default to not caching

dscho · dscho · commit e159403b34c8 · 2026-04-24T14:20:47.000+02:00
GitHub Actions caches are shared across branches and workflows within a repository. This is an architectural property of the caching system that makes it inherently susceptible to cache-poisoning attacks: a low-privileged workflow (or a workflow triggered by a pull request from a fork via `on: pull_request_target`, a splendid footgun) can write malicious content into a cache entry, which a higher-privileged workflow on the default branch may later restore and execute. This attack surface has been demonstrated in practice by tools such as Cacheract (https://github.com/AdnaneKhan/Cacheract) and documented extensively in "The Monsters in Your Build Cache" (https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/). The OpenSSF has also flagged this vector in their guidance on mitigating attack vectors in GitHub workflows (https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/). Now that not only the `minimal` but also the `build-installers` flavor (which were previously cached by default) are downloaded from the `ci-artifacts` release instead of being built from scratch every single time, the performance impact of this change is expected to be negligible. Given that the trust boundary between cache writers and cache readers is not well-defined, the safest default is to not use caching at all. Users who have evaluated the trade-off for their specific threat model can still opt in explicitly with `cache: true` or `cache: auto`. Assisted-by: Claude Opus 4.6 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
diff --git a/action.yml b/action.yml
@@ -31,8 +31,14 @@ inputs:
     default: '250'
   cache:
     required: false
-    description: 'Use @actions/cache to accelerate this Action'
-    default: 'auto'
+    description: >
+      Use @actions/cache to accelerate this Action.
+      Note: GitHub Actions caches are shared across branches and
+      workflows within a repository, which makes them susceptible
+      to cache-poisoning attacks (see e.g. Cacheract,
+      https://github.com/AdnaneKhan/Cacheract). Caching is
+      therefore disabled by default.
+    default: 'false'
   github-token:
     description: >
       Personal access token (PAT) used to call into GitHub's REST API.
