From a0f984f52f74c42bdbee7eacd8ed254768623d3b Mon Sep 17 00:00:00 2001 From: Leonardo Lima Date: Mon, 16 Dec 2024 16:55:15 -0300 Subject: [PATCH] fix(ci): do not persist credentials fix(cron-update-rust): don't persist credentials fix(audit): don't persist credentials fix(code-coverage): don't persist credentials fix(nightly-docs): don't persist credentials fix(cont-integration): don't persist credentials --- .github/workflows/audit.yml | 2 ++ .github/workflows/code_coverage.yml | 2 ++ .github/workflows/cont_integration.yml | 14 ++++++++++++++ .github/workflows/cron-update-rust.yml | 2 ++ .github/workflows/nightly_docs.yml | 3 +++ 5 files changed, 23 insertions(+) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index e0da8e855..e3d34f968 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -24,5 +24,7 @@ jobs: issues: write steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions-rust-lang/audit@v1 name: Audit Rust Dependencies diff --git a/.github/workflows/code_coverage.yml b/.github/workflows/code_coverage.yml index d29a5b200..2d8f482a5 100644 --- a/.github/workflows/code_coverage.yml +++ b/.github/workflows/code_coverage.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install lcov tools run: sudo apt-get install lcov -y - name: Install Rust toolchain diff --git a/.github/workflows/cont_integration.yml b/.github/workflows/cont_integration.yml index e9b41b688..e41c7b97d 100644 --- a/.github/workflows/cont_integration.yml +++ b/.github/workflows/cont_integration.yml @@ -11,6 +11,8 @@ jobs: steps: - name: "Checkout repo" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Read rust version" id: read_toolchain run: echo "rust_version=$(cat rust-version)" >> $GITHUB_OUTPUT @@ -30,6 +32,8 @@ jobs: steps: - name: checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install Rust toolchain uses: actions-rs/toolchain@v1 with: @@ -65,6 +69,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install Rust toolchain uses: actions-rs/toolchain@v1 with: @@ -96,6 +102,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false # Install a recent version of clang that supports wasm32 - run: wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - || exit 1 - run: sudo apt-get update || exit 1 @@ -122,6 +130,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install Rust toolchain uses: actions-rs/toolchain@v1 with: @@ -139,6 +149,8 @@ jobs: checks: write steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: actions-rs/toolchain@v1 with: toolchain: ${{ needs.prepare.outputs.rust_version }} @@ -169,6 +181,8 @@ jobs: steps: - name: checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install Rust toolchain uses: actions-rs/toolchain@v1 with: diff --git a/.github/workflows/cron-update-rust.yml b/.github/workflows/cron-update-rust.yml index 207f6b7c4..2fc212ebd 100644 --- a/.github/workflows/cron-update-rust.yml +++ b/.github/workflows/cron-update-rust.yml @@ -9,6 +9,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@stable - uses: tibdex/github-app-token@v2 id: generate-token diff --git a/.github/workflows/nightly_docs.yml b/.github/workflows/nightly_docs.yml index 0bbe49936..f5f0504fe 100644 --- a/.github/workflows/nightly_docs.yml +++ b/.github/workflows/nightly_docs.yml @@ -9,6 +9,8 @@ jobs: steps: - name: Checkout sources uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set default toolchain run: rustup default nightly-2024-05-12 - name: Set profile @@ -36,6 +38,7 @@ jobs: - name: Checkout `bitcoindevkit.org` uses: actions/checkout@v4 with: + persist-credentials: false ssh-key: ${{ secrets.DOCS_PUSH_SSH_KEY }} repository: bitcoindevkit/bitcoindevkit.org ref: master