Tracking issue: all GitHub action scripts that use package caches should support read-only mode for the caches. #705
Description
TLDR: Some base actions setup scripts do not support modes where all package caching is read-only.
We should add flags for caches to be used in read only mode
Context - cache poisoning attacks
Repositories using GitHub Actions that use agentic processing (coding agents) have been subject to cache poisoning attacks, e.g. https://rohittamma.substack.com/p/how-an-ai-prompt-injection-silently.
Security architectures that host agentic processing (i.e. coding agents) naturally want to make use of setup-node, and other basic setup actions. This is an acceptable design decision for those architectures.
It is a natural response of these archtictures to want all "agentic jobs" to run entirely in read-only mode apart from uploaded artifacts. Because of this, it's reasonable for these actions to want to use "actions/setup-node" and others entirely in read-only mode. So, with package cache reads still active, but cache updates turned off.
Recommendation
This is a tracking issue for this problem.
On a quick review, some base actions scripts do not support options for read-only package caches.
We will do further review and edit this issue description with our findings.