This is an automated email from the ASF dual-hosted git repository.
swebb2066 pushed a commit to branch improve_security
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git
commit 432b11776e90c968be98c142de069bb79fa5f4fd
Author: Stephen Webb <swebb2...@gmail.com>
AuthorDate: Thu Apr 11 11:34:57 2024 +1000
Add 'persist-credentials: false' to all Github checkout actions
---
.github/workflows/abi-compatibility.yml | 1 +
.github/workflows/log4cxx-cpp11.yml | 1 +
.github/workflows/log4cxx-macos.yml | 1 +
.github/workflows/log4cxx-ubuntu.yml | 1 +
.github/workflows/log4cxx-windows-static.yml | 1 +
.github/workflows/log4cxx-windows.yml | 1 +
.github/workflows/package_code.yml | 1 +
.github/workflows/sonarcloud.yml | 1 +
8 files changed, 8 insertions(+)
diff --git a/.github/workflows/abi-compatibility.yml
b/.github/workflows/abi-compatibility.yml
index e323e660..5fbdecff 100644
--- a/.github/workflows/abi-compatibility.yml
+++ b/.github/workflows/abi-compatibility.yml
@@ -34,6 +34,7 @@ jobs:
steps:
- uses: actions/checkout@v2
with:
+ persist-credentials: false # do not persist auth token in the local
git config
path: main
- name: 'Configure Dependencies - Ubuntu'
diff --git a/.github/workflows/log4cxx-cpp11.yml
b/.github/workflows/log4cxx-cpp11.yml
index 23f97219..0474ca5f 100644
--- a/.github/workflows/log4cxx-cpp11.yml
+++ b/.github/workflows/log4cxx-cpp11.yml
@@ -24,6 +24,7 @@ jobs:
steps:
- uses: actions/checkout@v3
with:
+ persist-credentials: false # do not persist auth token in the local
git config
path: main
- name: 'Configure Dependencies - Ubuntu'
diff --git a/.github/workflows/log4cxx-macos.yml
b/.github/workflows/log4cxx-macos.yml
index 456a191a..2df58221 100644
--- a/.github/workflows/log4cxx-macos.yml
+++ b/.github/workflows/log4cxx-macos.yml
@@ -40,6 +40,7 @@ jobs:
steps:
- uses: actions/checkout@v3
with:
+ persist-credentials: false # do not persist auth token in the local
git config
path: main
- name: 'configure and build'
diff --git a/.github/workflows/log4cxx-ubuntu.yml
b/.github/workflows/log4cxx-ubuntu.yml
index be9e0225..7df025ba 100644
--- a/.github/workflows/log4cxx-ubuntu.yml
+++ b/.github/workflows/log4cxx-ubuntu.yml
@@ -62,6 +62,7 @@ jobs:
steps:
- uses: actions/checkout@v3
with:
+ persist-credentials: false # do not persist auth token in the local
git config
path: main
- name: 'Configure Dependencies'
diff --git a/.github/workflows/log4cxx-windows-static.yml
b/.github/workflows/log4cxx-windows-static.yml
index 009f28e1..2285daeb 100644
--- a/.github/workflows/log4cxx-windows-static.yml
+++ b/.github/workflows/log4cxx-windows-static.yml
@@ -34,6 +34,7 @@ jobs:
steps:
- uses: actions/checkout@v3
with:
+ persist-credentials: false # do not persist auth token in the local
git config
path: main
- name: 'Restore Prebuilt Dependencies'
diff --git a/.github/workflows/log4cxx-windows.yml
b/.github/workflows/log4cxx-windows.yml
index c942670b..38625ca6 100644
--- a/.github/workflows/log4cxx-windows.yml
+++ b/.github/workflows/log4cxx-windows.yml
@@ -34,6 +34,7 @@ jobs:
steps:
- uses: actions/checkout@v3
with:
+ persist-credentials: false # do not persist auth token in the local
git config
path: main
- name: 'Restore Prebuilt Dependencies'
diff --git a/.github/workflows/package_code.yml
b/.github/workflows/package_code.yml
index 31b48498..bfa1518a 100644
--- a/.github/workflows/package_code.yml
+++ b/.github/workflows/package_code.yml
@@ -33,6 +33,7 @@ jobs:
steps:
- uses: actions/checkout@v2
with:
+ persist-credentials: false # do not persist auth token in the local
git config
path: clean-checkout
# Consider using CPack when it supports a white-list for included files
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 442deb09..41945fa5 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -34,6 +34,7 @@ jobs:
steps:
- uses: actions/checkout@v2
with:
+ persist-credentials: false # do not persist auth token in the local
git config
fetch-depth: 0 # Shallow clones should be disabled for a better
relevancy of analysis
path: main
