Skip to content

Commit

Permalink
Change the default value of persist-credentials to false
Browse files Browse the repository at this point in the history
Change the default value of persist-credentials setting from true to
false to reduce the risk of unintentionally exposing the GITHUB_TOKEN
secret.

Fixes: actions#485

Signed-off-by: Michi Mutsuzaki <[email protected]>
  • Loading branch information
michi-covalent committed Apr 20, 2024
1 parent 1d96c77 commit e832aee
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workfl

Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://docs.github.com/actions/using-workflows/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.

The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
Set `persist-credentials: true` to opt-in to persist the auth token in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup.

When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.

Expand Down Expand Up @@ -68,7 +68,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
ssh-user: ''

# Whether to configure the token or SSH key with the local git config
# Default: true
# Default: false
persist-credentials: ''

# Relative path under $GITHUB_WORKSPACE to place the repository
Expand Down
2 changes: 1 addition & 1 deletion action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ inputs:
default: git
persist-credentials:
description: 'Whether to configure the token or SSH key with the local git config'
default: true
default: false
path:
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
clean:
Expand Down

0 comments on commit e832aee

Please sign in to comment.