From 6bf36599d14314a1c81685192db56e6321e7f4a7 Mon Sep 17 00:00:00 2001
From: Silje Enge Kristensen <silje.enge.kristensen@nrk.no>
Date: Fri, 28 Jun 2024 10:16:34 +0200
Subject: [PATCH] ci: set persist-credentials to false for checkout action

---
 .github/workflows/audit.yaml              | 4 ++++
 .github/workflows/node.yaml               | 7 +++++++
 .github/workflows/publish-prerelease.yaml | 3 +++
 .github/workflows/sonar.yaml              | 1 +
 4 files changed, 15 insertions(+)

diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
index c2ce157e..1738f008 100644
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
@@ -16,6 +16,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Use Node.js 16
         uses: actions/setup-node@v4
         with:
@@ -38,6 +40,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Use Node.js 16
         uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/node.yaml b/.github/workflows/node.yaml
index 6521eb2b..f3e73b58 100644
--- a/.github/workflows/node.yaml
+++ b/.github/workflows/node.yaml
@@ -16,6 +16,8 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
@@ -53,6 +55,8 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Use Node.js ${{ matrix.node_version }}
         uses: actions/setup-node@v4
         with:
@@ -87,6 +91,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Use Node.js 16
         uses: actions/setup-node@v4
         with:
@@ -118,6 +124,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
       - name: Use Node.js 16
         uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/publish-prerelease.yaml b/.github/workflows/publish-prerelease.yaml
index 70a441ee..447c27c0 100644
--- a/.github/workflows/publish-prerelease.yaml
+++ b/.github/workflows/publish-prerelease.yaml
@@ -18,6 +18,8 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Use Node.js ${{ matrix.node_version }}
         uses: actions/setup-node@v4
         with:
@@ -52,6 +54,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
       - name: Use Node.js 16
         uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml
index 11b0cbd4..4ef9b2b2 100644
--- a/.github/workflows/sonar.yaml
+++ b/.github/workflows/sonar.yaml
@@ -18,6 +18,7 @@ jobs:
         with:
           # Disabling shallow clone is recommended for improving relevancy of reporting
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Use Node.js
         uses: actions/setup-node@v4