Skip to content

Commit 5460f0f

Browse files
malice00malice00
authored
[build] Configured all checkouts to NOT persist the credentials (#1901)
Configured all checkouts to NOT persist the credentials Signed-off-by: Roland Asmann <[email protected]>
1 parent 96c6489 commit 5460f0f

File tree

11 files changed

+132
-0
lines changed

11 files changed

+132
-0
lines changed

.github/workflows/binary-builds.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,8 @@ jobs:
141141
packages: write
142142
steps:
143143
- uses: actions/checkout@v4
144+
with:
145+
persist-credentials: false
144146
- name: Setup alpine builder
145147
run: |
146148
apk add --no-cache nodejs make python3 python3-dev py3-pip py3-virtualenv gcc g++ musl-dev npm
@@ -267,6 +269,8 @@ jobs:
267269
packages: write
268270
steps:
269271
- uses: actions/checkout@v4
272+
with:
273+
persist-credentials: false
270274
- name: Use Node.js
271275
uses: actions/setup-node@v4
272276
with:

.github/workflows/dockertests.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ jobs:
2020
runs-on: ${{ matrix.os }}
2121
steps:
2222
- uses: actions/checkout@v4
23+
with:
24+
persist-credentials: false
2325
- name: Use Node.js ${{ matrix.node-version }}
2426
uses: actions/setup-node@v4
2527
with:
@@ -49,6 +51,7 @@ jobs:
4951
CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-dockertests
5052
- uses: actions/checkout@v4
5153
with:
54+
persist-credentials: false
5255
repository: 'grafana-operator/grafana-operator'
5356
path: 'repotests/grafana-operator'
5457
- name: dockertests
@@ -98,6 +101,8 @@ jobs:
98101
runs-on: ${{ matrix.os }}
99102
steps:
100103
- uses: actions/checkout@v4
104+
with:
105+
persist-credentials: false
101106
- name: Use Node.js ${{ matrix.node-version }}
102107
uses: actions/setup-node@v4
103108
with:
@@ -146,6 +151,8 @@ jobs:
146151
runs-on: ${{ matrix.os }}
147152
steps:
148153
- uses: actions/checkout@v4
154+
with:
155+
persist-credentials: false
149156
- name: Use Node.js ${{ matrix.node-version }}
150157
uses: actions/setup-node@v4
151158
with:
@@ -190,6 +197,8 @@ jobs:
190197
java-version: ['24']
191198
steps:
192199
- uses: actions/checkout@v4
200+
with:
201+
persist-credentials: false
193202
- name: Use Node.js ${{ matrix.node-version }}
194203
uses: actions/setup-node@v4
195204
with:

.github/workflows/image-build.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@ jobs:
2727
runs-on: ${{ fromJSON(inputs.image).runner || 'ubuntu-24.04' }}
2828
steps:
2929
- uses: actions/checkout@v4
30+
with:
31+
persist-credentials: false
3032
- name: Free disk space
3133
if: ${{ ! fromJSON(inputs.image).runner }}
3234
uses: jlumbroso/free-disk-space@main

