Skip to content

Commit

Permalink
ci: set persist-credentials to false for checkout action
Browse files Browse the repository at this point in the history
  • Loading branch information
siljekristensen committed Jun 19, 2024
1 parent 639cd7f commit 36127ec
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 12 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/audit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ jobs:
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand All @@ -38,6 +40,8 @@ jobs:
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ jobs:
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -44,6 +46,8 @@ jobs:
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -79,6 +83,8 @@ jobs:
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Determine images to publish
id: image-tags
run: |
Expand Down
26 changes: 14 additions & 12 deletions .github/workflows/sonar.yaml
Original file line number Diff line number Diff line change
@@ -1,25 +1,27 @@
on:
# Trigger analysis when pushing in master or pull requests, and when creating
# a pull request.
# a pull request.
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
types: [opened, synchronize, reopened]
name: SonarCloud
jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'nrkno' }}

steps:
- uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
persist-credentials: false
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

0 comments on commit 36127ec

Please sign in to comment.