CI: remove git credentials after checkout

This commit is contained in:
XhmikosR
2022-11-13 08:00:34 +02:00
parent 56e34ab5a6
commit 5b8e0707fe
4 changed files with 16 additions and 3 deletions

View File

@@ -29,6 +29,8 @@ jobs:
steps: steps:
- name: Clone repository - name: Clone repository
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
persist-credentials: false
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v4 uses: actions/setup-python@v4

View File

@@ -23,8 +23,10 @@ jobs:
security-events: write security-events: write
steps: steps:
- name: Checkout repository - name: Clone repository
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
persist-credentials: false
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v2 uses: github/codeql-action/init@v2

View File

@@ -19,21 +19,27 @@ jobs:
contents: read contents: read
packages: write packages: write
steps: steps:
- name: Checkout - name: Clone repository
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
persist-credentials: false
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: Log in to the Container registry - name: Log in to the Container registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) - name: Extract metadata (tags, labels)
id: meta id: meta
uses: docker/metadata-action@v4 uses: docker/metadata-action@v4
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push container image - name: Build and push container image
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:

View File

@@ -8,7 +8,10 @@ jobs:
dependency-review: dependency-review:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: 'Checkout Repository' - name: Clone repository
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
persist-credentials: false
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@v2 uses: actions/dependency-review-action@v2