From 5bbac4aa411b27076aaed7641c80c4599464fe40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Wroniszewski?=
 <pawel.wroniszewski@traveltime.com>
Date: Fri, 25 Oct 2024 12:13:35 +0200
Subject: [PATCH] CI: disable persist-credentials for actions/checkout

It is a possible security issue.
We do not want to persist credentials in the repo and thus exposing those
to further steps.

References:

actions/checkout#485 (comment)
azat/chdig#67
---
 .github/workflows/ci.yml      | 2 ++
 .github/workflows/publish.yml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c5bc9b9..b91206d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,6 +23,8 @@ jobs:
           - "3.12"
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v4
         with:
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 6119155..378dbf7 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -13,6 +13,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
       - name: Set up Python
         uses: actions/setup-python@v4
         with: