From a80cff98771b57d0b1f51783a6f62fa10676ca23 Mon Sep 17 00:00:00 2001
From: Alex Tomkins <tomkins@darkzone.net>
Date: Sat, 14 Dec 2024 16:17:14 +0000
Subject: [PATCH] Don't persist git credentials after checkout

---
 .github/workflows/ci.yml      | 3 +++
 .github/workflows/publish.yml | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dc26697..be659df 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,6 +11,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Setup Python
         uses: actions/setup-python@v5
@@ -38,6 +39,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Setup Python
         uses: actions/setup-python@v5
@@ -66,6 +68,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Setup Python
         uses: actions/setup-python@v5
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index a1bfaa5..707754d 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -14,6 +14,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Setup Python
         uses: actions/setup-python@v5
         with: