From 8bbfd90857e94ba137db27d2ab386bacd9607252 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Sun, 3 Sep 2023 09:03:45 +1200 Subject: [PATCH] ci: disable persisted git credentials for improved security --- .github/workflows/lint-js-and-ruby.yml | 2 ++ .github/workflows/main.yml | 4 ++++ .github/workflows/package-js-tests.yml | 2 ++ .github/workflows/rspec-package-specs.yml | 2 ++ 4 files changed, 10 insertions(+) diff --git a/.github/workflows/lint-js-and-ruby.yml b/.github/workflows/lint-js-and-ruby.yml index 5542ffb2e5..82ad128fe2 100644 --- a/.github/workflows/lint-js-and-ruby.yml +++ b/.github/workflows/lint-js-and-ruby.yml @@ -11,6 +11,8 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - name: Setup Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9ec8c19540..4ddebd0bbc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,6 +11,8 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - name: Setup Ruby uses: ruby/setup-ruby@v1 with: @@ -83,6 +85,8 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - name: Setup Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/package-js-tests.yml b/.github/workflows/package-js-tests.yml index 3c91fbbc57..6b81424e56 100644 --- a/.github/workflows/package-js-tests.yml +++ b/.github/workflows/package-js-tests.yml @@ -10,6 +10,8 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - name: Setup Node uses: actions/setup-node@v3 with: diff --git a/.github/workflows/rspec-package-specs.yml b/.github/workflows/rspec-package-specs.yml index 020369585e..9d641409e4 100644 --- a/.github/workflows/rspec-package-specs.yml +++ b/.github/workflows/rspec-package-specs.yml @@ -11,6 +11,8 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - name: Setup Ruby uses: ruby/setup-ruby@v1 with: