New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.github: Don't persist credentials in repository #16052
.github: Don't persist credentials in repository #16052
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SGTM. Do we need to test these before we merge them to make sure we're not relying on them?
I'd prefer if we can, yes. But it seems GitHub workflows are on strike in this PR... |
This is because of the syntax error outlined above: https://github.com/cilium/cilium/actions/runs/821429393 |
a5b2f79
to
3933658
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise LGTM.
When using actions/checkout, the default behavior [1] is to persist git credentials in the checked out code. This is ill-advised, so let's disable with persist-credentials. 1 - https://github.com/actions/checkout#usage 2 - https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ Signed-off-by: Paul Chaignon <paul@cilium.io>
3933658
to
98fe2fb
Compare
Team reviews are in and all GitHub workflows are passing. Marking as ready to merge. |
When using actions/checkout, the default behavior [1] is to persist git credentials in the checked out code. This is ill-advised, so let's disable with
persist-credentials
.1 - https://github.com/actions/checkout#usage
2 - https://securitylab.github.com/research/github-actions-preventing-pwn-requests/