ci: add actions-security job to audit GitHub Actions usage (#4260)

germa89 · clatapie · commit b9e93b132ebc · 2025-11-18T14:41:32.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -44,7 +44,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: actions-ecosystem/action-add-assignees@a5b84af721c4a621eb9c7a4a95ec20a90d0b88e9 #v1.0.1
+      - uses: actions-ecosystem/action-add-assignees@a5b84af721c4a621eb9c7a4a95ec20a90d0b88e9 #v1.0.1
         if: |
           (
           github.event_name == 'pull_request' &&
diff --git a/.github/workflows/migrator.yml b/.github/workflows/migrator.yml
@@ -298,7 +298,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           ref: main
-          persist-credentials: true
+          persist-credentials: false
 
       - name: Clone head repo and checkout branch. Resolve conflicts if needed.
         if : ${{ env.CONTINUE == 'true' }}
diff --git a/doc/changelog.d/4260.maintenance.md b/doc/changelog.d/4260.maintenance.md
@@ -0,0 +1 @@
+Add actions-security job to audit GitHub Actions usage

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ jobs:`
`44`	`44`	`permissions:`
`45`	`45`	`pull-requests: write`
`46`	`46`	`steps:`
`47`		`- - uses: actions-ecosystem/action-add-assignees@a5b84af721c4a621eb9c7a4a95ec20a90d0b88e9 #v1.0.1`
	`47`	`+ - uses: actions-ecosystem/action-add-assignees@a5b84af721c4a621eb9c7a4a95ec20a90d0b88e9 #v1.0.1`
`48`	`48`	`if: \|`
`49`	`49`	`(`
`50`	`50`	`github.event_name == 'pull_request' &&`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Add actions-security job to audit GitHub Actions usage`