Set persist-credentials to false on checkout action

.github/workflows/accept-pull-request.yml

@@ -69,6 +69,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           ref: ${{ env.BASE_REF }}
           token: ${{ secrets.HURL_BOT_TOKEN }}
           fetch-depth: 0

.github/workflows/auto-close-inactive-pr.yml

@@ -18,6 +18,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/[email protected]
+        with:
+          persist-credentials: false
       - name: Auto close inactive PR
         run: .github/workflows/bin/auto-close-inactive-pr.sh --github-project-path "${REPO}" --github-token "${GITHUB_TOKEN}" --max-days-of-inactivity 15
 

.github/workflows/check.yml

@@ -22,6 +22,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
 
     - name: Shellcheck

.github/workflows/coverage.yml

@@ -17,6 +17,8 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/[email protected]
+      with:
+        persist-credentials: false
 
     - name: Install Prerequisites
       run: bin/install_prerequisites_ubuntu.sh

.github/workflows/extra-package.yml

@@ -29,6 +29,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           fetch-depth: 1
           ref: ${{ github.event.inputs.set-release-version }}
       - name: Check if branch is a published release
@@ -52,6 +53,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           fetch-depth: 1
           ref: ${{ github.event.inputs.set-release-version }}
       - name: Push to chocolatey
@@ -69,6 +71,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           fetch-depth: 1
           ref: ${{ github.event.inputs.set-release-version }}
       - name: Push to winget

.github/workflows/package.yml

@@ -21,6 +21,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install prerequisites
       run: bin/install_prerequisites_ubuntu.sh
@@ -64,6 +65,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Set up QEMU
       uses: docker/[email protected]
@@ -113,6 +115,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Retrieve release-generic-linux-x64-artifacts
       uses: actions/[email protected]
@@ -166,6 +169,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Retrieve release-generic-linux-x64-artifacts
       uses: actions/[email protected]
@@ -217,6 +221,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Retrieve release-generic-linux-x64-artifacts
       uses: actions/[email protected]
@@ -268,6 +273,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Retrieve release-generic-linux-x64-artifacts
       uses: actions/[email protected]
@@ -321,6 +327,7 @@ jobs:
    - name: Checkout repository
      uses: actions/[email protected]
      with:
+       persist-credentials: false
        ref: ${{ inputs.branch }}
    - name: Set up Docker Buildx
      uses: docker/[email protected]
@@ -392,6 +399,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false 
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: bin/install_prerequisites_ubuntu.sh
@@ -443,6 +451,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: |
@@ -492,6 +501,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: |
@@ -547,6 +557,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Rust
       run: |
@@ -606,6 +617,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           ref: ${{ inputs.branch }}
       - uses: actions/[email protected]
         with:

.github/workflows/release.yml

@@ -54,6 +54,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/[email protected]
+        with:
+          persist-credentials: false
 
       - name: Check release pull request existence
         id: check-release-pull-request-existence
@@ -170,6 +172,8 @@ jobs:
       - name: Checkout repository
         if: github.ref_name == 'master'
         uses: actions/[email protected]
+        with:
+          persist-credentials: false
 
       - name: Create release branch
         if: github.ref_name == 'master'
@@ -187,6 +191,7 @@ jobs:
       - name: Checkout new release branch
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           ref: ${{ needs.set-context.outputs.release_branch }}
 
       - name: Check CHANGELOG
@@ -293,6 +298,7 @@ jobs:
       - name: Checkout new release branch
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           ref: ${{ needs.set-context.outputs.release_branch }}
 
       - name: Init git bot context

.github/workflows/test.yml

@@ -21,6 +21,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: bin/install_prerequisites_ubuntu.sh
@@ -54,6 +55,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Rust
       run: bin/install_rust.sh
@@ -75,6 +77,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: bin/install_prerequisites_ubuntu.sh
@@ -119,6 +122,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: bin/install_prerequisites_ubuntu.sh
@@ -160,6 +164,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Build, Test units and Integration tests
       uses: addnab/docker-run-action@v3
@@ -201,6 +206,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Build, Test units and Integration tests
       uses: addnab/docker-run-action@v3
@@ -249,6 +255,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Build, Test units and Integration tests
       uses: addnab/docker-run-action@v3
@@ -299,6 +306,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: |
@@ -347,6 +355,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Prerequisites
       run: |
@@ -398,6 +407,7 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
+        persist-credentials: false
         ref: ${{ inputs.branch }}
     - name: Install Rust
       run: |
@@ -439,7 +449,8 @@ jobs:
     - name: Checkout repository
       uses: actions/[email protected]
       with:
-       ref: ${{ inputs.branch }}
+        persist-credentials: false
+        ref: ${{ inputs.branch }}
     - name: Setup wsl Ubuntu
       uses: Vampire/[email protected]
       with:

.github/workflows/update-actions.yml

@@ -20,6 +20,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           ref: master
           token: ${{ secrets.HURL_BOT_TOKEN }}
 

.github/workflows/update-branch-version.yml

@@ -49,6 +49,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           ref: ${{ inputs.branch }}
 
       - name: Init bot branch name

.github/workflows/update-crates.yml

@@ -20,6 +20,7 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
         with:
+          persist-credentials: false
           ref: master
 
       - name: Crates update