.github/workflows/java-reachables-test.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ jobs:
1616
runs-on: ${{ matrix.os }}
1717
steps:
1818
- uses: actions/checkout@v4
19+
with:
20+
persist-credentials: false
1921
- name: Set up JDK
2022
uses: actions/setup-java@v4
2123
with:
@@ -34,11 +36,13 @@ jobs:
3436
mkdir -p bomresults
3537
- uses: actions/checkout@v4
3638
with:
39+
persist-credentials: false
3740
repository: 'DependencyTrack/dependency-track'
3841
path: 'repotests/dependency-track'
3942
ref: '4.11.1'
4043
- uses: actions/checkout@v4
4144
with:
45+
persist-credentials: false
4246
repository: 'DependencyTrack/frontend'
4347
path: 'repotests/frontend'
4448
ref: '4.13.0'
@@ -69,17 +73,21 @@ jobs:
6973
runs-on: ${{ matrix.os }}
7074
steps:
7175
- uses: actions/checkout@v4
76+
with:
77+
persist-credentials: false
7278
- name: setup paths
7379
run: |
7480
mkdir -p repotests
7581
mkdir -p rubyresults
7682
- uses: actions/checkout@v4
7783
with:
84+
persist-credentials: false
7885
repository: 'bionomia/bionomia'
7986
path: 'repotests/bionomia'
8087
ref: '5ada8b5f4a5f68561a7195e2badc2f744dc4676e'
8188
- uses: actions/checkout@v4
8289
with:
90+
persist-credentials: false
8391
repository: 'OWASP/railsgoat'
8492
path: 'repotests/railsgoat'
8593
ref: 'c1e8ff1e3b24a1c48fcfc9fbee0f65dc296b49d9'
@@ -108,8 +116,11 @@ jobs:
108116
runs-on: ${{ matrix.os }}
109117
steps:
110118
- uses: actions/checkout@v4
119+
with:
120+
persist-credentials: false
111121
- uses: actions/checkout@v4
112122
with:
123+
persist-credentials: false
113124
repository: 'playframework/play-samples'
114125
path: 'repotests/play-samples'
115126
ref: '0dccba17856e89dbb5e457ab760efb14cc691395'

.github/workflows/lint.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ jobs:
1313
runs-on: ubuntu-24.04
1414
steps:
1515
- uses: actions/checkout@v4
16+
with:
17+
persist-credentials: false
1618
- uses: actions/setup-node@v4
1719
with:
1820
node-version-file: .nvmrc

.github/workflows/nodejs.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ jobs:
2121
id-token: write
2222
steps:
2323
- uses: actions/checkout@v4
24+
with:
25+
persist-credentials: false
2426
- name: Set up Python
2527
uses: actions/setup-python@v5
2628
with:
@@ -72,6 +74,8 @@ jobs:
7274
runs-on: ${{ matrix.os }}
7375
steps:
7476
- uses: actions/checkout@v4
77+
with:
78+
persist-credentials: false
7579
- name: Use Node.js ${{ matrix.node-version }}
7680
uses: actions/setup-node@v4
7781
with:
@@ -123,6 +127,8 @@ jobs:
123127
runs-on: ${{ matrix.os }}-latest
124128
steps:
125129
- uses: actions/checkout@v4
130+
with:
131+
persist-credentials: false
126132
- name: Use Node.js
127133
uses: actions/setup-node@v4
128134
with:
@@ -149,6 +155,8 @@ jobs:
149155
os: [macos-latest]
150156
steps:
151157
- uses: actions/checkout@v4
158+
with:
159+
persist-credentials: false
152160
- name: Trim CI agent
153161
run: |
154162
chmod +x contrib/free_disk_space.sh

