From fc237a16900362eac5395a424d88fe6381b4affa Mon Sep 17 00:00:00 2001 From: Patrick Linnane Date: Tue, 1 Apr 2025 15:33:44 -0700 Subject: workflows: fix zizmor findings (part 1) (#190) Signed-off-by: Patrick Linnane --- .github/workflows/docker-pr.yml | 5 ++++- .github/workflows/docker.yml | 1 + .github/workflows/docs-deploy.yml | 2 ++ .github/workflows/go.yml | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index b124f75..03539f7 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -19,6 +19,7 @@ jobs: with: fetch-tags: true fetch-depth: 0 + persist-credentials: false - name: Set up Homebrew uses: Homebrew/actions/setup-homebrew@master @@ -62,4 +63,6 @@ jobs: - run: | echo "Test this with:" - echo "docker pull ${{ steps.build.outputs.docker_image }}" \ No newline at end of file + echo "docker pull ${DOCKER_IMAGE}" + env: + DOCKER_IMAGE: ${{ steps.build.outputs.docker_image }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c3a532f..d094453 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,6 +25,7 @@ jobs: with: fetch-tags: true fetch-depth: 0 + persist-credentials: false - name: Set up Homebrew uses: Homebrew/actions/setup-homebrew@master diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 1636c48..652351f 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -17,6 +17,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 09b543a..3c333dd 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -16,6 +16,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: build essential run: | -- cgit v1.2.3