From d844970d75034f6240dadd7106eeca8969743dfd Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 6 Dec 2024 13:49:56 -0500
Subject: [PATCH] ci: use persist-credentials: false throughout

We already do this in most of the other Rustls crates, and Zizmor 0.7.0
flags[0] its absence in this repo.

[0]: https://woodruffw.github.io/zizmor/audits/#artipacked
---
 .github/workflows/ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 128e00a..633e763 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,6 +13,8 @@ jobs:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: brew tap rustls/ci --custom-remote .
       - run: brew audit --online --strict rustls/ci/curl
 
@@ -20,6 +22,8 @@ jobs:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: brew tap rustls/ci --custom-remote .
       - run: brew reinstall --verbose rustls/ci/curl
       - run: brew test rustls/ci/curl
@@ -28,5 +32,7 @@ jobs:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: brew tap rustls/ci --custom-remote .
       - run: brew style rustls/ci/curl