Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid persisting credentials on checkout step of the Github actions #19089

Draft
wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

Avoid persisting credentials on checkout step of the Github actions #19089

wants to merge 1 commit into from

Conversation

arash77
Copy link
Collaborator

@arash77 arash77 commented Oct 31, 2024
edited
Loading

Adding persist-credentials: false into the checkout step of the Github action workflows will prevent storing sensitive credentials for future jobs, which will increase the security of workflows.

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

  • I agree to license these and all my past contributions to the core galaxy codebase under the MIT license.

@github-actions github-actions bot added this to the 24.2 milestone Oct 31, 2024
@arash77 arash77 marked this pull request as draft November 4, 2024 15:57
@arash77
Copy link
Collaborator Author

arash77 commented Nov 7, 2024

This will cause GITHUB_TOKEN not to be accessible automatically anymore in the workflows and steps needing GitHub authentication (write access) must re-authenticate.

@arash77 arash77 force-pushed the Improve-github-workflows-security branch from 016717c to 4765594 Compare November 8, 2024 13:55
@jdavcs jdavcs modified the milestones: 24.2, 25.0 Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
25.0
Development

Successfully merging this pull request may close these issues.
2 participants
@arash77 @jdavcs