From: XhmikosR <redacted>
Date: Sun, 13 Nov 2022 06:00:34 +0000 (+0200)
Subject: CI: remove git credentials after checkout
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=5b8e0707fe5a247ff925b965f40bfa94bdb8365e;p=stevenblack-hosts.git

CI: remove git credentials after checkout
---

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 010e2133f..6bcb9238f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,6 +29,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Python
         uses: actions/setup-python@v4
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e3d93cade..b1f87b84a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -23,8 +23,10 @@ jobs:
       security-events: write
 
     steps:
-      - name: Checkout repository
+      - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 7a68a7385..9857f0a5d 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -19,21 +19,27 @@ jobs:
       contents: read
       packages: write
     steps:
-      - name: Checkout
+      - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+
       - name: Log in to the Container registry
         uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Extract metadata (tags, labels)
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
       - name: Build and push container image
         uses: docker/build-push-action@v3
         with:
diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
index a25de591b..5a9469932 100644
--- a/.github/workflows/depsreview.yaml
+++ b/.github/workflows/depsreview.yaml
@@ -8,7 +8,10 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout Repository'
+      - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v2