{
  "id": "review-ai-generated-github-actions",
  "type": "checklists",
  "category": "checklists",
  "locale": "pt",
  "url": "/pt/checklists/review-ai-generated-github-actions",
  "title": "Checklist para Revisão de GitHub Actions Geradas por IA",
  "description": "Uma checklist de revisão humana para workflows do GitHub Actions escritos por agentes de codificação de IA — exposição de segredos, ataques à cadeia de suprimentos, permissões e segurança de implantação.",
  "tools": [
    "Cursor",
    "Claude Code",
    "Codex",
    "Windsurf"
  ],
  "stack": [
    "TypeScript"
  ],
  "tags": [
    "security",
    "review",
    "deploy"
  ],
  "difficulty": null,
  "updated": "2026-06-08",
  "markdown": "Workflows do GitHub Actions têm acesso direto a segredos e ambientes de implantação. A IA gera workflows que fixam tags mutáveis, expõem segredos em logs e concedem permissões excessivas a ações de terceiros.\n\n## Corretude\n\n```txt\n[ ] Workflow triggers are scoped correctly — pull_request vs pull_request_target behave differently for fork PRs\n[ ] pull_request_target does not check out the PR's code without explicit trust validation\n[ ] on: push branches filter is set — avoid triggering on every branch push\n[ ] Job dependencies are declared with needs: — parallel jobs that must be sequential are chained\n[ ] Conditional steps use the correct expression syntax — ${{ }} not $() or %VAR%\n[ ] Matrix strategy fail-fast is set intentionally — false if you want all matrix jobs to complete\n[ ] Artifact retention days are set — default is 90 days, which may retain sensitive files too long\n[ ] Cache keys are specific enough to invalidate on dependency changes (include lockfile hash)\n[ ] Upload-artifact and download-artifact steps use matching names and paths\n[ ] Environment variables are set at the correct scope (job vs step) — step-level env does not persist\n[ ] Working directory is set explicitly for monorepos — default is repo root\n[ ] Checkout depth is set for git history-dependent commands (e.g. conventional commits, changelogs)\n```\n\n## Segurança\n\n```txt\n[ ] Third-party actions are pinned to a full SHA commit hash, not a mutable tag like @v3 or @main\n[ ] actions/checkout, actions/setup-node, and other GitHub-owned actions are pinned to SHA\n[ ] GITHUB_TOKEN permissions are declared with the minimum required scope (contents: read, id-token: write, etc.)\n[ ] permissions: at the workflow level is set to read-all or {} to restrict defaults before granting per-job\n[ ] Secrets are not echoed in run: steps — no echo ${{ secrets.MY_SECRET }}\n[ ] Secrets are not set as environment variables at the job level if only one step needs them\n[ ] User-controlled input (GitHub event data) is not interpolated into run: shell commands — use env: instead\n[ ] Expression injection is prevented — do not use ${{ github.event.pull_request.title }} directly in run: steps\n[ ] Deployment jobs require environment approval for production — use environment: with protection rules\n[ ] Self-hosted runners are not used for open-source repos with pull_request triggers\n[ ] OpenID Connect (OIDC) is used for cloud auth (AWS, GCP, Azure) instead of long-lived credentials\n[ ] No AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY stored as secrets — prefer OIDC role assumption\n[ ] workflow_dispatch inputs are validated — do not pass them directly to shell commands\n```\n\n## Implantação\n\n```txt\n[ ] Production deployments run only on the main or release branch — not on every PR\n[ ] Deployment workflow has a manual approval gate via environment protection rules\n[ ] Rollback step or procedure is documented in the workflow or linked\n[ ] Database migration steps run before the new application version is deployed\n[ ] Health check is polled after deployment — workflow fails if the service does not come up\n[ ] Concurrency group is set to prevent simultaneous deployments: concurrency: deploy-${{ github.ref }}\n[ ] cancel-in-progress is set to false for deployments — do not cancel a deployment mid-flight\n[ ] Release assets and changelogs are generated from signed commits or tags, not PR body text\n[ ] Semantic versioning is automated with a verified tool — not a hand-rolled shell script\n```\n\n## Desempenho\n\n```txt\n[ ] Node modules are cached using actions/cache with the lockfile as the cache key\n[ ] Docker layer caching is enabled — use cache-from and cache-to in docker/build-push-action\n[ ] Large test suites are parallelized with matrix strategy across available runners\n[ ] Setup steps (language runtime, tools) use cached versions where available\n[ ] Artifact uploads are scoped to only the files needed by downstream jobs\n[ ] Workflow does not install global tools that could be provided by a pre-built action\n```\n\n## Riscos Específicos de IA\n\n```txt\n[ ] AI has not used deprecated set-output syntax — use GITHUB_OUTPUT environment file instead\n[ ] AI has not used deprecated add-path or save-state commands — use GITHUB_PATH and GITHUB_STATE\n[ ] AI has not pinned to a mutable :latest Docker image in a container: block\n[ ] AI has not mixed GitHub-hosted and self-hosted runner syntax for the same job\n[ ] AI has not used actions/cache@v2 — v3 or v4 is required for current runner images\n[ ] AI has not generated a workflow that runs on pull_request_target and checks out PR code — classic supply chain vulnerability\n[ ] AI-generated workflow secrets are referenced by the correct name — check for typos that silently pass empty strings\n[ ] AI has not hardcoded environment-specific URLs or bucket names that differ between staging and production\n```\n\n## Prompt de Correção\n\n```txt title=\"Fix Prompt\"\nReview this GitHub Actions workflow against the checklist above. Pin all\nthird-party actions to their full SHA, add minimum-required permissions, replace\nany secret interpolation in run: steps with env: bindings, add a concurrency\ngroup to prevent parallel deployments, and add an environment approval gate for\nthe production deploy step. Return the corrected workflow YAML only.\n```"
}