Skip to content

Commit 84cee75

Browse files
Turbo87Turbo87
committed
CI: Disable git credential persistance
see https://woodruffw.github.io/zizmor/audits/#artipacked
1 parent 46b963b commit 84cee75

File tree

2 files changed

+18
-0
lines changed

2 files changed

+18
-0
lines changed

.github/workflows/ci.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@ jobs:
3030

3131
steps:
3232
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
33+
with:
34+
persist-credentials: false
3335

3436
- uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366 # v45.0.5
3537
id: changed-files-non-js
@@ -97,6 +99,8 @@ jobs:
9799

98100
steps:
99101
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
102+
with:
103+
persist-credentials: false
100104

101105
- run: rustup component add rustfmt
102106
- run: rustup component add clippy
@@ -115,6 +119,8 @@ jobs:
115119

116120
steps:
117121
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
122+
with:
123+
persist-credentials: false
118124

119125
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
120126

@@ -136,6 +142,9 @@ jobs:
136142

137143
steps:
138144
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
145+
with:
146+
persist-credentials: false
147+
139148
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
140149
with:
141150
# Ensure that we cache from the right target directory. (See below
@@ -174,6 +183,8 @@ jobs:
174183

175184
steps:
176185
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
186+
with:
187+
persist-credentials: false
177188

178189
- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
179190
with:
@@ -208,6 +219,8 @@ jobs:
208219

209220
steps:
210221
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
222+
with:
223+
persist-credentials: false
211224

212225
- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
213226
with:
@@ -244,6 +257,8 @@ jobs:
244257

245258
steps:
246259
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
260+
with:
261+
persist-credentials: false
247262

248263
- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
249264
with:

.github/workflows/smoke-test.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@ jobs:
1616

1717
steps:
1818
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
19+
with:
20+
persist-credentials: false
21+
1922
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
2023
- run: cargo build --package crates_io_smoke_test
2124
- run: cargo run --package crates_io_smoke_test --quiet

0 commit comments

Comments
 (0)