From c7cc88bd55672e14148a8b5847e6a75f913e10f7 Mon Sep 17 00:00:00 2001 From: FarhanAnjum-opti Date: Fri, 27 Feb 2026 01:32:49 +0600 Subject: [PATCH 1/2] [FSSDK-12315] Add persist-credentials: false to all actions/checkout steps Prevent git credentials from being persisted in .git/config during GitHub Actions workflows, reducing the risk of accidental credential exposure through artifacts. --- .github/workflows/build.yml | 2 ++ .github/workflows/integration_test.yml | 1 + .github/workflows/java.yml | 6 +++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1cb2193c8..9ed2f0107 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,6 +23,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: set up JDK 8 uses: actions/setup-java@v2 with: diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml index 76fef5ad3..0d6fc346a 100644 --- a/.github/workflows/integration_test.yml +++ b/.github/workflows/integration_test.yml @@ -20,6 +20,7 @@ jobs: repository: 'optimizely/ci-helper-tools' path: 'home/runner/ci-helper-tools' ref: 'master' + persist-credentials: false - name: set SDK Branch if PR env: HEAD_REF: ${{ github.head_ref }} diff --git a/.github/workflows/java.yml b/.github/workflows/java.yml index 2438cb3d3..6373e1942 100644 --- a/.github/workflows/java.yml +++ b/.github/workflows/java.yml @@ -18,6 +18,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Ruby uses: ruby/setup-ruby@v1 with: @@ -55,7 +57,9 @@ jobs: steps: - name: checkout uses: actions/checkout@v4 - + with: + persist-credentials: false + - name: set up JDK ${{ matrix.jdk }} uses: actions/setup-java@v4 with: From 7e5bd77f47df512c0466a71e69774a3f104b921e Mon Sep 17 00:00:00 2001 From: FarhanAnjum-opti Date: Fri, 27 Feb 2026 01:33:10 +0600 Subject: [PATCH 2/2] [FSSDK-12315] Remove unused source_clear_cron workflow --- .github/workflows/source_clear_cron.yml | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 .github/workflows/source_clear_cron.yml diff --git a/.github/workflows/source_clear_cron.yml b/.github/workflows/source_clear_cron.yml deleted file mode 100644 index 54eca5358..000000000 --- a/.github/workflows/source_clear_cron.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Source clear - -on: - schedule: - # Runs "weekly" - - cron: '0 0 * * 0' - -jobs: - source_clear: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Source clear scan - env: - SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }} - run: curl -sSL https://download.sourceclear.com/ci.sh | bash -s – scan