diff --git a/.github/workflows/changelog_stage.yml b/.github/workflows/changelog_stage.yml index bbe8a2c54..0521b935d 100644 --- a/.github/workflows/changelog_stage.yml +++ b/.github/workflows/changelog_stage.yml @@ -12,6 +12,8 @@ jobs: # If we change the output filename from `release_notes.md`, it should also be changed in tools/create_github_release.py - name: checkout uses: actions/checkout@v6.0.2 + with: + persist-credentials: false - name: Prepare changelog run: |- CERTBOT_VERSION="$(cd certbot/src && python -c "import certbot; print(certbot.__version__)" && cd ~-)" diff --git a/.github/workflows/common_deploy_jobs.yml b/.github/workflows/common_deploy_jobs.yml index 534618933..61e2c9aaf 100644 --- a/.github/workflows/common_deploy_jobs.yml +++ b/.github/workflows/common_deploy_jobs.yml @@ -41,6 +41,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6.0.2 + with: + persist-credentials: false - name: Install dependencies run: |- sudo apt-get update @@ -105,6 +107,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6.0.2 + with: + persist-credentials: false - name: Retrieve Certbot snaps uses: actions/download-artifact@v8.0.1 with: @@ -129,6 +133,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6.0.2 + with: + persist-credentials: false - name: Login to Docker Hub uses: docker/login-action@v4.1.0 with: diff --git a/.github/workflows/packaging_jobs.yml b/.github/workflows/packaging_jobs.yml index 1484da173..5e82a9956 100644 --- a/.github/workflows/packaging_jobs.yml +++ b/.github/workflows/packaging_jobs.yml @@ -32,6 +32,8 @@ jobs: steps: - name: checkout uses: actions/checkout@v6.0.2 + with: + persist-credentials: false - name: Build the Docker images # We don't filter for the Docker Hub organization to continue to allow # easy testing of these scripts on forks.