actual step id), and ensure that the step writes the
output named "workflow" (using echo "workflow=..." >> $GITHUB_OUTPUT) so that
outputs.workflow resolves correctly; look for the step that sets workflow values
and add or correct the id to "get-parameters" and confirm outputs.workflow
points to steps.get-parameters.outputs.workflow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5d36af4a-6b8b-4f59-90af-e7fc544d2b7d

📥 Commits

Reviewing files that changed from the base of the PR and between cc871df and 54f34a6.

📒 Files selected for processing (15)

• .github/workflows/agent-scan.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/cron-weekly.yml
• .github/workflows/danger-js.yml
• .github/workflows/fork-checks.yml
• .github/workflows/generate-sandboxes.yml
• .github/workflows/handle-release-branches.yml
• .github/workflows/markdown-link-check-config.json
• .github/workflows/nx.yml
• .github/workflows/prepare-non-patch-release.yml
• .github/workflows/prepare-patch-release.yml
• .github/workflows/publish.yml
• .github/workflows/stale.yml
• .github/workflows/triage.yml
• .github/workflows/trigger-circle-ci-workflow.yml

💤 Files with no reviewable changes (2)

• .github/workflows/markdown-link-check-config.json
• .github/workflows/cron-weekly.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify mutable runtime dependency usage in workflows
rg -n --type=yaml '@latest|npx\s+nx-cloud@' .github/workflows

# Discover whether nx-cloud is already pinned in repo package manifests
fd -HI '^package\.json$' -E node_modules -x rg -n '"nx-cloud"|@nrwl/nx-cloud' {}

Repository: storybookjs/storybook

Length of output: 223

---

Pin nx-cloud to a specific version instead of using @latest.

Line 67 uses nx-cloud@latest, which fetches a mutable package at runtime and reintroduces supply-chain drift. Pin to a specific version or use a locally installed CLI backed by a lockfile.

Current code

      - run: npx nx-cloud@latest start-ci-run --distribute-on="${{ steps.dist.outputs.config }}" --stop-agents-after="$ALL_TASKS"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/nx.yml at line 67, The workflow step currently executes
"npx nx-cloud@latest start-ci-run ..." which pulls a mutable `@latest` package;
replace this with a pinned version or the locally installed CLI to avoid
supply-chain drift—e.g., change the invocation that references "npx
nx-cloud@latest" to a fixed version token like "npx nx-cloud@<version>" or call
the repo's installed binary (e.g., "npx nx-cloud" relying on lockfile) so the
step that runs start-ci-run --distribute-on="${{ steps.dist.outputs.config }}"
--stop-agents-after="$ALL_TASKS" uses a deterministic nx-cloud release.

[Copilot]

Pull request overview

This PR hardens Storybook’s GitHub Actions workflows against supply-chain and cache-poisoning risks by pinning action dependencies to immutable SHAs, tightening pull_request_target guidance/permissions, and reducing reliance on third-party actions.

Changes:

• Pinned multiple GitHub Action dependencies to commit SHAs across CI/release workflows.
• Migrated some workflow state passing from $GITHUB_ENV to step/job outputs ($GITHUB_OUTPUT) and added explicit permissions: {} for pull_request_target workflows.
• Removed the weekly markdown link check workflow (and its config) and replaced a JSON-property action with local jq.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
.github/workflows/trigger-circle-ci-workflow.yml	Adds pull_request_target security warning + pins HTTP request action; migrates env → outputs.
.github/workflows/triage.yml	Pins balazsorban44/nissuer to a SHA.
.github/workflows/stale.yml	Pins actions/stale to a SHA.
.github/workflows/publish.yml	Pins multiple third-party actions used in release publishing.
.github/workflows/prepare-patch-release.yml	Pins checkout + discord notification action.
.github/workflows/prepare-non-patch-release.yml	Pins checkout + discord notification action.
.github/workflows/nx.yml	Pins checkout/setup-node/github-script/nx-set-shas actions to SHAs.
.github/workflows/markdown-link-check-config.json	Removes markdown link checker configuration.
.github/workflows/handle-release-branches.yml	Pins checkout + replaces JSON-property action usage with jq; migrates env → outputs.
.github/workflows/generate-sandboxes.yml	Pins checkout/setup-node + pins discord notification action.
.github/workflows/fork-checks.yml	Pins checkout across fork validation/test jobs.
.github/workflows/danger-js.yml	Pins checkout for Danger JS workflow.
.github/workflows/cron-weekly.yml	Removes weekly markdown link check workflow.
.github/workflows/copilot-setup-steps.yml	Updates pinned checkout SHA.
.github/workflows/agent-scan.yml	Adds pull_request_target security warning, sets empty default permissions, pins actions, and tweaks checkout step.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/agent-scan.yml (1)

63-69: ⚡ Quick win

Make the checkout explicitly read-only.

This job clears all default scopes, but actions/checkout still recommends contents: read unless you provide alternate auth, and it keeps auth material available to later steps unless persist-credentials: false is set. Since this workflow only needs a trusted, read-only checkout of the base SHA, tightening both here reduces token exposure without changing the job’s behavior. (github.com)

Suggested diff

   agentscan:
     if: |
       github.repository_owner == 'storybookjs' &&
       github.event.pull_request.head.repo.full_name != github.repository &&
       !contains(
         fromJSON('["dependabot[bot]", "github-actions[bot]","storybook-bot"]'),
         github.event.pull_request.user.login
       )
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       pull-requests: write
     steps:
       - name: Checkout code from `next`/`main` branch (trusted code, not PR author code)
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.base.sha }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/agent-scan.yml around lines 63 - 69, The checkout step is
leaving auth material available; update the permissions and checkout config to
make the base-branch checkout explicitly read-only by adding "contents: read" to
the job's permissions (in addition to the existing "pull-requests: write") and
setting "persist-credentials: false" in the
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd step's with block
(keep the existing ref: ${{ github.event.pull_request.base.sha }}).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/agent-scan.yml:
- Around line 63-69: The checkout step is leaving auth material available;
update the permissions and checkout config to make the base-branch checkout
explicitly read-only by adding "contents: read" to the job's permissions (in
addition to the existing "pull-requests: write") and setting
"persist-credentials: false" in the
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd step's with block
(keep the existing ref: ${{ github.event.pull_request.base.sha }}).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8de85d29-4834-40fa-ab6d-bf4f1c0bb6b5

📥 Commits

Reviewing files that changed from the base of the PR and between dccd665 and f087fa1.

📒 Files selected for processing (1)

• .github/workflows/agent-scan.yml

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/handle-release-branches.yml (1)

68-87: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Set explicit token permissions for next-release-branch-check.

This job only computes/prints values, but currently inherits default GITHUB_TOKEN permissions. Add an explicit empty permission set to reduce blast radius.

Suggested fix

   next-release-branch-check:
     if: ${{ always() && github.repository_owner == 'storybookjs' }}
     needs: [branch-checks, get-next-release-branch]
     runs-on: ubuntu-latest
+    permissions: {}
     steps:

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/handle-release-branches.yml around lines 68 - 87, Add an
explicit empty permission set to the next-release-branch-check job to avoid
inheriting GITHUB_TOKEN privileges: inside the job definition for
next-release-branch-check (the job that includes steps with id
is-next-release-branch and relevant-base-branch), add a permissions: none (or
permissions: {}) stanza at the same indentation as runs-on so the job runs with
no token permissions.

♻️ Duplicate comments (1)

.github/workflows/trigger-circle-ci-workflow.yml (1)

79-88: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

outputs.workflow still points at a nonexistent step.

Line 88 reads steps.get-parameters.outputs.workflow, but none of the steps above has id: get-parameters. That leaves needs.get-parameters.outputs.workflow empty, so Line 95 can skip the CircleCI trigger entirely.

Either give the writer step an id: get-parameters, or coalesce outputs from uniquely named steps instead of referencing a missing id.

#!/bin/bash
set -euo pipefail

FILE="$(fd -p '.github/workflows/trigger-circle-ci-workflow.yml' | head -n1)"
sed -n '75,95p' "$FILE"

