From dc29f60ce6f530d7a87d110af3115ae7b28f6bad Mon Sep 17 00:00:00 2001
From: Ben Darnell <ben@bendarnell.com>
Date: Wed, 30 Oct 2024 14:14:40 -0400
Subject: [PATCH] ci: Remove persist-credentials from our CI workflows

This mitigates a potential security risk identified by zizmor.
---
 .github/workflows/build.yml | 4 ++++
 .github/workflows/test.yml  | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 680bc2c2..3308fb72 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -26,6 +26,8 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-python@v5
         name: Install Python
         with:
@@ -51,6 +53,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-python@v5
         name: Install Python
         with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e947689c..2ec16083 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,6 +18,8 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-python@v5
         name: Install Python
         with:
@@ -65,6 +67,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-python@v5
         name: Install Python
         with:
@@ -88,6 +92,8 @@ jobs:
     runs-on: windows-2022
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-python@v5
         name: Install Python
         with: