You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ci: disable credential persistence on the remaining checkouts
Add `persist-credentials: false` to the `actions/checkout` steps in
the 5 workflows that were not covered by the earlier integration-test
change: `check.yml`, `emulate.yml`, `example-app.yml`, `javadoc.yml`,
and `release.yaml`.
By default `actions/checkout` writes a short-lived
`GITHUB_TOKEN`-derived credential into the local `.git/config` for the
duration of the job. None of these jobs perform a `git push`, create
tags, open PRs, or otherwise require write access to the repository
over git:
- `check.yml` runs Gradle linters and unit tests
- `emulate.yml` runs Android emulator tests and uploads a reports
artifact via `actions/upload-artifact` (which uses the runtime
artifacts API, not git)
- `example-app.yml` runs the example-app connectedAndroidTest
- `javadoc.yml` builds Javadoc and uploads it to S3 via
`ably/sdk-upload-action`; `githubToken` is passed to that action as
an explicit input parameter, not via the checkout-persisted
credential, so disabling persistence does not affect the upload
- `release.yaml` publishes to Maven Central using Sonatype + GPG
credentials from repository secrets and performs no git write
`features.yml` only invokes a reusable workflow and has no checkout
step of its own, so it requires no change here.
0 commit comments