]> git.ipfire.org Git - thirdparty/systemd.git/commit
github/workflows: disable persisting credentials for actions/checkout 40728/head
authorDmitry V. Levin <ldv@strace.io>
Wed, 18 Feb 2026 08:00:00 +0000 (08:00 +0000)
committerDmitry V. Levin <ldv@strace.io>
Wed, 18 Feb 2026 08:00:00 +0000 (08:00 +0000)
commit6461eccacb861227bf5a59b1224a838b39e66b10
treedd35d38dbae93b07f37584d7a261dbaa1fdfd67f
parent31fc68a69acf4db48f26b83e845c703768f0f954
github/workflows: disable persisting credentials for actions/checkout

Set `persist-credentials: false` for actions/checkout.

By default, using `actions/checkout` causes a credential to be persisted on
disk.  Subsequent steps may accidentally publicly persist the credential, e.g.
by including it in a publicly accessible artifact via actions/upload-artifact.
However, even without this, persisting the credential on disk is non-ideal
unless actually needed.

Link: https://docs.zizmor.sh/audits/#artipacked
13 files changed:
.github/workflows/build-test.yml
.github/workflows/codeql.yml
.github/workflows/coverage.yml
.github/workflows/coverity.yml
.github/workflows/development-freeze.yml
.github/workflows/differential-shellcheck.yml
.github/workflows/gather-pr-metadata.yml
.github/workflows/issue-labeler.yml
.github/workflows/labeler.yml
.github/workflows/linter.yml
.github/workflows/mkosi.yml
.github/workflows/unit-tests-musl.yml
.github/workflows/unit-tests.yml