Describe the enhancement
Most actions/checkout steps do not set persist-credentials: false. Setting this option is a recommended best practice to avoid credentials being stored in the local git config after checkout.
This affects 56 checkout steps across most workflow files. The zizmor tool can auto-fix these.
Example
Before:
- uses: actions/checkout@v6
with:
fetch-depth: 0After:
- uses: actions/checkout@v6
with:
fetch-depth: 0
persist-credentials: falseComponent(s)
Continuous Integration
Describe the enhancement
Most
actions/checkoutsteps do not setpersist-credentials: false. Setting this option is a recommended best practice to avoid credentials being stored in the local git config after checkout.This affects 56 checkout steps across most workflow files. The
zizmortool can auto-fix these.Example
Before:
After:
Component(s)
Continuous Integration