From b48365495145fb60a759ea1bfc763c88b21b4ce1 Mon Sep 17 00:00:00 2001
From: Shunsuke Suzuki <suzuki-shunsuke@users.noreply.github.com>
Date: Wed, 25 Dec 2024 10:45:32 +0900
Subject: [PATCH] ci: disable-checkout-persist-credentials (#30315)

* ci: disable-checkout-persist-credentials

* style: remove a newline
---
 .github/workflows/actionlint.yaml              | 2 ++
 .github/workflows/count-pkgs.yaml              | 2 ++
 .github/workflows/debug-with-action-tmate.yaml | 1 +
 .github/workflows/update.yaml                  | 2 ++
 .github/workflows/wc-check-files.yaml          | 2 ++
 .github/workflows/wc-ci-info.yaml              | 2 ++
 .github/workflows/wc-generate-registry.yaml    | 2 ++
 .github/workflows/wc-json-schema.yaml          | 2 ++
 .github/workflows/wc-lintnet.yaml              | 2 ++
 .github/workflows/wc-prettier.yaml             | 2 ++
 .github/workflows/wc-test-docker.yaml          | 2 ++
 .github/workflows/wc-test.yaml                 | 3 ++-
 12 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml
index 4740592a756..a76db99f5c2 100644
--- a/.github/workflows/actionlint.yaml
+++ b/.github/workflows/actionlint.yaml
@@ -19,6 +19,8 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
         with:
           aqua_version: v2.40.0
diff --git a/.github/workflows/count-pkgs.yaml b/.github/workflows/count-pkgs.yaml
index fd22f9d7f68..f80537d67ec 100644
--- a/.github/workflows/count-pkgs.yaml
+++ b/.github/workflows/count-pkgs.yaml
@@ -12,6 +12,8 @@ jobs:
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2
       - uses: jdx/mise-action@249c01ba271e19fa76eede7f766161cc95ace489 # v2.1.10
       - run: |
diff --git a/.github/workflows/debug-with-action-tmate.yaml b/.github/workflows/debug-with-action-tmate.yaml
index 795e3d90d82..fe8bfbe1170 100644
--- a/.github/workflows/debug-with-action-tmate.yaml
+++ b/.github/workflows/debug-with-action-tmate.yaml
@@ -20,6 +20,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{inputs.ref}}
+          persist-credentials: false
 
       - run: gh pr checkout "${{inputs.pr_number}}"
         if: inputs.pr_number != ''
diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml
index a6733d9232d..1f6fbc88f24 100644
--- a/.github/workflows/update.yaml
+++ b/.github/workflows/update.yaml
@@ -18,6 +18,8 @@ jobs:
       packages: write
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
         with:
           aqua_version: v2.40.0
diff --git a/.github/workflows/wc-check-files.yaml b/.github/workflows/wc-check-files.yaml
index 8a7131828d7..c3e44a14819 100644
--- a/.github/workflows/wc-check-files.yaml
+++ b/.github/workflows/wc-check-files.yaml
@@ -9,4 +9,6 @@ jobs:
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/registry-action/check-files@7b6e2c92250ab08b58f5c665f6e2ca4712bee2c3 # v0.2.1
diff --git a/.github/workflows/wc-ci-info.yaml b/.github/workflows/wc-ci-info.yaml
index 1821a84443a..818a63dcac1 100644
--- a/.github/workflows/wc-ci-info.yaml
+++ b/.github/workflows/wc-ci-info.yaml
@@ -12,6 +12,8 @@ jobs:
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
         with:
           aqua_version: v2.40.0
diff --git a/.github/workflows/wc-generate-registry.yaml b/.github/workflows/wc-generate-registry.yaml
index 65b8114d20e..73c801a5a8f 100644
--- a/.github/workflows/wc-generate-registry.yaml
+++ b/.github/workflows/wc-generate-registry.yaml
@@ -9,6 +9,8 @@ jobs:
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
         with:
           aqua_version: v2.40.0
diff --git a/.github/workflows/wc-json-schema.yaml b/.github/workflows/wc-json-schema.yaml
index a3cde61beb0..084f76824e3 100644
--- a/.github/workflows/wc-json-schema.yaml
+++ b/.github/workflows/wc-json-schema.yaml
@@ -9,4 +9,6 @@ jobs:
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/registry-action/validate-json-schema@7b6e2c92250ab08b58f5c665f6e2ca4712bee2c3 # v0.2.1
diff --git a/.github/workflows/wc-lintnet.yaml b/.github/workflows/wc-lintnet.yaml
index ecf5f776563..912e74cfa77 100644
--- a/.github/workflows/wc-lintnet.yaml
+++ b/.github/workflows/wc-lintnet.yaml
@@ -13,6 +13,8 @@ jobs:
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
         with:
           aqua_version: v2.40.0
diff --git a/.github/workflows/wc-prettier.yaml b/.github/workflows/wc-prettier.yaml
index 29f3d8e4b14..9875d155a77 100644
--- a/.github/workflows/wc-prettier.yaml
+++ b/.github/workflows/wc-prettier.yaml
@@ -9,5 +9,7 @@ jobs:
     timeout-minutes: 20
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - run: npm i -g prettier
       - run: prettier -c .
diff --git a/.github/workflows/wc-test-docker.yaml b/.github/workflows/wc-test-docker.yaml
index 8a83dc5f8fa..454d69ba639 100644
--- a/.github/workflows/wc-test-docker.yaml
+++ b/.github/workflows/wc-test-docker.yaml
@@ -9,6 +9,8 @@ jobs:
     timeout-minutes: 20
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
         with:
           aqua_version: v2.40.0
diff --git a/.github/workflows/wc-test.yaml b/.github/workflows/wc-test.yaml
index 006c3da3aad..74a2af4fcbf 100644
--- a/.github/workflows/wc-test.yaml
+++ b/.github/workflows/wc-test.yaml
@@ -38,6 +38,8 @@ jobs:
     timeout-minutes: 30
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: suzuki-shunsuke/ci-info-action/restore@ceeb10dd50cd632db31e7eccf92cbbb6856f3191 # v0.1.3
 
       # - name: Generate token
@@ -46,7 +48,6 @@ jobs:
       #   with:
       #     app_id: ${{ secrets.APP_ID }}
       #     private_key: ${{ secrets.APP_PRIVATE_KEY }}
-
       - uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
         with:
           aqua_version: v2.40.0