From e1c40acb5e4efaca6e98c3ae25b7206787f3e394 Mon Sep 17 00:00:00 2001
From: Konstantinos Kaloutas <sprocketc@gmail.com>
Date: Thu, 12 Dec 2024 17:49:06 +0200
Subject: [PATCH] set persist-credentials of workflow to false

---
 .github/workflows/clj-holmes.yml   | 2 ++
 .github/workflows/demo.yml         | 1 +
 .github/workflows/dependencies.yml | 2 ++
 .github/workflows/sponsors.yml     | 6 ++++--
 .github/workflows/studio.yml       | 1 +
 5 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/clj-holmes.yml b/.github/workflows/clj-holmes.yml
index 75d11e42..ab1e18b3 100644
--- a/.github/workflows/clj-holmes.yml
+++ b/.github/workflows/clj-holmes.yml
@@ -27,6 +27,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Scan code
         uses: clj-holmes/clj-holmes-action@53daa4da4ff495cccf791e4ba4222a8317ddae9e
diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
index d99ed0d1..80e8187b 100644
--- a/.github/workflows/demo.yml
+++ b/.github/workflows/demo.yml
@@ -32,6 +32,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
           fetch-tags: true
 
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
index 623f68dc..bd4ac6ae 100644
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@@ -11,6 +11,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: liquidz/antq-action@main
         with:
           excludes: 'org.clojure/tools.deps.alpha lambdaisland/deep-diff2'
diff --git a/.github/workflows/sponsors.yml b/.github/workflows/sponsors.yml
index 9e85338c..0a8ff76f 100644
--- a/.github/workflows/sponsors.yml
+++ b/.github/workflows/sponsors.yml
@@ -11,13 +11,15 @@ jobs:
     steps:
       - name: Checkout 🛎️
         uses: actions/checkout@v4
-      
+        with:
+          persist-credentials: false
+
       - name: Generate Sponsors 💖
         uses: JamesIves/github-sponsors-readme-action@v1
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
           file: 'README.md'
-      
+
       - name: Deploy to GitHub Pages 🚀
         uses: JamesIves/github-pages-deploy-action@v4
         with:
diff --git a/.github/workflows/studio.yml b/.github/workflows/studio.yml
index a0dbc986..e0ef8de4 100644
--- a/.github/workflows/studio.yml
+++ b/.github/workflows/studio.yml
@@ -20,6 +20,7 @@ jobs:
       - name: Check out Git repository
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
           fetch-tags: true