build: apply zizmor recommended fixes

[nperez0111]

Summary

This applies a bunch of security fixes for GH Actions, generated with zizmor:

By running this command: zizmor . --gh-token $(gh auth token) --fix=all

Updating actions was done with: npx actions-up

Rationale

Changes

Impact

Testing

Screenshots/Video

Checklist

• Code follows the project's coding standards.
• Unit tests covering the new feature have been added.
• All existing tests pass.
• The documentation has been updated to reflect the new feature

Additional Notes

Summary by CodeRabbit

• Chores
  • Hardened CI/CD by pinning Actions to specific commits, tightening workflow permissions, and disabling persistent checkout credentials.
  • Improved artifact upload/download, caching behavior, and publish steps for more consistent builds.
  • Added a 7-day Dependabot cooldown to reduce update churn.
• New Features
  • Added a GitHub Actions security-analysis workflow that runs on main and pull requests.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
blocknote	Ready	Preview	May 21, 2026 6:41am
blocknote-website	Ready	Preview	May 21, 2026 6:41am

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds explicit workflow permissions, pins GitHub Actions to specific commit SHAs across CI workflows, refactors Slack failure outcome handling, updates cache/checkout settings, adds a new zizmor security analysis workflow, and sets a 7-day Dependabot cooldown.

Changes

GitHub Actions and Dependabot Security Hardening

Layer / File(s)	Summary
Dependabot cooldown configuration .github/dependabot.yml	Introduces a cooldown block with default-days: 7 to limit consecutive Dependabot updates.
Build/playwright/merge-report workflows: permissions & action pinning .github/workflows/build.yml	Adds top-level permissions: contents: read, pins actions/checkout, pnpm/action-setup, nrwl/nx-set-shas, actions/setup-node, actions/cache, and artifact upload/download actions to commit SHAs; sets persist-credentials: false on checkout steps and updates artifact steps.
Fresh-install-tests workflow hardening .github/workflows/fresh-install-tests.yml	Adds workflow-level permissions: contents: read, replaces tag-pinned actions with commit-SHA pinned actions/checkout, pnpm/action-setup, actions/setup-node, and refactors the Slack failure notification to derive the failed step via env vars populated from step outcomes.
Publish workflow pinning and cache changes .github/workflows/publish.yaml	Pins checkout, pnpm-setup, nx-set-shas, setup-node, and cache actions to commit SHAs; sets persist-credentials: false on checkout; switches version display to an INPUTS_VERSION env var; removes explicit pnpm cache config; adds lookup-only: true to NX cache action.
RelativeCI workflow permissions and action pinning .github/workflows/relative-ci.yaml	Adds top-level permissions (actions: read, contents: read), gates the job on a successful triggering workflow run, and pins relative-ci/agent-action to a commit SHA instead of v2.
Add zizmor security analysis workflow .github/workflows/zizmor.yml	Adds a new workflow that runs zizmorcore/zizmor-action (pinned SHA) on pushes and pull requests with restrictive permissions and security-events: write for the job.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• TypeCellOS/BlockNote#2648: Related updates to .github/workflows/fresh-install-tests.yml Slack notification logic and Dependabot adjustments.
• TypeCellOS/BlockNote#2579: Prior changes to the same workflow and related permissions/action pinning.

Poem

A rabbit pins each action with care,
Hops through workflows, tidy and fair,
Cooldown set and secrets kept tight,
CI hums through day and night,
Shas in place — the builds take flight! 🐰

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides a summary with clear context about using zizmor for security fixes and actions-up for updates, but most required template sections (Rationale, Changes, Impact, Testing, Screenshots) are left as empty placeholders without substantive content.	Fill in the Rationale, Changes (list major modifications), Impact, and Testing sections with substantive details about the security improvements and how they were validated.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'build: apply zizmor recommended fixes' directly and specifically describes the main change: applying security fixes from the zizmor tool to GitHub Actions workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sec-zizmor

