From ced87d42062b9450a286fbcd9a15c598c9b88c43 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 6 Dec 2024 13:59:54 -0500
Subject: [PATCH] ci: use persist-credentials: false throughout

We already do this in most of the other Rustls crates, and Zizmor 0.7.0
flags[0] its absence in this repo.

[0]: https://woodruffw.github.io/zizmor/audits/#artipacked
---
 .github/workflows/build.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9ed9bf9..540db85 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,6 +15,8 @@ jobs:
         with:
           components: rustfmt
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: cargo fmt --all -- --check
   clippy:
     runs-on: ubuntu-latest
@@ -23,12 +25,16 @@ jobs:
         with:
           components: clippy
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: cargo clippy --locked --all-features --all-targets
   rustdoc:
     runs-on: ubuntu-latest
     steps:
       - uses: dtolnay/rust-toolchain@stable
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: cargo doc --locked --all-features
   build:
     name: "Build and test"
@@ -50,6 +56,8 @@ jobs:
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Install ${{ matrix.rust }} toolchain
         uses: dtolnay/rust-toolchain@master