Skip to content

Commit

Permalink
Merge pull request #146 from minijackson/dont-persist-credentials
Browse files Browse the repository at this point in the history
github: don't persist checkout credentials by default
  • Loading branch information
minijackson authored Sep 3, 2024
2 parents e965ecd + 58b561a commit 262a522
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/backport.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.event.pull_request.head.sha }}
# Credentials are needed to push to a remote branch,
# before creating a pull request
persist-credentials: true
- name: Create backport PRs
uses: korthout/backport-action@bd410d37cdcae80be6d969823ff5a225fe5c833f # v3.0.2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/book-gh-pages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
- name: "Build documentation book"
run: |
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/editorconfig.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
- name: "Check EditorConfig"
run: nix run 'nixpkgs#eclint' --inputs-from .
2 changes: 2 additions & 0 deletions .github/workflows/formatting.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
- name: "Check Formatting"
run: nix fmt -- --check .
1 change: 1 addition & 0 deletions .github/workflows/update-flake-lock.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ matrix.branch }}
persist-credentials: false
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
- uses: DeterminateSystems/update-flake-lock@db4ee38117a597ea8df8f7f75a187dd65093eade # v23
with:
Expand Down

0 comments on commit 262a522

Please sign in to comment.