Skip to content

Commit 68d1486

Browse files
jaydelucajaydeluca
authored
Turn off persist-credentials for actions that don't need it (open-telemetry#2857)
1 parent b7b1c61 commit 68d1486

12 files changed

Lines changed: 29 additions & 0 deletions

.github/workflows/assign-issue-owners.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ jobs:
1818
steps:
1919
- name: Checkout repository
2020
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
21+
with:
22+
persist-credentials: false
2123

2224
- name: Setup Node.js
2325
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/build-common.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@ jobs:
2525
runs-on: ubuntu-latest
2626
steps:
2727
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
28+
with:
29+
persist-credentials: false
2830

2931
- name: Set up JDK for running Gradle
3032
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
@@ -46,6 +48,8 @@ jobs:
4648
runs-on: ubuntu-latest
4749
steps:
4850
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
51+
with:
52+
persist-credentials: false
4953

5054
- name: Set up JDK for running Gradle
5155
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
@@ -97,6 +101,8 @@ jobs:
97101
- 26 # renovate(java-version)
98102
steps:
99103
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
104+
with:
105+
persist-credentials: false
100106

101107
- id: setup-java-test
102108
name: Set up Java ${{ matrix.test-java-version }} for tests

.github/workflows/build-daily.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@ jobs:
2727
if: github.ref_name == 'main' && github.repository == 'open-telemetry/opentelemetry-java-contrib'
2828
steps:
2929
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
30+
with:
31+
persist-credentials: false
3032

3133
- name: Set up JDK for running Gradle
3234
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0

.github/workflows/codeql.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,8 @@ jobs:
3737
runs-on: ubuntu-latest
3838
steps:
3939
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
40+
with:
41+
persist-credentials: false
4042

4143
- name: Set up Java
4244
if: matrix.language == 'java'

.github/workflows/copilot-setup-steps.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ jobs:
2020
steps:
2121
- name: Checkout code
2222
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
23+
with:
24+
persist-credentials: false
2325

2426
- name: Set up JDK for running Gradle
2527
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0

.github/workflows/fossa.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
16+
with:
17+
persist-credentials: false
1618

1719
- uses: fossas/fossa-action@ff70fe9fe17cbd2040648f1c45e8ec4e4884dcf3 # v1.9.0
1820
with:

.github/workflows/gradle-wrapper-validation.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
16+
with:
17+
persist-credentials: false
1618

1719
# this needs to be in its own workflow in order to make OSSF scorecard happy
1820
- uses: gradle/actions/wrapper-validation@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0

.github/workflows/issue-management-feedback-label.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ jobs:
1919
runs-on: ubuntu-latest
2020
steps:
2121
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
22+
with:
23+
persist-credentials: false
2224

2325
- name: Remove labels
2426
env:

.github/workflows/release.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@ jobs:
3535
fi
3636
3737
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
38+
with:
39+
persist-credentials: false
3840

3941
- name: Set environment variables
4042
run: |
@@ -66,6 +68,7 @@ jobs:
6668
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6769
with:
6870
ref: main
71+
persist-credentials: false
6972

7073
- name: Check that change log update was merged to main
7174
run: |
@@ -82,6 +85,7 @@ jobs:
8285
with:
8386
# tags are needed for the generate-release-contributors.sh script
8487
fetch-depth: 0
88+
persist-credentials: false
8589

8690
- name: Set up JDK for running Gradle
8791
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0

.github/workflows/reusable-lint.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ jobs:
1313
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1414
with:
1515
fetch-depth: 0 # needed for merge-base used in modified-files mode
16+
persist-credentials: false
1617

1718
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
1819

0 commit comments

Comments
 (0)