Skip to content

Commit 77578c4

Browse files
authored
ci(fix): avoid duplicate release authentication (#408)
This pull request updates workflow configuration files to improve security and keep dependencies up to date. The main changes are upgrading the `peter-evans/create-pull-request` GitHub Action to the latest major version and disabling credential persistence during repository checkout steps. **GitHub Actions improvements:** * Upgraded `peter-evans/create-pull-request` from version 6 to version 8 in both `.github/workflows/prepare-release.yml` and `.github/workflows/promote-clean-semver.yml` to ensure the latest features and security updates are used. [[1]](diffhunk://#diff-ddf2bab74923dcd43f9f8d05e50bb1adc9ee5366a394d151d1f04a54a6079486L105-R106) [[2]](diffhunk://#diff-565eb0e1b0e3b91e82f7cf1ee64348f5102387ff136a8241b0d479198c6e8aa4L191-R192) * Set `persist-credentials: false` in all `actions/checkout` steps to prevent GitHub Actions from persisting repository credentials, which improves workflow security. [[1]](diffhunk://#diff-ddf2bab74923dcd43f9f8d05e50bb1adc9ee5366a394d151d1f04a54a6079486R63) [[2]](diffhunk://#diff-565eb0e1b0e3b91e82f7cf1ee64348f5102387ff136a8241b0d479198c6e8aa4R37)
1 parent 590dd2a commit 77578c4

2 files changed

Lines changed: 4 additions & 2 deletions

File tree

.github/workflows/prepare-release.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,7 @@ jobs:
6060
- uses: actions/checkout@v6
6161
with:
6262
fetch-depth: 0
63+
persist-credentials: false
6364

6465
- name: Setup Node
6566
uses: actions/setup-node@v6
@@ -102,7 +103,7 @@ jobs:
102103
python tools/bump_pyproject_deps.py --version "${{ steps.semrel.outputs.version }}" --bump-libs
103104
104105
- name: Commit and open PR
105-
uses: peter-evans/create-pull-request@v6
106+
uses: peter-evans/create-pull-request@v8
106107
with:
107108
branch: chore/release-${{ steps.semrel.outputs.version }}
108109
title: "chore(release): prepare ${{ steps.semrel.outputs.version }}"

.github/workflows/promote-clean-semver.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ jobs:
3434
with:
3535
fetch-depth: 0
3636
ref: ${{ inputs.ref || 'main' }}
37+
persist-credentials: false
3738

3839
- name: Load version metadata (workflow_run)
3940
if: ${{ github.event_name == 'workflow_run' }}
@@ -188,7 +189,7 @@ jobs:
188189
189190
- name: Open PR with updated locks, pins, and Chart appVersion
190191
id: cpr
191-
uses: peter-evans/create-pull-request@v6
192+
uses: peter-evans/create-pull-request@v8
192193
with:
193194
branch: chore/refresh-locks-${{ steps.versions.outputs.clean_version }}-${{ github.run_number }}
194195
title: "chore(release): refresh service lockfiles for ${{ steps.versions.outputs.clean_version }}"

0 commit comments

Comments
 (0)