From 75a1fdee629997023ac4fea6fd5d5e94810f8698 Mon Sep 17 00:00:00 2001 From: "Peter A. Jonsson" Date: Thu, 16 Apr 2026 11:49:29 +0200 Subject: [PATCH] CI: stop persisting credentials This makes it harder for attackers to get access to the credentials. --- .github/workflows/docker-publish-debug.yml | 2 ++ .github/workflows/docker-publish.yml | 2 ++ .github/workflows/unit-testing.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/docker-publish-debug.yml b/.github/workflows/docker-publish-debug.yml index fcb4b5cd..a2a68d41 100644 --- a/.github/workflows/docker-publish-debug.yml +++ b/.github/workflows/docker-publish-debug.yml @@ -21,6 +21,8 @@ jobs: steps: - name: Check out the repo uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - name: Docker login run: docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - name: Build image diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index d097b9e0..4661223a 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -21,6 +21,8 @@ jobs: steps: - name: Check out the repo uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - name: Docker login run: docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - name: Build image diff --git a/.github/workflows/unit-testing.yml b/.github/workflows/unit-testing.yml index c5d21f51..ace33e0e 100644 --- a/.github/workflows/unit-testing.yml +++ b/.github/workflows/unit-testing.yml @@ -18,6 +18,8 @@ jobs: steps: - name: Check out the repo uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - name: Build image run: | SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)