This is an automated email from the ASF dual-hosted git repository. swebb2066 pushed a commit to branch improve_security in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git
commit 432b11776e90c968be98c142de069bb79fa5f4fd Author: Stephen Webb <swebb2...@gmail.com> AuthorDate: Thu Apr 11 11:34:57 2024 +1000 Add 'persist-credentials: false' to all Github checkout actions --- .github/workflows/abi-compatibility.yml | 1 + .github/workflows/log4cxx-cpp11.yml | 1 + .github/workflows/log4cxx-macos.yml | 1 + .github/workflows/log4cxx-ubuntu.yml | 1 + .github/workflows/log4cxx-windows-static.yml | 1 + .github/workflows/log4cxx-windows.yml | 1 + .github/workflows/package_code.yml | 1 + .github/workflows/sonarcloud.yml | 1 + 8 files changed, 8 insertions(+) diff --git a/.github/workflows/abi-compatibility.yml b/.github/workflows/abi-compatibility.yml index e323e660..5fbdecff 100644 --- a/.github/workflows/abi-compatibility.yml +++ b/.github/workflows/abi-compatibility.yml @@ -34,6 +34,7 @@ jobs: steps: - uses: actions/checkout@v2 with: + persist-credentials: false # do not persist auth token in the local git config path: main - name: 'Configure Dependencies - Ubuntu' diff --git a/.github/workflows/log4cxx-cpp11.yml b/.github/workflows/log4cxx-cpp11.yml index 23f97219..0474ca5f 100644 --- a/.github/workflows/log4cxx-cpp11.yml +++ b/.github/workflows/log4cxx-cpp11.yml @@ -24,6 +24,7 @@ jobs: steps: - uses: actions/checkout@v3 with: + persist-credentials: false # do not persist auth token in the local git config path: main - name: 'Configure Dependencies - Ubuntu' diff --git a/.github/workflows/log4cxx-macos.yml b/.github/workflows/log4cxx-macos.yml index 456a191a..2df58221 100644 --- a/.github/workflows/log4cxx-macos.yml +++ b/.github/workflows/log4cxx-macos.yml @@ -40,6 +40,7 @@ jobs: steps: - uses: actions/checkout@v3 with: + persist-credentials: false # do not persist auth token in the local git config path: main - name: 'configure and build' diff --git a/.github/workflows/log4cxx-ubuntu.yml b/.github/workflows/log4cxx-ubuntu.yml index be9e0225..7df025ba 100644 --- a/.github/workflows/log4cxx-ubuntu.yml +++ b/.github/workflows/log4cxx-ubuntu.yml @@ -62,6 +62,7 @@ jobs: steps: - uses: actions/checkout@v3 with: + persist-credentials: false # do not persist auth token in the local git config path: main - name: 'Configure Dependencies' diff --git a/.github/workflows/log4cxx-windows-static.yml b/.github/workflows/log4cxx-windows-static.yml index 009f28e1..2285daeb 100644 --- a/.github/workflows/log4cxx-windows-static.yml +++ b/.github/workflows/log4cxx-windows-static.yml @@ -34,6 +34,7 @@ jobs: steps: - uses: actions/checkout@v3 with: + persist-credentials: false # do not persist auth token in the local git config path: main - name: 'Restore Prebuilt Dependencies' diff --git a/.github/workflows/log4cxx-windows.yml b/.github/workflows/log4cxx-windows.yml index c942670b..38625ca6 100644 --- a/.github/workflows/log4cxx-windows.yml +++ b/.github/workflows/log4cxx-windows.yml @@ -34,6 +34,7 @@ jobs: steps: - uses: actions/checkout@v3 with: + persist-credentials: false # do not persist auth token in the local git config path: main - name: 'Restore Prebuilt Dependencies' diff --git a/.github/workflows/package_code.yml b/.github/workflows/package_code.yml index 31b48498..bfa1518a 100644 --- a/.github/workflows/package_code.yml +++ b/.github/workflows/package_code.yml @@ -33,6 +33,7 @@ jobs: steps: - uses: actions/checkout@v2 with: + persist-credentials: false # do not persist auth token in the local git config path: clean-checkout # Consider using CPack when it supports a white-list for included files diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 442deb09..41945fa5 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -34,6 +34,7 @@ jobs: steps: - uses: actions/checkout@v2 with: + persist-credentials: false # do not persist auth token in the local git config fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis path: main