From 2efed4d9fad1793b195ce83862d9ce459997f35a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gergely=20F=C3=A1bi=C3=A1n?= <gergely.fabian@traveltime.com>
Date: Fri, 25 Oct 2024 12:01:44 +0200
Subject: [PATCH] CI: disable persist-credentials for actions/checkout

It is a possible security issue.
We do not want to persist credentials in the repo and thus exposing those
to further steps.

References:

* https://github.com/actions/checkout/issues/485#issuecomment-1197047674
* https://github.com/azat/chdig/pull/67
---
 .github/workflows/ci.yml      | 4 ++++
 .github/workflows/release.yml | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2854561..1dda2ae 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,6 +18,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Ruby 2.7
         uses: ruby/setup-ruby@v1
@@ -41,6 +43,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
       - uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4805296..0dd4edf 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,6 +11,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Ruby 2.7
         uses: ruby/setup-ruby@v1