]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 31fc68a) | patch
github/workflows: disable persisting credentials for actions/checkout 40728/head
authorDmitry V. Levin <ldv@strace.io>
Wed, 18 Feb 2026 08:00:00 +0000 (08:00 +0000)
committerDmitry V. Levin <ldv@strace.io>
Wed, 18 Feb 2026 08:00:00 +0000 (08:00 +0000)
commit6461eccacb861227bf5a59b1224a838b39e66b10
treedd35d38dbae93b07f37584d7a261dbaa1fdfd67ftree
parent31fc68a69acf4db48f26b83e845c703768f0f954commit | diff
github/workflows: disable persisting credentials for actions/checkout

Set `persist-credentials: false` for actions/checkout.

By default, using `actions/checkout` causes a credential to be persisted on
disk.  Subsequent steps may accidentally publicly persist the credential, e.g.
by including it in a publicly accessible artifact via actions/upload-artifact.
However, even without this, persisting the credential on disk is non-ideal
unless actually needed.

Link: https://docs.zizmor.sh/audits/#artipacked
13 files changed:
.github/workflows/build-test.yml diff | blob | blame | history
.github/workflows/codeql.yml diff | blob | blame | history
.github/workflows/coverage.yml diff | blob | blame | history
.github/workflows/coverity.yml diff | blob | blame | history
.github/workflows/development-freeze.yml diff | blob | blame | history
.github/workflows/differential-shellcheck.yml diff | blob | blame | history
.github/workflows/gather-pr-metadata.yml diff | blob | blame | history
.github/workflows/issue-labeler.yml diff | blob | blame | history
.github/workflows/labeler.yml diff | blob | blame | history
.github/workflows/linter.yml diff | blob | blame | history
.github/workflows/mkosi.yml diff | blob | blame | history
.github/workflows/unit-tests-musl.yml diff | blob | blame | history
.github/workflows/unit-tests.yml diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.