ci: tighten security of checkout action

foosel · foosel · commit 606edf80e0b0 · 2026-03-04T16:36:08.000+01:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -20,7 +20,9 @@ jobs:
     name: 🔨 Build distribution
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: 🏗 Set up Python ${{ env.DEFAULT_PYTHON }}
         uses: actions/setup-python@v5
         with:
@@ -34,7 +36,9 @@ jobs:
     name: 🧹 Pre-commit
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: 🏗 Set up Python ${{ env.DEFAULT_PYTHON }}
         uses: actions/setup-python@v5
         with:
@@ -54,7 +58,9 @@ jobs:
         python: ["3.9", "3.10", "3.11", "3.12", "3.13"]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: 🏗 Set up Python ${{ matrix.python }}
         uses: actions/setup-python@v4
         with:
@@ -100,7 +106,9 @@ jobs:
         python: ["3.9", "3.10", "3.11", "3.12", "3.13"]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: 🏗 Set up Python ${{ matrix.python }}
         uses: actions/setup-python@v5
         with:
