github: don't persist checkout credentials by default

the backport action however still needs the credentials
epics-extensions · Aug 22, 2024 · 58b561a · 58b561a
1 parent 679fe42
commit 58b561a
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 0 deletions.
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -23,6 +23,9 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           ref: ${{ github.event.pull_request.head.sha }}
+          # Credentials are needed to push to a remote branch,
+          # before creating a pull request
+          persist-credentials: true
       - name: Create backport PRs
         uses: korthout/backport-action@bd410d37cdcae80be6d969823ff5a225fe5c833f # v3.0.2
         with:

diff --git a/.github/workflows/book-gh-pages.yml b/.github/workflows/book-gh-pages.yml
@@ -24,6 +24,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
       - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
       - name: "Build documentation book"
         run: |

diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml
@@ -11,6 +11,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        persist-credentials: false
     - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
     - name: "Check EditorConfig"
       run: nix run 'nixpkgs#eclint' --inputs-from .
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
@@ -11,6 +11,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        persist-credentials: false
     - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
     - name: "Check Formatting"
       run: nix fmt -- --check .
diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml
@@ -28,6 +28,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           ref: ${{ matrix.branch }}
+          persist-credentials: false
       - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
       - uses: DeterminateSystems/update-flake-lock@db4ee38117a597ea8df8f7f75a187dd65093eade # v23
         with: