gitea-admin/thousandeyes-sdk-python
1
0
Fork 0
mirror of https://github.com/thousandeyes/thousandeyes-sdk-python.git synced 2026-06-19 17:36:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Set persist-credentials: false on checkouts before untrusted steps.

Browse Source 
Prevents GITHUB_TOKEN from being written to git config before pip/pytest
in CI and before build steps in release. add-tag checkout keeps default
credentials for GitHub release creation.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Kevin 2026-06-02 11:10:36 +01:00
parent 63f29df0e1
commit 297d6bd869
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/python.yaml vendored
View File

@ -23,6 +23,8 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: '3.11' python-version: '3.11'

4
.github/workflows/release.yaml vendored
View File

@ -21,6 +21,7 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false
- id: validate - id: validate
env: env:
RELEASE_VERSION: ${{ inputs.releaseVersion }} RELEASE_VERSION: ${{ inputs.releaseVersion }}
@ -44,6 +45,8 @@ jobs:
packages: ${{ steps.packages.outputs.packages }} packages: ${{ steps.packages.outputs.packages }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
persist-credentials: false
- id: packages - id: packages
run: | run: |
shopt -s nullglob shopt -s nullglob
@ -80,6 +83,7 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
ref: main ref: main
persist-credentials: false
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with: