From 838704ad3b31d0d16aabd08d74c0f3e35b5dd036 Mon Sep 17 00:00:00 2001 From: Justin Mayer Date: Sun, 3 Nov 2024 15:31:13 +0100 Subject: [PATCH] Do not persist credentials in `checkout` CI action This mitigates a potential security risk. More info here: --- {{cookiecutter.repo_name}}/.github/workflows/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/{{cookiecutter.repo_name}}/.github/workflows/main.yml b/{{cookiecutter.repo_name}}/.github/workflows/main.yml index cd9dfb3..d0cec2a 100644 --- a/{{cookiecutter.repo_name}}/.github/workflows/main.yml +++ b/{{cookiecutter.repo_name}}/.github/workflows/main.yml @@ -18,6 +18,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ "{{" }} matrix.python-version {{ "}}" }} & PDM uses: pdm-project/setup-pdm@v4 @@ -39,6 +41,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Validate links in Markdown files uses: JustinBeckwith/linkinator-action@v1