Skip to content

Commit 4e04a6c

Browse files
committed
ci: tighten security of checkout action
1 parent 94e7c5e commit 4e04a6c

1 file changed

Lines changed: 7 additions & 4 deletions

File tree

.github/workflows/docs.yaml

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -55,9 +55,10 @@ jobs:
5555

5656
- name: ⬇ Checkout docs.octoprint.org
5757
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.client_payload.ref == format('refs/{0}/{1}', matrix.source, matrix.version)
58-
uses: actions/checkout@v4
58+
uses: actions/checkout@v6
5959
with:
6060
path: docs.octoprint.org
61+
persist-credentials: false
6162

6263
- name: 👀 Determine latest OctoPrint release
6364
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.client_payload.ref == format('refs/{0}/{1}', matrix.source, matrix.version)
@@ -67,7 +68,7 @@ jobs:
6768
6869
- name: 🐍 Set up Python ${{ matrix.python }}
6970
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.client_payload.ref == format('refs/{0}/{1}', matrix.source, matrix.version)
70-
uses: actions/setup-python@v4
71+
uses: actions/setup-python@v6
7172
with:
7273
python-version: ${{ matrix.python }}
7374

@@ -93,11 +94,12 @@ jobs:
9394
9495
- name: ⬇ Checkout OctoPrint
9596
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.client_payload.ref == format('refs/{0}/{1}', matrix.source, matrix.version)
96-
uses: actions/checkout@v4
97+
uses: actions/checkout@v6
9798
with:
9899
repository: "OctoPrint/OctoPrint"
99100
ref: ${{ matrix.version }}
100101
path: OctoPrint
102+
persist-credentials: false
101103

102104
- name: 🏗 Install OctoPrint
103105
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.client_payload.ref == format('refs/{0}/{1}', matrix.source, matrix.version)
@@ -138,10 +140,11 @@ jobs:
138140
runs-on: ubuntu-latest
139141
steps:
140142
- name: ⬇ Checkout docs.octoprint.org
141-
uses: actions/checkout@v4
143+
uses: actions/checkout@v6
142144
with:
143145
ref: gh-pages
144146
path: docs
147+
persist-credentials: false
145148

146149
- name: ⬇ Fetch all artifacts
147150
uses: actions/download-artifact@v4

0 commit comments

Comments
 (0)