mirror
/
wagtail
kopia lustrzana https://github.com/wagtail/wagtail
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Don't persist credentials in CI 

There's no vulnerability here, especially since the token explicitly only has read access anyway, but it's worth improving regardless.
pull/12721/head
Jake Howard 2024-12-09 16:47:33 +00:00 zatwierdzone przez Matt Westcott
rodzic 6b33690cd3
commit 57d141c701
2 zmienionych plików z 18 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

4
.github/workflows/codeql-analysis.yml vendored
Wyświetl plik

@ -24,7 +24,9 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Initialize CodeQL
uses: github/codeql-action/init@v1

15
.github/workflows/test.yml vendored
Wyświetl plik

@ -59,6 +59,8 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python }}
uses: actions/setup-python@v5
with:
@ -124,6 +126,8 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python }}
uses: actions/setup-python@v5
with:
@ -216,6 +220,8 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python }}
uses: actions/setup-python@v5
with:
@ -269,6 +275,8 @@ jobs:
node port: 9300
discovery type: 'single-node'
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python }}
uses: actions/setup-python@v5
with:
@ -324,6 +332,9 @@ jobs:
with:
stack-version: 7.6.1
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python }}
uses: actions/setup-python@v5
with:
@ -374,6 +385,8 @@ jobs:
with:
opensearch-version: 2
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python }}
uses: actions/setup-python@v5
with:
@ -411,6 +424,8 @@ jobs:
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@v5