From 5b1c411a99308bf7900c05a45d975aef9a9d61c1 Mon Sep 17 00:00:00 2001 From: Christoph Wille Date: Sat, 11 Jan 2025 11:00:33 +0100 Subject: [PATCH] Zizmor offline analysis findings --- .github/workflows/build-frontends.yml | 2 ++ .github/workflows/build-ilspy.yml | 1 + .github/workflows/codeql-analysis.yml | 1 + .github/workflows/generate-bom.yml | 1 + 4 files changed, 5 insertions(+) diff --git a/.github/workflows/build-frontends.yml b/.github/workflows/build-frontends.yml index d9abeabe5f..894202f2c3 100644 --- a/.github/workflows/build-frontends.yml +++ b/.github/workflows/build-frontends.yml @@ -17,6 +17,8 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false + - uses: actions/setup-dotnet@v4 with: dotnet-version: '8.0.x' diff --git a/.github/workflows/build-ilspy.yml b/.github/workflows/build-ilspy.yml index 71b7e0e1ba..a112c3a39f 100644 --- a/.github/workflows/build-ilspy.yml +++ b/.github/workflows/build-ilspy.yml @@ -30,6 +30,7 @@ jobs: with: submodules: true fetch-depth: 0 + persist-credentials: false - uses: actions/setup-dotnet@v4 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f7cd2250c9..1508ed57fd 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,6 +28,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/generate-bom.yml b/.github/workflows/generate-bom.yml index 44cf80453e..9d31c0f72f 100644 --- a/.github/workflows/generate-bom.yml +++ b/.github/workflows/generate-bom.yml @@ -17,6 +17,7 @@ jobs: - uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: Install CycloneDX run: dotnet tool install --global CycloneDX