.github/workflows/npm-release.yml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ jobs:
2626
id-token: write
2727
steps:
2828
- uses: actions/checkout@v4
29+
with:
30+
persist-credentials: false
2931
- name: Use Node.js
3032
uses: actions/setup-node@v4
3133
with:
@@ -68,6 +70,8 @@ jobs:
6870
id-token: write
6971
steps:
7072
- uses: actions/checkout@v4
73+
with:
74+
persist-credentials: false
7175
- name: Set up QEMU
7276
uses: docker/setup-qemu-action@v3
7377
- name: Set up Docker Buildx
@@ -111,6 +115,8 @@ jobs:
111115
id-token: write
112116
steps:
113117
- uses: actions/checkout@v4
118+
with:
119+
persist-credentials: false
114120
- name: Set up QEMU
115121
uses: docker/setup-qemu-action@v3
116122
- name: Set up Docker Buildx
@@ -156,6 +162,7 @@ jobs:
156162
steps:
157163
- uses: actions/checkout@v4
158164
with:
165+
persist-credentials: false
159166
fetch-depth: 0
160167
- uses: docker/login-action@v3
161168
with:
@@ -184,6 +191,8 @@ jobs:
184191
id-token: write
185192
steps:
186193
- uses: actions/checkout@v4
194+
with:
195+
persist-credentials: false
187196
- name: Use Node.js
188197
uses: actions/setup-node@v4
189198
with:
@@ -265,6 +274,8 @@ jobs:
265274
id-token: write
266275
steps:
267276
- uses: actions/checkout@v4
277+
with:
278+
persist-credentials: false
268279
- name: Use Node.js
269280
uses: actions/setup-node@v4
270281
with:
@@ -333,6 +344,8 @@ jobs:
333344
id-token: write
334345
steps:
335346
- uses: actions/checkout@v4
347+
with:
348+
persist-credentials: false
336349
- name: Use Node.js
337350
uses: actions/setup-node@v4
338351
with:
@@ -401,6 +414,8 @@ jobs:
401414
id-token: write
402415
steps:
403416
- uses: actions/checkout@v4
417+
with:
418+
persist-credentials: false
404419
- name: Use Node.js
405420
uses: actions/setup-node@v4
406421
with:
@@ -451,6 +466,8 @@ jobs:
451466
id-token: write
452467
steps:
453468
- uses: actions/checkout@v4
469+
with:
470+
persist-credentials: false
454471
- name: Use Node.js
455472
uses: actions/setup-node@v4
456473
with:

.github/workflows/nydus-demo.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ jobs:
1313
runs-on: ${{ matrix.os }}
1414
steps:
1515
- uses: actions/checkout@v4
16+
with:
17+
persist-credentials: false
1618
- name: Set up JDK
1719
uses: actions/setup-java@v4
1820
with:
@@ -24,6 +26,7 @@ jobs:
2426
node-version: ${{ matrix.node-version }}
2527
- uses: actions/checkout@v4
2628
with:
29+
persist-credentials: false
2730
repository: 'DependencyTrack/dependency-track'
2831
path: 'repotests/dependency-track'
2932
- name: setup nydus

.github/workflows/python-atom-tests.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ jobs:
1212
steps:
1313
- uses: actions/checkout@v4
1414
with:
15+
persist-credentials: false
1516
fetch-depth: 0
1617
- uses: coursier/cache-action@v6
1718
- name: Use Node.js
@@ -34,35 +35,43 @@ jobs:
3435
CI: true
3536
- uses: actions/checkout@v4
3637
with:
38+
persist-credentials: false
3739
repository: 'scipy/scipy'
3840
path: 'repotests/scipy'
3941
ref: 'v1.15.2'
4042
- uses: actions/checkout@v4
4143
with:
44+
persist-credentials: false
4245
repository: 'psf/black'
4346
path: 'repotests/black'
4447
- uses: actions/checkout@v4
4548
with:
49+
persist-credentials: false
4650
repository: 'psf/pyperf'
4751
path: 'repotests/pyperf'
4852
- uses: actions/checkout@v4
4953
with:
54+
persist-credentials: false
5055
repository: 'psf/cachecontrol'
5156
path: 'repotests/cachecontrol'
5257
- uses: actions/checkout@v4
5358
with:
59+
persist-credentials: false
5460
repository: 'pallets/flask'
5561
path: 'repotests/flask'
5662
- uses: actions/checkout@v4
5763
with:
64+
persist-credentials: false
5865
repository: 'pallets/click'
5966
path: 'repotests/click'
6067
- uses: actions/checkout@v4
6168
with:
69+
persist-credentials: false
6270
repository: 'pallets/jinja'
6371
path: 'repotests/jinja'
6472
- uses: actions/checkout@v4
6573
with:
74+
persist-credentials: false
6675
repository: 'pypa/bandersnatch'
6776
path: 'repotests/bandersnatch'
6877
- name: repotests

0 commit comments

Comments
 (0)