From 58b561a3ff87dce0604eb68618a245cbd2704812 Mon Sep 17 00:00:00 2001 From: Minijackson Date: Thu, 22 Aug 2024 09:27:40 +0200 Subject: [PATCH] github: don't persist checkout credentials by default the backport action however still needs the credentials --- .github/workflows/backport.yml | 3 +++ .github/workflows/book-gh-pages.yml | 2 ++ .github/workflows/editorconfig.yml | 2 ++ .github/workflows/formatting.yml | 2 ++ .github/workflows/update-flake-lock.yml | 1 + 5 files changed, 10 insertions(+) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 3968462f..17f4f854 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -23,6 +23,9 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.event.pull_request.head.sha }} + # Credentials are needed to push to a remote branch, + # before creating a pull request + persist-credentials: true - name: Create backport PRs uses: korthout/backport-action@bd410d37cdcae80be6d969823ff5a225fe5c833f # v3.0.2 with: diff --git a/.github/workflows/book-gh-pages.yml b/.github/workflows/book-gh-pages.yml index c85315be..5a604a13 100644 --- a/.github/workflows/book-gh-pages.yml +++ b/.github/workflows/book-gh-pages.yml @@ -24,6 +24,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - name: "Build documentation book" run: | diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index d5379ba5..bb1744d0 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -11,6 +11,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - name: "Check EditorConfig" run: nix run 'nixpkgs#eclint' --inputs-from . diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 13cdb7ac..ee2861d8 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -11,6 +11,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - name: "Check Formatting" run: nix fmt -- --check . diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index fc1aecc8..536a35c4 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -28,6 +28,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ matrix.branch }} + persist-credentials: false - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - uses: DeterminateSystems/update-flake-lock@db4ee38117a597ea8df8f7f75a187dd65093eade # v23 with: