diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index c129cf3c..12d1e46d 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -18,6 +18,8 @@ jobs: steps: - name: "Check out PR branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Run audit" run: | diff --git a/.github/workflows/cont_integration.yml b/.github/workflows/cont_integration.yml index 2f670df2..911084d9 100644 --- a/.github/workflows/cont_integration.yml +++ b/.github/workflows/cont_integration.yml @@ -22,9 +22,14 @@ jobs: steps: - name: "Checkout" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Generate cache key" - run: echo "${{ matrix.rust.version }} ${{ matrix.features }}" | tee .cache_key + env: + MATRIX_RUST_VERSION: ${{ matrix.rust.version }} + MATRIX_FEATURES: ${{ matrix.features }} + run: echo "$MATRIX_RUST_VERSION $MATRIX_FEATURES" | tee .cache_key - name: "Cache" uses: actions/cache@v3 @@ -36,7 +41,9 @@ jobs: key: ${{ runner.os }}-cargo-${{ hashFiles('.cache_key') }}-${{ hashFiles('**/Cargo.toml','**/Cargo.lock') }} - name: "Set default toolchain" - run: rustup default ${{ matrix.rust.version }} + env: + MATRIX_RUST_VERSION: ${{ matrix.rust.version }} + run: rustup default $MATRIX_RUST_VERSION - name: "Set profile" run: rustup set profile minimal @@ -67,6 +74,8 @@ jobs: steps: - name: "Checkout" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Set default toolchain" run: rustup default nightly diff --git a/.github/workflows/kotlin-api-docs.yaml b/.github/workflows/kotlin-api-docs.yaml index bb85fff6..4bf0c783 100644 --- a/.github/workflows/kotlin-api-docs.yaml +++ b/.github/workflows/kotlin-api-docs.yaml @@ -8,6 +8,8 @@ jobs: steps: - name: "Checkout" uses: actions/checkout@v3 + with: + persist-credentials: false - name: "Set up JDK 17" uses: actions/setup-java@v2 diff --git a/.github/workflows/live-tests.yaml b/.github/workflows/live-tests.yaml index c7fe7f2d..1bee26dd 100644 --- a/.github/workflows/live-tests.yaml +++ b/.github/workflows/live-tests.yaml @@ -11,6 +11,8 @@ jobs: steps: - name: "Checkout publishing branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Cache" uses: actions/cache@v3 @@ -42,6 +44,8 @@ jobs: steps: - name: "Checkout" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Build Swift package" working-directory: bdk-swift @@ -71,6 +75,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Rust 1.84.1" uses: actions-rs/toolchain@v1 diff --git a/.github/workflows/publish-android.yaml b/.github/workflows/publish-android.yaml index 3a407a27..4a386420 100644 --- a/.github/workflows/publish-android.yaml +++ b/.github/workflows/publish-android.yaml @@ -9,6 +9,8 @@ jobs: steps: - name: "Check out PR branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Cache" uses: actions/cache@v3 diff --git a/.github/workflows/publish-jvm.yaml b/.github/workflows/publish-jvm.yaml index 3b07493a..ae0bd688 100644 --- a/.github/workflows/publish-jvm.yaml +++ b/.github/workflows/publish-jvm.yaml @@ -8,6 +8,8 @@ jobs: steps: - name: "Checkout publishing branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Cache" uses: actions/cache@v3 @@ -42,6 +44,8 @@ jobs: steps: - name: "Checkout publishing branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Set up JDK" uses: actions/setup-java@v4 @@ -67,6 +71,8 @@ jobs: steps: - name: "Checkout publishing branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Cache" uses: actions/cache@v3 diff --git a/.github/workflows/publish-python.yaml b/.github/workflows/publish-python.yaml index f9fdbc91..c3a31997 100644 --- a/.github/workflows/publish-python.yaml +++ b/.github/workflows/publish-python.yaml @@ -26,6 +26,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Rust 1.84.1" uses: actions-rs/toolchain@v1 @@ -64,6 +65,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Python" uses: actions/setup-python@v4 @@ -103,6 +105,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Python" uses: actions/setup-python@v4 @@ -141,6 +144,8 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false + - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} @@ -167,6 +172,8 @@ jobs: steps: - name: "Checkout" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Download artifacts in dist/ directory" uses: actions/download-artifact@v4 diff --git a/.github/workflows/test-android.yaml b/.github/workflows/test-android.yaml index 29071558..33d20140 100644 --- a/.github/workflows/test-android.yaml +++ b/.github/workflows/test-android.yaml @@ -21,6 +21,8 @@ jobs: - name: "Check out PR branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Cache" uses: actions/cache@v3 diff --git a/.github/workflows/test-jvm.yaml b/.github/workflows/test-jvm.yaml index e6103007..90e6ccbb 100644 --- a/.github/workflows/test-jvm.yaml +++ b/.github/workflows/test-jvm.yaml @@ -16,6 +16,8 @@ jobs: steps: - name: "Check out PR branch" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Cache" uses: actions/cache@v3 diff --git a/.github/workflows/test-python.yaml b/.github/workflows/test-python.yaml index 5b5c5182..dcfda047 100644 --- a/.github/workflows/test-python.yaml +++ b/.github/workflows/test-python.yaml @@ -35,6 +35,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Rust 1.84.1" uses: actions-rs/toolchain@v1 @@ -80,6 +81,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Python" uses: actions/setup-python@v4 @@ -125,6 +127,8 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false + - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} @@ -168,6 +172,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Python" uses: actions/setup-python@v4 @@ -204,6 +209,7 @@ jobs: uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - name: "Install Ruff" run: curl -LsSf https://astral.sh/ruff/install.sh | sh diff --git a/.github/workflows/test-swift.yaml b/.github/workflows/test-swift.yaml index f21e5b94..4688180c 100644 --- a/.github/workflows/test-swift.yaml +++ b/.github/workflows/test-swift.yaml @@ -17,6 +17,8 @@ jobs: steps: - name: "Checkout" uses: actions/checkout@v4 + with: + persist-credentials: false - name: "Build Swift package" working-directory: bdk-swift