From 3f8a02e400cce4007c75e4858a4638e414fe9fcd Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sat, 14 Dec 2024 15:22:09 +0100 Subject: [PATCH] Fix some issues pointed out by zizmor. (#362) --- .github/workflows/antsibull-docs.yml | 18 ++++++++++++++++++ .github/workflows/build-css.yml | 2 ++ .github/workflows/nox.yml | 6 ++++++ 3 files changed, 26 insertions(+) diff --git a/.github/workflows/antsibull-docs.yml b/.github/workflows/antsibull-docs.yml index 691e5136..5b826aa6 100644 --- a/.github/workflows/antsibull-docs.yml +++ b/.github/workflows/antsibull-docs.yml @@ -53,6 +53,7 @@ jobs: uses: actions/checkout@v4 with: path: antsibull-docs + persist-credentials: false - name: Check out dependent project antsibull-core uses: actions/checkout@v4 @@ -60,6 +61,7 @@ jobs: repository: ansible-community/antsibull-core path: antsibull-core ref: ${{ matrix.antsibull_core_ref }} + persist-credentials: false - name: Check out dependent project antsibull-docs-parser uses: actions/checkout@v4 @@ -67,6 +69,7 @@ jobs: repository: ansible-community/antsibull-docs-parser path: antsibull-docs-parser ref: ${{ matrix.antsibull_docs_parser_ref }} + persist-credentials: false - name: Check out dependent project antsibull-changelog uses: actions/checkout@v4 @@ -74,6 +77,7 @@ jobs: repository: ansible-community/antsibull-changelog path: antsibull-changelog ref: ${{ matrix.antsibull_changelog_ref }} + persist-credentials: false - name: Check out dependent project antsibull-docutils uses: actions/checkout@v4 @@ -81,6 +85,7 @@ jobs: repository: ansible-community/antsibull-docutils path: antsibull-docutils ref: ${{ matrix.antsibull_docutils_ref }} + persist-credentials: false - name: Check out dependent project antsibull-fileutils uses: actions/checkout@v4 @@ -88,6 +93,7 @@ jobs: repository: ansible-community/antsibull-fileutils path: antsibull-fileutils ref: ${{ matrix.antsibull_fileutils_ref }} + persist-credentials: false - name: Set up Python ${{ matrix.python }} uses: actions/setup-python@v5 @@ -184,36 +190,42 @@ jobs: uses: actions/checkout@v4 with: path: antsibull-docs + persist-credentials: false - name: Check out dependent project antsibull-core uses: actions/checkout@v4 with: repository: ansible-community/antsibull-core path: antsibull-core + persist-credentials: false - name: Check out dependent project antsibull-docs-parser uses: actions/checkout@v4 with: repository: ansible-community/antsibull-docs-parser path: antsibull-docs-parser + persist-credentials: false - name: Check out dependent project antsibull-changelog uses: actions/checkout@v4 with: repository: ansible-community/antsibull-changelog path: antsibull-changelog + persist-credentials: false - name: Check out dependent project antsibull-docutils uses: actions/checkout@v4 with: repository: ansible-community/antsibull-docutils path: antsibull-docutils + persist-credentials: false - name: Check out dependent project antsibull-fileutils uses: actions/checkout@v4 with: repository: ansible-community/antsibull-fileutils path: antsibull-fileutils + persist-credentials: false - name: Set up Python 3.13 uses: actions/setup-python@v5 @@ -263,36 +275,42 @@ jobs: uses: actions/checkout@v4 with: path: antsibull-docs + persist-credentials: false - name: Check out dependent project antsibull-core uses: actions/checkout@v4 with: repository: ansible-community/antsibull-core path: antsibull-core + persist-credentials: false - name: Check out dependent project antsibull-docs-parser uses: actions/checkout@v4 with: repository: ansible-community/antsibull-docs-parser path: antsibull-docs-parser + persist-credentials: false - name: Check out dependent project antsibull-changelog uses: actions/checkout@v4 with: repository: ansible-community/antsibull-changelog path: antsibull-changelog + persist-credentials: false - name: Check out dependent project antsibull-docutils uses: actions/checkout@v4 with: repository: ansible-community/antsibull-docutils path: antsibull-docutils + persist-credentials: false - name: Check out dependent project antsibull-fileutils uses: actions/checkout@v4 with: repository: ansible-community/antsibull-fileutils path: antsibull-fileutils + persist-credentials: false - name: Set up Python 3.13 uses: actions/setup-python@v5 diff --git a/.github/workflows/build-css.yml b/.github/workflows/build-css.yml index c962fea4..68a4e058 100644 --- a/.github/workflows/build-css.yml +++ b/.github/workflows/build-css.yml @@ -26,6 +26,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Use Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/nox.yml b/.github/workflows/nox.yml index 3451d40d..8a72e29d 100644 --- a/.github/workflows/nox.yml +++ b/.github/workflows/nox.yml @@ -48,31 +48,37 @@ jobs: uses: actions/checkout@v4 with: path: antsibull-docs + persist-credentials: false - name: Check out dependent project antsibull-core uses: actions/checkout@v4 with: repository: ansible-community/antsibull-core path: antsibull-core + persist-credentials: false - name: Check out dependent project antsibull-docs-parser uses: actions/checkout@v4 with: repository: ansible-community/antsibull-docs-parser path: antsibull-docs-parser + persist-credentials: false - name: Check out dependent project antsibull-changelog uses: actions/checkout@v4 with: repository: ansible-community/antsibull-changelog path: antsibull-changelog + persist-credentials: false - name: Check out dependent project antsibull-docutils uses: actions/checkout@v4 with: repository: ansible-community/antsibull-docutils path: antsibull-docutils + persist-credentials: false - name: Check out dependent project antsibull-fileutils uses: actions/checkout@v4 with: repository: ansible-community/antsibull-fileutils path: antsibull-fileutils + persist-credentials: false - name: Install extra packages if: "matrix.packages != ''" run: |