Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: set persist-credentials: false on workflows #40972

Merged
merged 1 commit into from
Nov 27, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/authors.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: '0' # This is required to actually get all the authors
persist-credentials: false
- run: "tools/update-authors.js" # Run the AUTHORS tool
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
env:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/auto-start-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false

# Install dependencies
- name: Install Node.js
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/build-tarball.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand All @@ -57,6 +59,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/build-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ jobs:
runs-on: ${{ matrix.windows }}
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/commit-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: ${{ steps.nb-of-commits.outputs.plusOne }}
persist-credentials: false
- run: git reset HEAD^2
- name: Install Node.js
uses: actions/setup-node@v2
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/commit-queue.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ jobs:
# Needs the whole git history for ncu to work
# See https://github.com/nodejs/node-core-utils/pull/486
fetch-depth: 0
persist-credentials: false
# A personal token is required because pushing with GITHUB_TOKEN will
# prevent commits from running CI after they land. It needs
# to be set here because `checkout` configures GitHub authentication
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/coverage-linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/coverage-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ jobs:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/daily.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ jobs:
container: gcc:11
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/find-inactive-collaborators.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: ${{ env.NUM_COMMITS }}
persist-credentials: false

- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/find-inactive-tsc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,16 @@ jobs:
steps:
- name: Checkout the repo
uses: actions/checkout@v2
with:
persist-credentials: false

- name: Clone nodejs/TSC repository
uses: actions/checkout@v2
with:
fetch-depth: 0
repository: nodejs/TSC
path: .tmp
persist-credentials: false
repository: nodejs/TSC

- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/license-builder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- run: "./tools/license-builder.sh" # Run the license builder tool
- uses: gr2m/create-or-update-pull-request-action@v1.x # Create a PR or update the Action's existing PR
env:
Expand Down
17 changes: 17 additions & 0 deletions .github/workflows/linters.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
Expand All @@ -33,6 +35,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand All @@ -46,6 +50,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
Expand All @@ -68,6 +74,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
Expand All @@ -81,6 +89,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand All @@ -96,6 +106,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Use Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand All @@ -112,6 +124,8 @@ jobs:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- run: shellcheck -V
- name: Lint Shell scripts
run: tools/lint-sh.js .
Expand All @@ -120,6 +134,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- uses: mszostok/codeowners-validator@v0.6.0
with:
checks: "files,duppatterns"
Expand All @@ -130,5 +146,6 @@ jobs:
- uses: actions/checkout@v2
with:
fetch-depth: 2
persist-credentials: false
# GH Actions squashes all PR commits, HEAD^ refers to the base branch.
- run: git diff HEAD^ HEAD -G"pr-url:" -- "*.md" | ./tools/lint-pr-url.mjs ${{ github.event.pull_request.html_url }}
2 changes: 2 additions & 0 deletions .github/workflows/misc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test-asan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ jobs:
CONFIG_FLAGS: --enable-asan
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test-internet.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test-linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test-macos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ jobs:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/tools.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ jobs:
fi
steps:
- uses: actions/checkout@v2
with:
persist-credentials: false
- run: ${{ matrix.run }}
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
env:
Expand Down