Skip to content

Commit d53d8f2

Browse files
committed
Don't persist checkout action credentials in later steps
actions/checkout#485
1 parent 205b1ec commit d53d8f2

File tree

3 files changed

+12
-0
lines changed

3 files changed

+12
-0
lines changed

.github/workflows/ci.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ jobs:
2424
- macos-latest
2525
steps:
2626
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
27+
with:
28+
persist-credentials: false
2729
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
2830
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
2931
with:
@@ -45,6 +47,8 @@ jobs:
4547
- mimas
4648
steps:
4749
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
50+
with:
51+
persist-credentials: false
4852
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
4953
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
5054
with:
@@ -61,6 +65,8 @@ jobs:
6165
- goofy-hopcroft
6266
steps:
6367
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
68+
with:
69+
persist-credentials: false
6470
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
6571
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
6672
with:
@@ -77,6 +83,8 @@ jobs:
7783
- m2-large
7884
steps:
7985
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
86+
with:
87+
persist-credentials: false
8088
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
8189
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
8290
with:

.github/workflows/dns-apply.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ jobs:
1818
fail-fast: true
1919
steps:
2020
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
21+
with:
22+
persist-credentials: false
2123
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
2224
- name: dnscontrol push
2325
env:

.github/workflows/dns-preview.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ jobs:
1515
fail-fast: false
1616
steps:
1717
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
18+
with:
19+
persist-credentials: false
1820
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
1921
- name: dnscontrol preview
2022
if: github.repository == 'nixos/infra'

0 commit comments

Comments
 (0)