ci(repo): harden workflow shell-injection surface

[jacekradko]

These are the High-confidence shell-injection findings zizmor surfaced in the workflow guards. The load-bearing change is in ci.yml: the check-permissions and require-changeset steps interpolated github.actor, github.triggering_actor, and pull_request.user.login straight into run: shell, all reachable from a fork PR, so a crafted username could inject. They now pass through env and are referenced as quoted shell vars; the comparison and skip logic is unchanged.

Two smaller ones come along: e2e-staging.yml carried an actions: write that no step uses (dropped to contents: read), and the labeler workflow_run trigger is annotated as the intentional, guarded handshake so zizmor stops flagging it.

Best merged after #8874, which adds the actionlint config and clears the unrelated ci.yml finding in the same file. zizmor adoption as a check, and the remaining lower-severity findings, are tracked with Security (SEC-307).

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Addressed template injection vulnerabilities in SDK components.

• Chores

  • Refined CI/CD pipeline configurations for improved security and workflow efficiency.

[changeset-bot]

🦋 Changeset detected

Latest commit: 64713f9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 16, 2026 1:39pm
swingset	Ready	Preview, Comment	Jun 16, 2026 1:39pm

[coderabbitai]

📝 Walkthrough

Walkthrough

GitHub Actions workflows are hardened against template injection by moving ${{ github.* }} expressions out of shell scripts and into env blocks across ci.yml. The e2e-staging.yml workflow drops the actions: write permission. The labeler-apply.yml trigger gains a security comment and a zizmor ignore annotation. A changeset file records the SDK fixes.

Changes

CI Template Injection and Permission Hardening

Layer / File(s)	Summary
Template injection fixes in ci.yml .github/workflows/ci.yml	In check-permissions, TRIGGERING_ACTOR, USER_PERMISSION, and ACTOR are set as env variables and referenced in the failure script instead of being inlined as GitHub expressions. In pre-checks, PR_AUTHOR is extracted to an env block and used in the changeset-skip conditional.
Permission narrowing, labeler annotation, and changeset .github/workflows/e2e-staging.yml, .github/workflows/labeler-apply.yml, .changeset/sdk-79-template-injection-fixes.md	e2e-staging.yml removes actions: write, leaving only contents: read. labeler-apply.yml adds a comment block describing the privileged artifact handshake and appends a zizmor: ignore[dangerous-triggers] marker. A changeset file records the template injection fixes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

actions

🐇 A rabbit hops through the YAML maze,
No ${{ }} left in shell to blaze!
Env vars shield each secret name,
Permissions trimmed — less risk, less shame.
The labeler explained, the zizmor appeased,
Our Actions workflows safely eased! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title 'ci(repo): harden workflow shell-injection surface' clearly and specifically summarizes the main change: hardening shell-injection vulnerabilities in GitHub Actions workflows by refactoring environment variable handling.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8875

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8875

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8875

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8875

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8875

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8875

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8875

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8875

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8875

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8875

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8875

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8875

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8875

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8875

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8875

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8875

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8875

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8875

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8875

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8875

commit: 64713f9