workflows: fix zizmor findings (part 1) (#190)

Signed-off-by: Patrick Linnane <patrick@linnane.io>

4 files changed, 9 insertions, 1 deletions

diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml
index b124f75..03539f7 100644
--- a/.github/workflows/docker-pr.yml
+++ b/.github/workflows/docker-pr.yml
@@ -19,6 +19,7 @@ jobs:
         with:
           fetch-tags: true
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up Homebrew
         uses: Homebrew/actions/setup-homebrew@master
@@ -62,4 +63,6 @@ jobs:
 
       - run: |
           echo "Test this with:"
-          echo "docker pull ${{ steps.build.outputs.docker_image }}"
\ No newline at end of file
+          echo "docker pull ${DOCKER_IMAGE}"
+        env:
+          DOCKER_IMAGE: ${{ steps.build.outputs.docker_image }}
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c3a532f..d094453 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -25,6 +25,7 @@ jobs:
         with:
           fetch-tags: true
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up Homebrew
         uses: Homebrew/actions/setup-homebrew@master
diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml
index 1636c48..652351f 100644
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -17,6 +17,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 09b543a..3c333dd 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -16,6 +16,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
 
     - name: build essential
       run: |