From 014f4f151b9feea0fa2d0629b1725e43e136a7b0 Mon Sep 17 00:00:00 2001 From: Matthias Mair Date: Fri, 13 Dec 2024 12:06:04 +0100 Subject: [PATCH] do only persist credentials if needed --- .github/actions/setup/action.yaml | 2 ++ .github/workflows/check_translations.yaml | 3 +++ .github/workflows/docker.yaml | 4 ++++ .github/workflows/qc_checks.yaml | 27 +++++++++++++++++++++++ .github/workflows/release.yaml | 4 ++++ .github/workflows/translations.yaml | 2 ++ .github/workflows/update.yml.disabled | 2 ++ 7 files changed, 44 insertions(+) diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index c577c3fcf4..2cd40f20a0 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -36,6 +36,8 @@ runs: steps: - name: Checkout Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false # Python installs - name: Set up Python ${{ env.python_version }} diff --git a/.github/workflows/check_translations.yaml b/.github/workflows/check_translations.yaml index 5d53960b8d..c8628e1010 100644 --- a/.github/workflows/check_translations.yaml +++ b/.github/workflows/check_translations.yaml @@ -31,6 +31,9 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false + - name: Environment Setup uses: ./.github/actions/setup with: diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index e534bf4bc7..05131557f0 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -40,6 +40,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # pin@v3.0.2 id: filter with: @@ -67,6 +69,8 @@ jobs: steps: - name: Check out repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Set Up Python ${{ env.python_version }} uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # pin@v5.3.0 with: diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index f43e693589..4334dd1c38 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -40,6 +40,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # pin@v3.0.2 id: filter with: @@ -74,6 +76,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: @@ -96,6 +100,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Set up Python ${{ env.python_version }} uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # pin@v5.3.0 with: @@ -117,6 +123,8 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Set up Python ${{ env.python_version }} uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # pin@v5.3.0 with: @@ -153,6 +161,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: @@ -219,6 +229,7 @@ jobs: with: repository: inventree/schema token: ${{ secrets.SCHEMA_PAT }} + persist-credentials: false - name: Download schema artifact uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: @@ -254,6 +265,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: true - name: Environment Setup uses: ./.github/actions/setup with: @@ -296,6 +309,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: @@ -350,6 +365,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: @@ -394,6 +411,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: @@ -433,6 +452,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: @@ -464,6 +485,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false name: Checkout Code - name: Environment Setup uses: ./.github/actions/setup @@ -521,6 +544,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: @@ -569,6 +594,8 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7cb62f2ba0..8d2429c7c7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,6 +19,8 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Version Check run: | pip install --require-hashes -r contrib/dev_reqs/requirements.txt @@ -40,6 +42,8 @@ jobs: attestations: write steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Environment Setup uses: ./.github/actions/setup with: diff --git a/.github/workflows/translations.yaml b/.github/workflows/translations.yaml index f713896857..3a65887a46 100644 --- a/.github/workflows/translations.yaml +++ b/.github/workflows/translations.yaml @@ -32,6 +32,8 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: true - name: Environment Setup uses: ./.github/actions/setup with: diff --git a/.github/workflows/update.yml.disabled b/.github/workflows/update.yml.disabled index 350e21a789..900596bb09 100644 --- a/.github/workflows/update.yml.disabled +++ b/.github/workflows/update.yml.disabled @@ -10,6 +10,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 + with: + persist-credentials: false - name: Setup run: pip install --require-hashes -r requirements-dev.txt - name: Update requirements.txt