You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@logging.apache.org by sw...@apache.org on 2024/04/11 01:36:22 UTC

(logging-log4cxx) branch improve_security created (now 432b1177)

This is an automated email from the ASF dual-hosted git repository.

swebb2066 pushed a change to branch improve_security
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git


      at 432b1177 Add 'persist-credentials: false' to all Github checkout actions

This branch includes the following new commits:

     new 432b1177 Add 'persist-credentials: false' to all Github checkout actions

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(logging-log4cxx) 01/01: Add 'persist-credentials: false' to all Github checkout actions

Posted by sw...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

swebb2066 pushed a commit to branch improve_security
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git

commit 432b11776e90c968be98c142de069bb79fa5f4fd
Author: Stephen Webb <sw...@gmail.com>
AuthorDate: Thu Apr 11 11:34:57 2024 +1000

    Add 'persist-credentials: false' to all Github checkout actions
---
 .github/workflows/abi-compatibility.yml      | 1 +
 .github/workflows/log4cxx-cpp11.yml          | 1 +
 .github/workflows/log4cxx-macos.yml          | 1 +
 .github/workflows/log4cxx-ubuntu.yml         | 1 +
 .github/workflows/log4cxx-windows-static.yml | 1 +
 .github/workflows/log4cxx-windows.yml        | 1 +
 .github/workflows/package_code.yml           | 1 +
 .github/workflows/sonarcloud.yml             | 1 +
 8 files changed, 8 insertions(+)

diff --git a/.github/workflows/abi-compatibility.yml b/.github/workflows/abi-compatibility.yml
index e323e660..5fbdecff 100644
--- a/.github/workflows/abi-compatibility.yml
+++ b/.github/workflows/abi-compatibility.yml
@@ -34,6 +34,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
       with:
+        persist-credentials: false # do not persist auth token in the local git config
         path: main
 
     - name: 'Configure Dependencies - Ubuntu'
diff --git a/.github/workflows/log4cxx-cpp11.yml b/.github/workflows/log4cxx-cpp11.yml
index 23f97219..0474ca5f 100644
--- a/.github/workflows/log4cxx-cpp11.yml
+++ b/.github/workflows/log4cxx-cpp11.yml
@@ -24,6 +24,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
       with:
+        persist-credentials: false # do not persist auth token in the local git config
         path: main
 
     - name: 'Configure Dependencies - Ubuntu'
diff --git a/.github/workflows/log4cxx-macos.yml b/.github/workflows/log4cxx-macos.yml
index 456a191a..2df58221 100644
--- a/.github/workflows/log4cxx-macos.yml
+++ b/.github/workflows/log4cxx-macos.yml
@@ -40,6 +40,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
       with:
+        persist-credentials: false # do not persist auth token in the local git config
         path: main
 
     - name: 'configure and build'
diff --git a/.github/workflows/log4cxx-ubuntu.yml b/.github/workflows/log4cxx-ubuntu.yml
index be9e0225..7df025ba 100644
--- a/.github/workflows/log4cxx-ubuntu.yml
+++ b/.github/workflows/log4cxx-ubuntu.yml
@@ -62,6 +62,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
       with:
+        persist-credentials: false # do not persist auth token in the local git config
         path: main
 
     - name: 'Configure Dependencies'
diff --git a/.github/workflows/log4cxx-windows-static.yml b/.github/workflows/log4cxx-windows-static.yml
index 009f28e1..2285daeb 100644
--- a/.github/workflows/log4cxx-windows-static.yml
+++ b/.github/workflows/log4cxx-windows-static.yml
@@ -34,6 +34,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
       with:
+        persist-credentials: false # do not persist auth token in the local git config
         path: main
 
     - name: 'Restore Prebuilt Dependencies'
diff --git a/.github/workflows/log4cxx-windows.yml b/.github/workflows/log4cxx-windows.yml
index c942670b..38625ca6 100644
--- a/.github/workflows/log4cxx-windows.yml
+++ b/.github/workflows/log4cxx-windows.yml
@@ -34,6 +34,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
       with:
+        persist-credentials: false # do not persist auth token in the local git config
         path: main
 
     - name: 'Restore Prebuilt Dependencies'
diff --git a/.github/workflows/package_code.yml b/.github/workflows/package_code.yml
index 31b48498..bfa1518a 100644
--- a/.github/workflows/package_code.yml
+++ b/.github/workflows/package_code.yml
@@ -33,6 +33,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
       with:
+        persist-credentials: false # do not persist auth token in the local git config
         path: clean-checkout
 
 # Consider using CPack when it supports a white-list for included files
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 442deb09..41945fa5 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -34,6 +34,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
         with:
+          persist-credentials: false # do not persist auth token in the local git config
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
           path: main