Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't persist credentials when not needed, and save verbose test results
persist-credentials defaults to true (see actions/checkout#485). It looks like pull_request workflows run without token access, but it's not clear from https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ if that means persist-credentials doesn't leave a secret in the .git directory where a malicious PR could access it.
- Loading branch information