From cd2116d180068afe8ec0440a08f533583d86d502 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Sun, 3 Sep 2023 08:55:31 +1200 Subject: [PATCH 1/3] ci: upgrade `actions/checkout` to v3 --- .github/workflows/rubocop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml index efdebfd2..163d746b 100644 --- a/.github/workflows/rubocop.yml +++ b/.github/workflows/rubocop.yml @@ -12,7 +12,7 @@ jobs: ruby: ['2.7', '3.0'] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} From 5aac7bdc4fc7ddd7b2c5039ac025d5af8c002621 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Sun, 3 Sep 2023 08:56:07 +1200 Subject: [PATCH 2/3] ci: disable persisted git credentials for improved security --- .github/workflows/rubocop.yml | 2 ++ .github/workflows/ruby.yml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml index 163d746b..a8d6fb1c 100644 --- a/.github/workflows/rubocop.yml +++ b/.github/workflows/rubocop.yml @@ -13,6 +13,8 @@ jobs: steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index c16dc0b1..d72a8ac5 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -18,6 +18,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - uses: actions/setup-node@v3 - name: Save root node_modules to cache uses: actions/cache@v3 @@ -67,6 +69,8 @@ jobs: MT_KWARGS_HACK: 1 steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - uses: actions/setup-node@v3 - run: npm -g install yalc - run: yalc publish From 24627a2061b4ecc8b13ebf7ced3cbba1fdacbfb0 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Tue, 5 Sep 2023 08:31:38 +1200 Subject: [PATCH 3/3] ci: upgrade `actions/checkout` to v4 --- .github/workflows/rubocop.yml | 2 +- .github/workflows/ruby.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml index a8d6fb1c..67371dbc 100644 --- a/.github/workflows/rubocop.yml +++ b/.github/workflows/rubocop.yml @@ -12,7 +12,7 @@ jobs: ruby: ['2.7', '3.0'] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: persist-credentials: false - uses: ruby/setup-ruby@v1 diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index d72a8ac5..e213c2e0 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -17,7 +17,7 @@ jobs: ruby: [2.7] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: persist-credentials: false - uses: actions/setup-node@v3 @@ -68,7 +68,7 @@ jobs: # having to do with automatic kwarg splatting MT_KWARGS_HACK: 1 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: persist-credentials: false - uses: actions/setup-node@v3