feat: warn on non-default checkout during pull_request_target

[KengoTODA]

Hello team, thanks for your continued contributions to the OSS community! 👋

Summary

This PR adds a warning when actions/checkout is used from a pull_request_target workflow to explicitly check out a non-default branch (or ref) from the workflow repository.

The intent is not to block every such workflow. There may be legitimate cases where a workflow intentionally treats pull request contents as passive data. However, in practice, checking out a pull request-controlled ref in pull_request_target is easy to misunderstand and can put untrusted code into a privileged workflow context.

This pattern was part of the issue described in the TanStack npm supply-chain compromise postmortem:

https://tanstack.com/blog/npm-supply-chain-compromise-postmortem

GitHub Security Lab has also documented this class of problem as “pwn requests”:

https://securitylab.github.com/resources/github-actions-preventing-pwn-requests

Proposed behavior

When all of the following are true, the action emits a warning:

• the workflow event is pull_request_target
• the checked-out repository is the workflow repository
• with.ref is explicitly set
• the ref does not resolve to the default branch or the default branch SHA

The warning can be suppressed with:

with:
  dangerously-checkout-non-default-branch: true

The dangerously prefix is intentional. The goal is to make the risky case explicit in workflow code, while still allowing maintainers who understand the tradeoff to opt out of the warning.

Why this seems worth considering

This is a relatively small change, but I think it could help the broader Actions community avoid a recurring footgun. The current behavior is technically flexible, but the security implications of pull_request_target are subtle enough that a warning at the point of use seems valuable.

I am opening this PR as a starting point for discussion. I would be happy to adjust the wording, the option name, or the exact detection logic based on maintainer feedback.

Thank you!

[Copilot]

Pull request overview

Adds a runtime warning to actions/checkout when a pull_request_target workflow explicitly checks out a non-default ref from the workflow repository, with an explicit opt-out input to suppress the warning.

Changes:

• Emit a warning in getInputs() when pull_request_target + workflow repo + explicit ref + non-default ref (unless suppressed).
• Add dangerously-checkout-non-default-branch input to suppress the warning.
• Document the new input and add unit tests covering warning/no-warning scenarios.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/input-helper.ts	Implements the warning logic and adds helper to detect default-branch/current-SHA refs.
test/input-helper.test.ts	Adds tests validating warning behavior and the suppression input.
action.yml	Declares the new dangerously-checkout-non-default-branch input (default: false).
README.md	Documents the new input in the usage section.
dist/index.js	Updates the compiled distribution output to include the new behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.