printf '\nMatches for the referenced output and any matching step id:\n'
rg -n 'steps\.get-parameters\.outputs\.workflow|id:\s*get-parameters' "$FILE"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/trigger-circle-ci-workflow.yml around lines 79 - 88, The
outputs block references steps.get-parameters.outputs.workflow but no step has
id: get-parameters; fix by either adding id: get-parameters to the step that
decides the workflow (the conditional run step(s) that echo "workflow=...") so
the output can be read as steps.get-parameters.outputs.workflow, or change
outputs.workflow to point to an existing step id that actually sets the workflow
output; update the step that emits the workflow value (or give the writer step
an explicit id: get-parameters) so the outputs.workflow mapping resolves.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/agent-scan.yml:
- Around line 85-91: The restore-keys entry is actor-unsafe because
"restore-keys: agentscan-cache-" can match caches from other github.actor
values; update the workflow so restore-keys either is removed or is actor-scoped
to match the primary key. Concretely, change the restore-keys value to the same
actor-specific prefix (agentscan-cache-${{ github.actor }}) or delete the
restore-keys line so the actions/cache step only restores the exact key defined
by key: agentscan-cache-${{ github.actor }}; adjust the block using the symbols
key and restore-keys to make the cache actor-isolated.
- Around line 67-70: Update the checkout step that uses
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd (the "Checkout code
from `next`/`main` branch (trusted code, not PR author code)" step) to set
persist-credentials: false so the runner does not leave authentication tokens
available to later steps; also tighten the cache step(s) that use restore-keys
like "agentscan-cache-" to avoid cross-actor restores by making the restore key
more specific (include the actor or other unique identifier) so caches created
by a different `${{ github.actor }}` cannot be restored inadvertently.

In @.github/workflows/fork-checks.yml:
- Around line 16-18: The checkout steps using the actions/checkout action (the
lines with "uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" /
actions/checkout) should add persist-credentials: false to avoid storing the
token in git config; update every checkout step in the workflow (all occurrences
of actions/checkout) to include the with: persist-credentials: false key
alongside the existing fetch-depth: 2 so credential persistence is disabled for
these read-only fork-check jobs.

In @.github/workflows/handle-release-branches.yml:
- Around line 82-85: The run step is vulnerable because it injects branch names
directly into a single-quoted shell string; change it to pass the branch outputs
as separate, quoted shell arguments so they cannot break out and execute code:
use the existing outputs (steps.is-next-release-branch.outputs.result,
needs.branch-checks.outputs.branch,
steps.relevant-base-branch.outputs.relevant-base-branch) but call echo with
quoted expansions or assign them to shell variables first, e.g. echo "WARNING:
Do not push directly to the branch:" "${{ needs.branch-checks.outputs.branch }}"
"This branch is created..." "${{
steps.relevant-base-branch.outputs.relevant-base-branch }}" and then exit 1 —
this ensures any special characters in the branch names are treated as literal
text, not shell syntax.

---

Outside diff comments:
In @.github/workflows/handle-release-branches.yml:
- Around line 68-87: Add an explicit empty permission set to the
next-release-branch-check job to avoid inheriting GITHUB_TOKEN privileges:
inside the job definition for next-release-branch-check (the job that includes
steps with id is-next-release-branch and relevant-base-branch), add a
permissions: none (or permissions: {}) stanza at the same indentation as runs-on
so the job runs with no token permissions.

---

Duplicate comments:
In @.github/workflows/trigger-circle-ci-workflow.yml:
- Around line 79-88: The outputs block references
steps.get-parameters.outputs.workflow but no step has id: get-parameters; fix by
either adding id: get-parameters to the step that decides the workflow (the
conditional run step(s) that echo "workflow=...") so the output can be read as
steps.get-parameters.outputs.workflow, or change outputs.workflow to point to an
existing step id that actually sets the workflow output; update the step that
emits the workflow value (or give the writer step an explicit id:
get-parameters) so the outputs.workflow mapping resolves.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: abad636f-bf91-4399-8881-1cc603f40a89

📥 Commits

Reviewing files that changed from the base of the PR and between 14c4bb0 and 732f066.

📒 Files selected for processing (14)

• .github/workflows/agent-scan.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/cron-weekly.yml
• .github/workflows/fork-checks.yml
• .github/workflows/generate-sandboxes.yml
• .github/workflows/handle-release-branches.yml
• .github/workflows/markdown-link-check-config.json
• .github/workflows/nx.yml
• .github/workflows/prepare-non-patch-release.yml
• .github/workflows/prepare-patch-release.yml
• .github/workflows/publish.yml
• .github/workflows/stale.yml
• .github/workflows/triage.yml
• .github/workflows/trigger-circle-ci-workflow.yml

💤 Files with no reviewable changes (2)

• .github/workflows/cron-weekly.yml
• .github/workflows/markdown-link-check-config.json

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/publish.yml