From eede71351571c60b87dbf9eefb7ddf2b11fb1354 Mon Sep 17 00:00:00 2001
From: NAHO <90870942+trueNAHO@users.noreply.github.com>
Date: Sun, 30 Mar 2025 17:04:23 +0200
Subject: [PATCH] ci: prevent unintentional credential persistence (#1074)

Link: https://woodruffw.github.io/zizmor/audits/#artipacked
---
 .github/workflows/check.yml | 2 ++
 .github/workflows/docs.yml  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index f63452b7..6dd691ea 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -31,6 +31,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - uses: DeterminateSystems/nix-installer-action@v16
 
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 666cc4b4..584d6aff 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -25,6 +25,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - uses: DeterminateSystems/nix-installer-action@v16