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@blocknote/ariakit

npm i https://pkg.pr.new/@blocknote/ariakit@2764

@blocknote/code-block

npm i https://pkg.pr.new/@blocknote/code-block@2764

@blocknote/core

npm i https://pkg.pr.new/@blocknote/core@2764

@blocknote/mantine

npm i https://pkg.pr.new/@blocknote/mantine@2764

@blocknote/react

npm i https://pkg.pr.new/@blocknote/react@2764

@blocknote/server-util

npm i https://pkg.pr.new/@blocknote/server-util@2764

@blocknote/shadcn

npm i https://pkg.pr.new/@blocknote/shadcn@2764

@blocknote/xl-ai

npm i https://pkg.pr.new/@blocknote/xl-ai@2764

@blocknote/xl-docx-exporter

npm i https://pkg.pr.new/@blocknote/xl-docx-exporter@2764

@blocknote/xl-email-exporter

npm i https://pkg.pr.new/@blocknote/xl-email-exporter@2764

@blocknote/xl-multi-column

npm i https://pkg.pr.new/@blocknote/xl-multi-column@2764

@blocknote/xl-odt-exporter

npm i https://pkg.pr.new/@blocknote/xl-odt-exporter@2764

@blocknote/xl-pdf-exporter

npm i https://pkg.pr.new/@blocknote/xl-pdf-exporter@2764

commit: 0153f77

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/relative-ci.yaml:
- Around line 4-5: The workflow currently runs on workflow_run for all completed
build runs and unconditionally supplies secrets.RELATIVE_CI_KEY and
secrets.GITHUB_TOKEN to relative-ci/agent-action; add a trust boundary by gating
the job (or the step that uses relative-ci/agent-action and the secrets) with an
if condition that checks github.event.workflow_run.workflow.name == 'build' AND
github.event.workflow_run.conclusion == 'success' AND
github.event.workflow_run.event == 'push' (or another trusted event), so the
secrets are only passed when the originating build run is a successful trusted
push build.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 461fec09-061e-417f-8c57-d66dbe03aba7

📥 Commits

Reviewing files that changed from the base of the PR and between 1a65508 and 1fe0062.

📒 Files selected for processing (5)

• .github/dependabot.yml
• .github/workflows/build.yml
• .github/workflows/fresh-install-tests.yml
• .github/workflows/publish.yaml
• .github/workflows/relative-ci.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Check upstream trigger includes pull_request:"
rg -n -C2 '^\s*pull_request:' .github/workflows/build.yml

echo
echo "Check downstream workflow_run and trust guard presence:"
rg -n -C3 'workflow_run:|github\.event\.workflow_run\.event|github\.event\.workflow_run\.conclusion' .github/workflows/relative-ci.yaml

echo
echo "Check downstream job uses secrets:"
rg -n -C2 'secrets\.RELATIVE_CI_KEY|secrets\.GITHUB_TOKEN' .github/workflows/relative-ci.yaml

Repository: TypeCellOS/BlockNote

Length of output: 733

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== relative-ci.yaml ==="
nl -ba .github/workflows/relative-ci.yaml | sed -n '1,200p'

echo
echo "=== build.yml (trigger section) ==="
nl -ba .github/workflows/build.yml | sed -n '1,120p'

Repository: TypeCellOS/BlockNote

Length of output: 150

---

🌐 Web query:

GitHub Actions workflow_run triggered by pull_request whether downstream workflow gets secrets and how permissions/security context works

💡 Result:

Downstream workflow permissions/secrets behavior when using on: workflow_run after a pull_request 1) Does the downstream workflow get repository secrets? - Yes: a workflow started by workflow_run “is able to access secrets and write tokens, even if the previous workflow was not.” [1][2] - Practical implication: if the upstream workflow was triggered by pull_request (including from a fork), and the downstream is triggered via workflow_run, the downstream runs with elevated access (i.e., it can access repository secrets), which is why workflow_run can be security-sensitive. [1][2] 2) Does the upstream pull_request workflow have access to secrets? - Generally, for pull_request from a fork, GitHub prevents secret passing: “With the exception of GITHUB_TOKEN, secrets are not passed … when a workflow is triggered from a forked repository. The GITHUB_TOKEN has read-only permissions in pull requests from forked repositories.” [1] 3) What’s special about GITHUB_TOKEN in this context? - GITHUB_TOKEN is always included in the secrets context for any workflow run (i.e., it exists as secrets.GITHUB_TOKEN / github.token). [3] - The key nuance is its permissions: for fork-based pull_request, GITHUB_TOKEN is read-only; for workflow_run, GitHub states the workflow_run-triggered workflow can write tokens and access secrets. [1][2][3] 4) Security context / where the code runs (why this matters) - pull_request executes in a way that prevents running unsafe code from the pull request head with access to secrets (it “prevents execution of unsafe code from the head … that could … steal any secrets you use in your workflow”). [4] - workflow_run is explicitly described as able to access secrets and write tokens, even when the prior workflow was not privileged. [2] - Therefore, the security context can “escalate” on the workflow_run hop: downstream code (or steps) can run in a privileged context with secrets, even if the upstream was unprivileged due to fork restrictions. [1][2] 5) How permissions/security should be configured - Always restrict GITHUB_TOKEN permissions explicitly with the permissions key (least privilege). [1][5] - Additionally, treat workflow_run as privileged: avoid checking out/building untrusted PR code directly in the workflow_run workflow, and gate privileged actions based on what triggered the run (e.g., only proceed for trusted events/branches), because untrusted input can be used to poison artifacts that the downstream consumes. [1][2] Answering your exact question succinctly - If your downstream workflow is triggered via on: workflow_run after an upstream pull_request, the downstream workflow can access repository secrets and write tokens, even if the upstream pull_request workflow didn’t. [1][2] - The upstream pull_request workflow (from forks) does not get secrets (except GITHUB_TOKEN, with read-only permissions). [1] - The permissions/security context is therefore not “inherited as unprivileged”; workflow_run creates a privileged second stage. [1][2]

Citations:

