From df1aa4fe40fbd731fdfb1d6b8b301621267a6b63 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@electriccoin.co>
Date: Thu, 9 Jan 2025 16:09:43 +0000
Subject: [PATCH] CI: Opt out of credential persistence

We don't need to run authenticated git commands.
---
 .github/workflows/audits.yml |  4 ++++
 .github/workflows/book.yml   |  2 ++
 .github/workflows/ci.yml     | 28 ++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+)

diff --git a/.github/workflows/audits.yml b/.github/workflows/audits.yml
index a3f8d4214..bdac55418 100644
--- a/.github/workflows/audits.yml
+++ b/.github/workflows/audits.yml
@@ -14,6 +14,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@stable
         id: toolchain
       - run: rustup override set ${{steps.toolchain.outputs.name}}
@@ -25,6 +27,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: EmbarkStudios/cargo-deny-action@v2
         with:
           command: check licenses
diff --git a/.github/workflows/book.yml b/.github/workflows/book.yml
index c649b8941..88bfede44 100644
--- a/.github/workflows/book.yml
+++ b/.github/workflows/book.yml
@@ -10,6 +10,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
       - uses: dtolnay/rust-toolchain@nightly
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7df0bebae..85f125584 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -35,6 +35,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
         with:
@@ -92,6 +94,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
         with:
@@ -141,6 +145,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
         with:
@@ -194,6 +200,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
         with:
@@ -225,6 +233,8 @@ jobs:
         os: [ubuntu-latest, windows-latest, macOS-latest]
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
       - uses: actions/cache@v4
@@ -262,6 +272,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           path: crates
       # We use a synthetic crate to ensure no dev-dependencies are enabled, which can
       # be incompatible with some of these targets.
@@ -298,6 +309,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           path: crates
       # We use a synthetic crate to ensure no dev-dependencies are enabled, which can
       # be incompatible with some of these targets.
@@ -333,6 +345,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       # Build benchmarks to prevent bitrot
       - name: Build benchmarks
         run: cargo build --all --benches
@@ -342,6 +356,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
       - name: Run clippy
@@ -361,6 +377,8 @@ jobs:
     continue-on-error: true
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
       - uses: dtolnay/rust-toolchain@beta
@@ -387,6 +405,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
       - uses: actions/cache@v4
@@ -416,6 +436,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
       - run: cargo fetch
@@ -432,6 +454,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Check formatting
         run: cargo fmt --all -- --check
 
@@ -440,6 +464,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - id: prepare
         uses: ./.github/actions/prepare
       - name: Install protoc
@@ -462,6 +488,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Extract UUIDs
         id: extract
         run: |