diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 0a6dad933..ae1f6be4e 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -9,6 +9,8 @@ on: env: FORCE_COLOR: 3 +permissions: {} + jobs: dist: runs-on: ubuntu-latest @@ -16,6 +18,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - uses: hynek/build-and-inspect-python-package@v2 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e2160f601..2ad7da963 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,8 @@ concurrency: env: FORCE_COLOR: 3 +permissions: {} + jobs: lint: name: Format @@ -24,6 +26,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - uses: actions/setup-python@v5 with: python-version: "3.12" @@ -106,6 +109,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions/setup-python@v5 with: @@ -172,6 +177,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions/setup-python@v5 with: @@ -216,6 +223,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - name: Prepare venv run: python3.13t -m venv /venv @@ -235,6 +243,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - uses: cygwin/cygwin-install-action@v5 with: @@ -273,6 +282,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - name: Install run: python -m pip install .[test] @@ -305,6 +315,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - name: Install run: python -m pip install .[test] @@ -324,6 +335,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - uses: hynek/build-and-inspect-python-package@v2 @@ -340,6 +352,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - uses: astral-sh/setup-uv@v5