GHA: Explicitly set git credential persistence (true by default) (SteeltoeOSS#1579)

bart-vmware · web-flow · commit 008829718275 · 2025-08-28T16:04:40.000+02:00
diff --git a/.github/workflows/Steeltoe.All.yml b/.github/workflows/Steeltoe.All.yml
@@ -79,6 +79,8 @@ jobs:
 
     - name: Git checkout
       uses: actions/checkout@v4
+      with:
+        persist-credentials: false
 
     - name: Restore packages
       run: dotnet restore ${{ env.SOLUTION_FILE }} /p:Configuration=Release --verbosity minimal
diff --git a/.github/workflows/component-shared-workflow.yml b/.github/workflows/component-shared-workflow.yml
@@ -76,6 +76,8 @@ jobs:
 
     - name: Git checkout
       uses: actions/checkout@v4
+      with:
+        persist-credentials: false
 
     - name: Restore packages
       run: dotnet restore ${{ env.SOLUTION_FILE }} /p:Configuration=Release --verbosity minimal
diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -40,6 +40,8 @@ jobs:
 
     - name: Git checkout
       uses: actions/checkout@v4
+      with:
+        persist-credentials: false
 
     - name: Restore packages
       run: dotnet restore ${{ env.SOLUTION_FILE }} /p:Configuration=Release --verbosity minimal
@@ -261,6 +263,8 @@ jobs:
     steps:
     - name: Git checkout
       uses: actions/checkout@v4
+      with:
+        persist-credentials: true
 
     - name: Calculate next package version
       shell: pwsh
diff --git a/.github/workflows/scan-vulnerable-dependencies.yml b/.github/workflows/scan-vulnerable-dependencies.yml
@@ -36,6 +36,8 @@ jobs:
 
     - name: Git checkout
       uses: actions/checkout@v4
+      with:
+        persist-credentials: false
 
     - name: Report vulnerable dependencies
       run: dotnet restore ${{ env.SOLUTION_FILE }} --verbosity minimal /p:NuGetAudit=true /p:NuGetAuditMode=all /p:NuGetAuditLevel=low /p:TreatWarningsAsErrors=True
diff --git a/.github/workflows/sonarcube.yml b/.github/workflows/sonarcube.yml
@@ -60,6 +60,7 @@ jobs:
     - name: Git checkout
       uses: actions/checkout@v4
       with:
+        persist-credentials: false
         # Sonar: Shallow clones should be disabled for a better relevancy of analysis.
         fetch-depth: 0
 
diff --git a/.github/workflows/verify-code-style.yml b/.github/workflows/verify-code-style.yml
@@ -36,6 +36,7 @@ jobs:
     - name: Git checkout
       uses: actions/checkout@v4
       with:
+        persist-credentials: false
         fetch-depth: 2
 
     - name: Restore tools
