From 1b818e5eb4132e8b710872cd480d5caf368edf8f Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 2 Apr 2025 21:02:45 -0400 Subject: [PATCH] ci: apply fixes from zizmor --- .github/workflows/codeql-analysis.yml | 2 ++ .github/workflows/main.yml | 10 ++++++++++ .github/workflows/release.yml | 2 ++ 3 files changed, 14 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 82f2b150..151da1a8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,6 +42,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4.2.2 + with: + persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2b872d6d..5417f6cc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,6 +26,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false - uses: actions/setup-python@v5.5.0 with: python-version: ${{ env.DEFAULT_PYTHON_VERSION }} @@ -57,6 +59,8 @@ jobs: runs-on: ${{ matrix.platform }} steps: - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false - uses: actions/setup-python@v5.5.0 with: python-version: ${{ matrix.python-version }} @@ -75,6 +79,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false - uses: actions/setup-python@v5.5.0 with: python-version: ${{ env.MIN_PYTHON_VERSION }} @@ -87,6 +93,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false - uses: actions/setup-python@v5.5.0 with: python-version: ${{ env.MIN_PYTHON_VERSION }} @@ -121,6 +129,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4.2.2 + with: + persist-credentials: false - uses: actions/setup-python@v5.5.0 with: python-version: ${{ env.MIN_PYTHON_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 96be3919..beee4ca7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,8 @@ jobs: steps: - name: "Checkout repository" uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" + with: + persist-credentials: false - name: "Setup Python" uses: "actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55"