[Infra] Disable credential persistence in GitHub Actions workflows#8374
[Infra] Disable credential persistence in GitHub Actions workflows#8374rlazo wants to merge 8 commits into
Conversation
Updated all CI/CD workflow files to set `persist-credentials: false` in the `actions/checkout` step. This security improvement prevents the checkout action from persisting the GITHUB_TOKEN in the local git configuration of the runner. Change generated using the [zizmor](https://github.com/zizmorcore/zizmor) tool
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. |
Pin the actions/upload-artifact dependency to a specific commit hash for the integration test report step to ensure build stability and security.
Updated all CI/CD workflow files to set
persist-credentials: falsein theactions/checkoutstep. This security improvement prevents the checkout action from persisting the GITHUB_TOKEN in the local git configuration of the runner.Change generated using the zizmor tool