• 1: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
• 2: https://raw.githubusercontent.com/github/docs/refs/heads/main/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md
• 3: https://github.com/github/docs/blob/main/content/actions/reference/workflows-and-actions/contexts.md
• 4: https://github.com/github/docs/blob/main/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md
• 5: https://github.com/github/docs/blob/main/content/actions/concepts/security/compromised-runners.md

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== relative-ci.yaml (show full file if small) ==="
wc -l .github/workflows/relative-ci.yaml
sed -n '1,200p' .github/workflows/relative-ci.yaml | cat -n

echo
echo "=== build.yml (show trigger section) ==="
wc -l .github/workflows/build.yml
sed -n '1,120p' .github/workflows/build.yml | cat -n

Repository: TypeCellOS/BlockNote

Length of output: 5622

---

Gate RelativeCI’s workflow_run on trusted build runs before using repository secrets.

relative-ci.yaml triggers on workflow_run for all completed build runs (including those originating from pull_request) with no guard on github.event.workflow_run.event/conclusion, and then passes secrets.RELATIVE_CI_KEY and secrets.GITHUB_TOKEN into relative-ci/agent-action. The zizmor dangerous-triggers ignore comment doesn’t create a trust boundary.

Suggested patch

 jobs:
   build:
+    if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' }}
     runs-on: ubuntu-latest
     steps:
       - name: Send bundle stats and build information to RelativeCI (editor)
         uses: relative-ci/agent-action@38328454d6a23942175eba485fca4fbb807b1f03 # v2

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/relative-ci.yaml around lines 4 - 5, The workflow
currently runs on workflow_run for all completed build runs and unconditionally
supplies secrets.RELATIVE_CI_KEY and secrets.GITHUB_TOKEN to
relative-ci/agent-action; add a trust boundary by gating the job (or the step
that uses relative-ci/agent-action and the secrets) with an if condition that
checks github.event.workflow_run.workflow.name == 'build' AND
github.event.workflow_run.conclusion == 'success' AND
github.event.workflow_run.event == 'push' (or another trusted event), so the
secrets are only passed when the originating build run is a successful trusted
push build.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/relative-ci.yaml (1)

18-18: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Keep the trust boundary in the workflow_run guard.

Line 18 only filters on conclusion, so a successful pull_request-originated build run can still reach the secret-bearing relative-ci/agent-action step below. Add a trusted event check (push, or whatever source you explicitly trust) before handing over RELATIVE_CI_KEY and GITHUB_TOKEN.

Suggested patch

-    if: github.event.workflow_run.conclusion == 'success'
+    if: >-
+      ${{
+        github.event.workflow_run.conclusion == 'success' &&
+        github.event.workflow_run.event == 'push'
+      }}

Expected result: if the upstream build workflow still runs on pull_request, this check confirms the current guard is still too broad.

#!/bin/bash
set -euo pipefail

echo "=== relative-ci.yaml ==="
nl -ba .github/workflows/relative-ci.yaml | sed -n '1,80p'

echo
echo "=== build workflow triggers ==="
build_file="$(fd -p '^build\.yml$' .github/workflows | head -n1)"
nl -ba "$build_file" | sed -n '1,80p'

echo
echo "=== focused checks ==="
rg -n -C2 '^\s*pull_request:|^\s*push:' "$build_file"
rg -n -C2 'workflow_run\.conclusion|workflow_run\.event|RELATIVE_CI_KEY|GITHUB_TOKEN' .github/workflows/relative-ci.yaml

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/relative-ci.yaml at line 18, The current workflow_run
guard only checks "if: github.event.workflow_run.conclusion == 'success'" which
allows runs triggered by untrusted events (e.g., pull_request) to reach the
secret-bearing relative-ci/agent-action step and expose RELATIVE_CI_KEY and
GITHUB_TOKEN; tighten the guard by adding an explicit trusted-event check (for
example: require github.event.workflow_run.event == 'push' or another event you
trust) so the if becomes a conjunction of conclusion and event, or otherwise
verify github.event.workflow_run.head_repository.owner matches the trusted owner
before passing secrets to the relative-ci/agent-action step.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In @.github/workflows/relative-ci.yaml:
- Line 18: The current workflow_run guard only checks "if:
github.event.workflow_run.conclusion == 'success'" which allows runs triggered
by untrusted events (e.g., pull_request) to reach the secret-bearing
relative-ci/agent-action step and expose RELATIVE_CI_KEY and GITHUB_TOKEN;
tighten the guard by adding an explicit trusted-event check (for example:
require github.event.workflow_run.event == 'push' or another event you trust) so
the if becomes a conjunction of conclusion and event, or otherwise verify
github.event.workflow_run.head_repository.owner matches the trusted owner before
passing secrets to the relative-ci/agent-action step.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c04f7a1b-14f6-4697-93e8-4f48d5a3fdf2

📥 Commits

Reviewing files that changed from the base of the PR and between cd60966 and 0153f77.

📒 Files selected for processing (1)

• .github/workflows/relative-ci.yaml